Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

the Never ending loop of lenovo think pad edge 64bit


  • This topic is locked This topic is locked

#46
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
The recovery seems to be partially done as the hard drive was not formatted. That means the documents were no modified. I must assume the Recovery only acted on Windows' files.

Lets take a look at the Master Boot Record (MBR)

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

Also download the enclosed file and save it in the USB drive. Attached File  fixlist.txt   152bytes   84 downloads

Insert the USB drive into the ailing computer. Use the same USB port you did before.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.
  • 0

Advertisements


#47
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01
Ran by SYSTEM at 2012-06-11 15:34:28 Run:1
Running from G:\

==============================================


========= Dir /a /s C:\Users\Connor Biggs\AppData\Local\2e26c49f =========

The system cannot find the path specified.

========= End of CMD: =========


========= bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {c4bcfd5e-fcb5-11df-a11b-60eb69970856}
resumeobject {c4bcfd5d-fcb5-11df-a11b-60eb69970856}
displayorder {c4bcfd5e-fcb5-11df-a11b-60eb69970856}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 0
customactions 0x10000ba000001
0x54000001
custom:54000001 {572bcd55-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\tvtos\winpe.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description WinPE
osdevice ramdisk=[boot]\tvtos\winpe.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
nx OptIn
bootstatuspolicy IgnoreShutdownFailures
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {97184ba4-0ff7-11e0-9a51-5cac4cc93cc8}
device ramdisk=[Y:]\recovery\windowsre\winre.wim,{97184ba5-0ff7-11e0-9a51-5cac4cc93cc8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[Y:]\recovery\windowsre\winre.wim,{97184ba5-0ff7-11e0-9a51-5cac4cc93cc8}
systemroot \windows
nx OptIn
bootstatuspolicy IgnoreShutdownFailures
winpe Yes
custom:46000010 Yes

Windows Boot Loader
-------------------
identifier {c4bcfd5e-fcb5-11df-a11b-60eb69970856}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {97184ba4-0ff7-11e0-9a51-5cac4cc93cc8}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c4bcfd5d-fcb5-11df-a11b-60eb69970856}
nx OptIn
bootstatuspolicy IgnoreShutdownFailures

Resume from Hibernate
---------------------
identifier {c4bcfd5d-fcb5-11df-a11b-60eb69970856}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}
bootstatuspolicy IgnoreShutdownFailures

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
bootstatuspolicy IgnoreShutdownFailures
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {97184ba5-0ff7-11e0-9a51-5cac4cc93cc8}
description Ramdisk Options
ramdisksdidevice partition=Y:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

========= End of CMD: =========


========= G:\MbrFix64 /drive 0 savembr G:\MBRDUMP.txt =========


========= End of CMD: =========

Attached Files


  • 0

#48
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
There will be a serie of steps.

Step 1

Please download Listparts64 by farbar from here and save it to your flash drive.

Download the enclosed file: Attached File  fix.txt   114bytes   93 downloads
Save it also to your flash drive.

Enter System Recovery Option and run Listparts64.exe the same way you ran FRST64 (type g:\listparts64). Press Fix and wait until you get notified that the fix is done.

Step 2

Download the enclosed file and save it in the USB drive. Attached File  fixlist.txt   151bytes   80 downloads

Overwrite th existing one. Insert the USB drive into the ailing computer. Use the same USB port you did before.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP2.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP2.txt as it is a hex file.

Boot normally after the fix and let me now if able to.
  • 0

#49
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
.... i am forever in your debt sir my computer loaded and is logging into my admin as I type My computer is working and is running extreamly well thank you so much for your help and everyhting that you have done expecialy your patience you sir are a great man once again thank you so much
also here is the last long (PS the USB drive became currupted so i had to run it the list piece 2x becuase it didnt finissh the first time.)

