HELP!

system · 2007-06-04T05:26:50.000Z

Personal" - 2007-06-04 13:06:13 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Personal\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

“C:\Program Files\Internet Explorer\PLUGINS\system64.jmp”
“C:\WINDOWS\system32\4.exe”
“C:\WINDOWS\system32\ad_1993.exe”
“C:\WINDOWS\DOWNLO~1\Cns02.dat”
“C:\WINDOWS\DOWNLO~1\CnsHint.cab”
“C:\WINDOWS\DOWNLO~1\cnshint.dll”
“C:\WINDOWS\DOWNLO~1\CnsHook.dll.1.log”
“C:\WINDOWS\DOWNLO~1\CnsHook.dll.2.log”
“C:\WINDOWS\DOWNLO~1\cnsio.dll”
“C:\WINDOWS\DOWNLO~1\CnsMin.ini”
“C:\WINDOWS\DOWNLO~1\CnsMinAL.cab”
“C:\WINDOWS\DOWNLO~1\CnsMinCg.ini”
“C:\WINDOWS\DOWNLO~1\CnsMinDT.cab”
“C:\WINDOWS\DOWNLO~1\CnsMinDT.dll”
“C:\WINDOWS\DOWNLO~1\CnsMinEx.cab”
“C:\WINDOWS\DOWNLO~1\CnsMinEx.ini”
“C:\WINDOWS\DOWNLO~1\CnsMinHK.cab”
“C:\WINDOWS\DOWNLO~1\CnsMinIO.cab”
“C:\WINDOWS\DOWNLO~1\CnsMinIO.dll”
“C:\WINDOWS\DOWNLO~1\CnsMinUp.cab”
“C:\WINDOWS\DOWNLO~1\CnsPlus.cab”
“C:\WINDOWS\DOWNLO~1\cnsplus.dll”
“C:\WINDOWS\DOWNLO~1\CnsUp.ini”
“C:\WINDOWS\system32\DD95F06E.dat”
“C:\WINDOWS\system32\wbem\cmwrj.dll”
“C:\WINDOWS\system32\drivers\yaskp.sys”
“C:\WINDOWS\system32\Packet.dll”
“C:\WINDOWS\system32\WanPacket.dll”
“C:\WINDOWS\system32\wpcap.dll”
“C:\Program Files\yahoo!\assist~1\yal01.dat”
“C:\Program Files\yahoo!\assist~1\yalive.dll”
“C:\Program Files\yahoo!\assist~1\yaLive.dll.1.log”
“C:\Program Files\yahoo!\assist~1\yalive3.ini”
“C:\Program Files\yahoo!\assist~1\yalLiveEx.dll”
“C:\Program Files\yahoo!\assist~1\yalvsw3.ini”
“C:\Program Files\yahoo!\assist~1\yassistse.exe”
“C:\Program Files\yahoo!\assist~1\yckrule.dat”
“C:\Program Files\yahoo!\assist~1\yckrule.ini”
“C:\Program Files\yahoo!\assist~1\yClickOn.dll”
“C:\Program Files\yahoo!\assist~1\yclickonup.dll”
“C:\Program Files\yahoo!\assist~1\yhelper.dll”
“C:\Program Files\yahoo!\assist~1\ylive.exe”
“C:\Program Files\yahoo!\assist~1\YLive.exe.1.log”
“C:\Program Files\yahoo!\assist~1\yNotifier.dll”
“C:\Program Files\yahoo!\assist~1\yscrblock.dll”
“C:\Program Files\yahoo!\assist~1\Assist\filter.ini”
“C:\Program Files\yahoo!\assist~1\Assist\float.gif”
“C:\Program Files\yahoo!\assist~1\Assist\myrss.xml”
“C:\Program Files\yahoo!\assist~1\Assist\notify.wav”
“C:\Program Files\yahoo!\assist~1\Assist\sound.wav”
“C:\Program Files\yahoo!\assist~1\Assist\yadfilter.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yadwreg.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yangling.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yasbar.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yasbar.dll.1.log”
“C:\Program Files\yahoo!\assist~1\Assist\yasbar0.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yascenter.exe”
“C:\Program Files\yahoo!\assist~1\Assist\yasctrlh.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yasfsks.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yasierres.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yasiesec.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yaskpsec.dat”
“C:\Program Files\yahoo!\assist~1\Assist\yasnoad.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yasrdd.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yasrde.exe”
“C:\Program Files\yahoo!\assist~1\Assist\yassecblk.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yassisres.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yassist.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yassistex.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yassistn3.ini”
“C:\Program Files\yahoo!\assist~1\Assist\yassistnsw3.ini”
“C:\Program Files\yahoo!\assist~1\Assist\yaswiper.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ycnsdtu.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ydragsearch.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yeheocx.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yhelperup.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yieacore.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yieares.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yieaUI.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yiebwlist.dat”