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01
Ran by SYSTEM at 2012-06-11 18:37:59 Run:5
Running from G:\

==============================================


========= Dir /a /s "C:\Users\Connor Biggs\AppData\Local\2e26c49f" =========

Volume in drive C is Windows7_OS
Volume Serial Number is 98DE-20F2

Directory of C:\Users\Connor Biggs\AppData\Local\2e26c49f

06/10/2012 03:24 PM <DIR> .
06/10/2012 03:24 PM <DIR> ..
10/23/2011 03:43 AM 2,048 @
06/10/2012 03:24 PM <DIR> U
10/23/2011 03:43 AM 0 X
2 File(s) 2,048 bytes

Directory of C:\Users\Connor Biggs\AppData\Local\2e26c49f\U

06/10/2012 03:24 PM <DIR> .
06/10/2012 03:24 PM <DIR> ..
10/23/2011 03:43 AM 0 [email protected]
10/23/2011 03:43 AM 0 [email protected]
2 File(s) 0 bytes

Total Files Listed:
4 File(s) 2,048 bytes
5 Dir(s) 340,225,232,896 bytes free

========= End of CMD: =========


========= bcdedit /enum all =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {c4bcfd5d-fcb5-11df-a11b-60eb69970856}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 0
customactions 0x10000ba000001
0x54000001
custom:54000001 {572bcd55-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\tvtos\winpe.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description WinPE
osdevice ramdisk=[boot]\tvtos\winpe.wim,{ramdiskoptions}
systemroot \windows
nx OptIn
bootstatuspolicy IgnoreShutdownFailures
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[Y:]\recovery\windowsre\winre.wim,{97184ba5-0ff7-11e0-9a51-5cac4cc93cc8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[Y:]\recovery\windowsre\winre.wim,{97184ba5-0ff7-11e0-9a51-5cac4cc93cc8}
systemroot \windows
nx OptIn
bootstatuspolicy IgnoreShutdownFailures
winpe Yes

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c4bcfd5d-fcb5-11df-a11b-60eb69970856}
nx OptIn
bootstatuspolicy IgnoreShutdownFailures

Resume from Hibernate
---------------------
identifier {c4bcfd5d-fcb5-11df-a11b-60eb69970856}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
bootstatuspolicy IgnoreShutdownFailures

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
bootstatuspolicy IgnoreShutdownFailures
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {97184ba5-0ff7-11e0-9a51-5cac4cc93cc8}
description Ramdisk Options
ramdisksdidevice partition=Y:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

========= End of CMD: =========


========= G:\MbrFix64 /drive 0 savembr G:\MBRDUMP2.txt =========


========= End of CMD: =========


==== End of Fixlog ====

Attached Files


  • 0

#50
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
It was a boot partition infection. I had the help of farbar, the tool developer. Many thanks for his assistance.

We still have Zero Access in the computer.

Download the enclosed file: Attached File  fixlist.txt   58bytes   73 downloads

Save it in the USB drive, overwriting the existing one.

Run FRST as you did before, click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it in your next reply.

If successful, boot in Normal mode and run Combofix as follows:

Combofix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#51
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I have no way of getting back to recovery zone i was in the CD will not run on the labtop once it is open and it would apear when the system was unoprative the CD will also not remove me from the boot nor will F1 or F8 allow me to get back to where i was i was using this from after resoremode after the boot failed and have no idea how to get backtheir now or of how to get their now and the fixlist will not run off the opend and running computer

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01
Ran by John Connor Biggs at 2012-06-11 19:07:46 Run:6
Running from D:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

C:\Users\Connor Biggs\AppData\Local\2e26c49f moved successfully.

==== End of Fixlog ====

Edited by Jbiggs, 11 June 2012 - 07:16 PM.

  • 0

#52
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
Despite the lack of the Repair console, the folder was removed. Are you still able to boot into Normal Mode?
  • 0

#53
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
yes i am able to boot in normal mode
  • 0

#54
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
well my computer fell asleep running combo fix and combofix is 4 diffrent places and i see the immage flying all over the screen in no particujlar pattern and its acting like it wants to load
  • 0

#55
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ok i have no controll of my desktop it is not on task manager and nothing is working AND its also trying to load or do something to cmd prompt
  • 0

Advertisements


#56
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ok on my othere admin user I can se combofix and it saysa "Preparing Log Report.
Do not run any programs untill combofix is finished"
  • 0

#57
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ok i managed to stop combofix and restart it i will give you my report once it has finished
  • 0

#58
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ComboFix 12-06-11.04 - Connor Biggs 06/11/2012 21:45:39.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2462 [GMT -6:00]
Running from: c:\users\John Connor Biggs\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3UNPAT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\program files (x86)\VooMuu\bin\1.0.33.0\copyright.txt
c:\program files (x86)\VooMuu\bin\1.0.33.0\VooMuuSACB.exe
c:\programdata\39378680
c:\programdata\52f72ba5m8cxka2f5563q44guio0fnkm0d0q
c:\programdata\SPL538B.tmp
c:\programdata\SPL5CC2.tmp
c:\programdata\SPLC518.tmp
c:\programdata\VooMuuSA\VooMuuSA.dat
c:\programdata\VooMuuSA\VooMuuSA_kyf.dat
c:\programdata\VooMuuSA\VooMuuSAau.dat
c:\users\Connor Biggs\AppData\Local\{3AB3E55B-A6C4-44B7-8BE7-C1D03C9D69DD}\chrome.manifest
c:\users\Connor Biggs\AppData\Local\{3AB3E55B-A6C4-44B7-8BE7-C1D03C9D69DD}\chrome\content\_cfg.js
c:\users\Connor Biggs\AppData\Local\{3AB3E55B-A6C4-44B7-8BE7-C1D03C9D69DD}\chrome\content\overlay.xul
c:\users\Connor Biggs\AppData\Local\{3AB3E55B-A6C4-44B7-8BE7-C1D03C9D69DD}\install.rdf
c:\users\Connor Biggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\{07A4F327-EC51-43CE-B812-D6ADF83450D2}.xps
c:\users\Connor Biggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0DE426A6-9A2B-47D1-A421-8A67AB01B276}.xps
c:\users\Connor Biggs\Documents\~WRL0003.tmp
c:\users\Connor Biggs\Taskmgr.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\f3PSSavr.scr
c:\windows\SysWow64\odbcad32.exe
c:\windows\system32\fxsst.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 03:59 . 2012-06-12 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 03:33 . 2012-06-12 03:33 -------- d-----w- c:\users\John Connor Biggs\AppData\Roaming\PwrMgr
2012-06-12 01:53 . 2011-11-21 10:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-12 01:53 . 2012-05-08 16:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{535079A3-8250-4883-8375-BE5FA9757439}\mpengine.dll
2012-06-12 01:39 . 2012-06-12 03:59 -------- d-----w- c:\users\Connor Biggs\AppData\Local\temp
2012-06-12 00:49 . 2012-06-12 00:49 -------- d-----w- c:\users\John Connor Biggs\AppData\Local\Apple
2012-06-11 06:44 . 2012-06-11 06:45 -------- d-----w- C:\FRST
2012-05-30 19:59 . 2012-05-30 19:59 4966600 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ------w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{981e53ba-6df4-4d99-8c33-6c398f5c139e}]
2010-12-09 19:51 3911776 ------w- c:\program files (x86)\ProfileSong\tbProf.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{981e53ba-6df4-4d99-8c33-6c398f5c139e}"= "c:\program files (x86)\ProfileSong\tbProf.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{981e53ba-6df4-4d99-8c33-6c398f5c139e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-02 39408]
"Facebook Update"="c:\users\Connor Biggs\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-12 137536]
"Skype"="c:\users\Connor Biggs\Desktop\Skype.exe" [2011-01-27 15026056]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-10-04 1631296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-18 1083680]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [2010-04-15 45736]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-10-04 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-10-04 175168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-07-15 199272]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154539003-3659347804-3267415899-1000Core.job
- c:\users\Connor Biggs\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 01:32]
.
2012-06-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154539003-3659347804-3267415899-1000UA.job
- c:\users\Connor Biggs\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 01:32]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 07:19]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 07:19]
.
2012-06-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-06-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-15 11049576]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Connor Biggs\AppData\Roaming\Mozilla\Firefox\Profiles\mt91m29m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm3158UUS&ptb=D2VKKxxH4wn0e1quPw19Kg&ind=2011051417&ptnrS=ZLxdm3158UUS&si=100290&n=77de3599&psa=&st=kwd&searchfor=
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{981E53BA-6DF4-4D99-8C33-6C398F5C139E} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-combofix - c:\combofix\CF23965.3XE
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-11 22:23:37
ComboFix-quarantined-files.txt 2012-06-12 04:23
.
Pre-Run: 335,733,522,432 bytes free
Post-Run: 335,124,316,160 bytes free
.
- - End Of File - - 79BFCDBE6B05F4984778C2B7DF029D0C
  • 0