system · 2007-06-04T06:15:24.000Z

“C:\Program Files\yahoo!\assist~1\Assist\yierepairn.dat”
“C:\Program Files\yahoo!\assist~1\Assist\yiesetres.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ykeepmain.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ykern.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ymailp.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ymyweb.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yoptimum.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yphishbrule.dat”
“C:\Program Files\yahoo!\assist~1\Assist\yphishrule.dat”
“C:\Program Files\yahoo!\assist~1\Assist\yphotoseasy.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yphtb.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yprockg.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yrepair.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yrss.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ysearch.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ysearch.dll.1.log”
“C:\Program Files\yahoo!\assist~1\Assist\ysettings.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yupdateok.dll”
“C:\Program Files\yahoo!\assist~1\Assist\ywiper.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yxpstyle.dll”
“C:\Program Files\yahoo!\assist~1\Assist\yzsnetproto.dll”
“C:\Program Files\yahoo!\assist~1\Assist\profile\1.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\10.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\11.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\13.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\14.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\15.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\16.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\17.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\18.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\19.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\20.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\22.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\23.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\24.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\3.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\6.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\7.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\8.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\9.gif”
“C:\Program Files\yahoo!\assist~1\Assist\profile\profile.xml”

system · 2007-06-04T06:16:36.000Z

“C:\Program Files\yahoo!\assist~1\Assist\Update\yascenter.exe”
“C:\Program Files\yahoo!\assist~1\Assist\Update\yassisres.dll”
“C:\Program Files\yahoo!\assist~1\Assist\Update\yphotoseasy.dll”
“C:\Program Files\yahoo!\assist~1\Assist\Update\yzsnetproto.dll”
“C:\Program Files\yahoo!\assist~1\Shell\yAsMenu.dll”
“C:\Program Files\yahoo!\assist~1\Shell\yAssecblk.dll”
“C:\Program Files\yahoo!\assist~1\Shell\yIEAngel.dll”
“C:\Program Files\yahoo!\assist~1\Shell\yMenuInfo.dll”
“C:\Program Files\yahoo!\assist~1\Shell\ysp.exe”
“C:\Program Files\yahoo!\assist~1\Update\yalliveex.dll”
“C:\Program Files\yahoo!\assist~1\Update\ynotifier.dll”
“C:\Program Files\yahoo!\assist~1\Update\yscrblock.dll”
“C:\Program Files\kktone\dmfa.dll”
“C:\Program Files\kktone\irunin.bmp”
“C:\Program Files\kktone\irunin.dat”
“C:\Program Files\kktone\irunin.ini”
“C:\Program Files\kktone\irunin.lng”
“C:\Program Files\kktone\KKTone.exe”
“C:\Program Files\kktone\KKTONE.ini”
“C:\Program Files\kktone\KKToneAgent.exe”
“C:\Program Files\kktone\KKTone_vis.dll”
“C:\Program Files\kktone\ktoc.dll”
“C:\Program Files\kktone\mfc71u.dll”
“C:\Program Files\kktone\msvcp71.dll”
“C:\Program Files\kktone\msvcr71.dll”
“C:\Program Files\kktone\TSConvert2U.dll”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\AdList”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\adsend”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\adshow.dat”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\AllUrlList”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\GetADID”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\GetADParameter”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\GetAdType”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\pluglist.xml”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\RelateKey”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\ThirdSoftInfo2”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\windows1.log”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\windows2.log”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo~lu.dat”
“C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\kktone\Uninstall KKTONE.lnk”
“C:\WINDOWS\DOWNLO~1.\keepmain.dll”
“C:\WINDOWS\DOWNLO~1.\keepmainm.cab”
“C:\WINDOWS\DOWNLO~1.\sms.ico”
“C:\WINDOWS\DOWNLO~1.\taobao.ico”
“C:\WINDOWS\DOWNLO~1.\yahoomsg.ico”
“C:\WINDOWS\DOWNLO~1.\ymail.ico”
“C:\Program Files\internet explorer\iexplore.win”
“C:\WINDOWS\system32\d3d1caps.srg”
“C:\WINDOWS\system32\death.sishen”
“C:\WINDOWS\system32\drivers\acpidisk.sys”
“C:\WINDOWS\system32\mprmsgse.axz”
“C:\WINDOWS\system32\mscpx32r.det”
“C:\WINDOWS\system32\mywebhit.ini”
“C:\WINDOWS\system32\mywebhit.ini.tmp”
“C:\WINDOWS\system32\svch0st.exe”
“C:\WINDOWS\system32\zt.dll”
“C:\WINDOWS\hitpop_tmp.txt”
“C:\WINDOWS\install.exe”
“C:\WINDOWS\qqiehelper.dll”
“C:\WINDOWS\sysdn.ini”
“C:\WINDOWS\Kvsc3.exe”
“C:\WINDOWS\system32\Kvsc3.dll”
“C:\WINDOWS\system32\drivers\npf.sys”
“C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Microsoft\PCTools”
“C:\Program Files\cnnic”
“C:\Program Files\yahoo!\assist~1”
“C:\Program Files\kktone”
“C:\DOCUME~1\Personal\APPLIC~1.\cuckoo”
“C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\kktone”
“C:\WINDOWS\DOWNLO~1.\Update”
“C:\WINDOWS\system32\drivers\uovwrl.sys”
“C:\WINDOWS\system32\uovwrl.dll”

system · 2007-06-04T06:17:11.000Z

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ACPIDISK
-------\LEGACY_CDNPROT
-------\LEGACY_CELINDRV
-------\LEGACY_CNSMINKP
-------\LEGACY_ISPONER
-------\LEGACY_MSDEBUGSVC
-------\LEGACY_NPF
-------\LEGACY_RELATIONS
-------\LEGACY_UOVWRL
-------\LEGACY_YASKP
-------\acpidisk
-------\CelInDrv
-------\CnsMinKP
-------\iSPONER
-------\NPF
-------\uovwrl
-------\yaskp

((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 ))))))))))))))))))))))))))))))))))

2007-06-04 13:18 3,814 --a------ C:\WINDOWS\system32\3.exe
2007-06-04 13:18 14,848 C:\WINDOWS\system32\2.exe
2007-06-04 13:13 d-------- C:\DOCUME~1\Personal\APPLIC~1\Cuckoo
2007-06-03 17:50 d-------- C:\Program Files\Crawler
2007-06-03 17:06 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Spyware Terminator
2007-06-03 17:05 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-03 16:59 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-06-03 16:59 d-------- C:\Program Files\Spyware Terminator
2007-06-03 16:59 d-------- C:\DOCUME~1\Personal\APPLIC~1\Spyware Terminator
2007-06-03 16:59 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-06-03 16:49 15,432 --a------ C:\WINDOWS\system32\dnnimq.dll
2007-06-03 16:47 8,727 --a------ C:\WINDOWS\lpdwzn.exe
2007-06-03 16:40 15,432 --a------ C:\WINDOWS\system32\lxyrjn.dll
2007-06-03 14:38 8,727 --a------ C:\WINDOWS\csmsmt.exe
2007-06-02 22:03 8,727 --a------ C:\WINDOWS\jttlsm.exe
2007-06-02 19:48 8,727 --a------ C:\WINDOWS\czbpnz.exe
2007-06-02 19:48 15,432 --a------ C:\WINDOWS\system32\zwwtvs.dll
2007-06-02 14:15 8,727 --a------ C:\WINDOWS\zfdfds.exe
2007-06-02 14:14 10,752 --a------ C:\WINDOWS\system32\ztinetzt.dll
2007-06-02 13:38 8,727 --a------ C:\WINDOWS\nujdxh.exe
2007-06-02 13:37 104 --a------ C:\WINDOWS\system32\Deleteme.bat
2007-06-02 13:07 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-02 13:07 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-02 13:07 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-02 13:07 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-02 13:07 