#59
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
Please open this file in Notepad and post its contents in your next reply:

C:\Qoobox\ComboFix-quarantined-files.txt

Lets scan for remnants:

Malwarebytes' Anti-Malware

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#60
Jbiggs

Jbiggs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
2012-06-12 04:22:19 . 2012-06-12 04:22:19 996 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Search Toolbar.reg.dat
2012-06-12 04:21:59 . 2012-06-12 04:21:59 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-combofix.reg.dat
2012-06-12 04:21:48 . 2012-06-12 04:21:48 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2012-06-12 04:21:31 . 2012-06-12 04:21:31 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2012-06-12 04:21:31 . 2012-06-12 04:21:31 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat
2012-06-12 04:21:31 . 2012-06-12 04:21:31 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{981E53BA-6DF4-4D99-8C33-6C398F5C139E}.reg.dat
2012-06-12 04:21:30 . 2012-06-12 04:21:30 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-06-12 04:17:11 . 2012-06-12 04:17:11 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-06-12 01:31:08 . 2012-06-12 01:31:08 1,140 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MyWebSearchService.reg.dat
2012-06-12 01:30:51 . 2012-06-12 03:49:50 7,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-06-12 01:22:54 . 2012-06-12 03:44:34 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-10-30 23:17:18 . 2011-10-30 23:17:18 487,288 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\SPLC518.tmp.vir
2011-10-30 04:33:38 . 2011-10-30 04:33:39 13,744 ----a-w- C:\Qoobox\Quarantine\C\Users\Connor Biggs\Documents\~WRL0003.tmp.vir
2011-10-28 23:22:10 . 2011-10-28 23:22:10 1,187,137 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\SPL538B.tmp.vir
2011-10-28 01:12:05 . 2011-10-28 01:12:05 487,288 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\SPL5CC2.tmp.vir
2011-10-23 21:05:44 . 2011-10-23 21:05:44 38,456 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3UNPAT.DLL.vir
2011-10-23 11:43:46 . 2009-07-14 01:39:47 257,024 ----a-w- C:\Qoobox\Quarantine\C\Users\Connor Biggs\Taskmgr.exe.vir
2011-09-18 04:07:29 . 2011-09-18 04:07:14 22,731,827 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\VooMuuSA\VooMuuSA_kyf.dat.vir
2011-09-18 03:46:32 . 2011-09-18 03:46:16 80,942 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\VooMuuSA\VooMuuSAau.dat.vir
2011-09-18 03:45:47 . 2011-09-19 23:12:43 2,209 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\VooMuuSA\VooMuuSA.dat.vir
2011-09-16 19:02:12 . 2011-09-16 19:02:12 261,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\VooMuu\bin\1.0.33.0\VooMuuSACB.exe.vir
2011-09-16 19:00:14 . 2011-09-16 19:00:14 4,738 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\VooMuu\bin\1.0.33.0\copyright.txt.vir
2011-08-29 15:33:57 . 2011-10-23 21:05:44 30,280 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PATCH.DLL.vir
2011-08-29 15:33:57 . 2011-10-23 21:05:44 46,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3FFTBPR.DLL.vir
2011-08-25 01:40:44 . 2011-08-25 01:40:44 522,600 ----a-w- C:\Qoobox\Quarantine\C\Users\Connor Biggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0DE426A6-9A2B-47D1-A421-8A67AB01B276}.xps.vir
2011-08-25 01:33:42 . 2011-08-25 01:33:42 522,592 ----a-w- C:\Qoobox\Quarantine\C\Users\Connor Biggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\{07A4F327-EC51-43CE-B812-D6ADF83450D2}.xps.vir
2011-06-27 21:49:48 . 2011-06-27 21:51:14 8,922 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\52f72ba5m8cxka2f5563q44guio0fnkm0d0q.vir
2011-06-26 21:06:36 . 2011-06-26 21:06:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Connor Biggs\AppData\Local\{3AB3E55B-A6C4-44B7-8BE7-C1D03C9D69DD}\chrome\content\overlay.xul.vir
2011-06-26 21:06:36 . 2011-06-26 21:06:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Connor Biggs\AppData\Local\{3AB3E55B-A6C4-44B7-8BE7-C1D03C9D69DD}\chrome\content\_cfg.js.vir
2011-06-26 21:06:35 . 2011-06-26 21:06:36 764 ----a-w- C:\Qoobox\Quarantine\C\Users\Connor Biggs\AppData\Local\{3AB3E55B-A6C4-44B7-8BE7-C1D03C9D69DD}\install.rdf.vir
2011-06-26 21:06:35 . 2011-06-26 21:06:35 122 ----a-w- C:\Qoobox\Quarantine\C\Users\Connor Biggs\AppData\Local\{3AB3E55B-A6C4-44B7-8BE7-C1D03C9D69DD}\chrome.manifest.vir
2011-06-06 20:15:59 . 2011-06-06 20:16:00 344 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\39378680.vir
2011-05-14 21:57:53 . 2011-10-23 21:05:44 24 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 10,134 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 12,782 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 56,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 56,438 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 66,726 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 113,081 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 243,509 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 155,471 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 149,817 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 122,747 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 43,287 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 272,367 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 106,998 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 129,559 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 71,675 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 301,118 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 87,778 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 447,767 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 330,710 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 89,655 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S.vir
2011-05-14 21:57:52 . 2011-05-14 21:57:52 3,844 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR.vir
2011-05-14 21:57:50 . 2011-05-14 21:57:49 38,320 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 42,416 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 30,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 58,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 34,320 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 50,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 38,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 398,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 46,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 816,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 83,472 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 38,320 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 30,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 34,336 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 63,000 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 140,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 79,368 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 22,032 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 22,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 161,296 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 95,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 34,224 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 38,320 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 30,232 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 42,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 22,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 26,032 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 3,343 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG.vir
2011-05-14 21:57:49 . 2011-10-23 21:05:44 716 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 5,446 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 305 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 308,656 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 30,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 91,656 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 34,328 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 189,872 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 132,616 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 38,320 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 38,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 83,464 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 165,368 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 30,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 91,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 284,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 133 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 139,130 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG.vir
2011-05-14 21:57:49 . 2011-05-14 21:57:49 144,816 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir
2011-01-02 07:20:01 . 2010-04-08 14:52:20 45,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir
2011-01-02 07:20:01 . 2010-04-08 14:52:20 271,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir
2010-11-30 19:35:56 . 2007-09-19 22:41:12 4,096 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Thumbs.db.vir
2010-11-30 19:17:02 . 2010-11-30 19:16:58 432,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\jucheck.exe.vir
2010-11-30 19:17:02 . 2010-11-30 19:16:58 172,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\jusched.exe.vir
2010-04-08 14:52:20 . 2010-04-08 14:52:20 110,376 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUninstall.exe.vir
2010-01-26 21:05:16 . 2010-01-26 21:05:16 25,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\icon.ico.vir
2009-11-12 15:34:08 . 2009-11-12 15:34:08 4,839 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Blinkx\templates\index.html.vir
2009-11-12 15:31:08 . 2009-11-12 15:31:08 719 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Blinkx\templates\noflash.html.vir
2009-09-18 14:52:06 . 2009-09-18 14:52:06 578 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Blinkx\templates\offline.html.vir
2009-09-18 14:52:06 . 2009-09-18 14:52:06 83,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Blinkx\templates\offline.swf.vir
2009-07-14 00:11:56 . 2009-07-14 01:14:28 86,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\odbcad32.exe.vir
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP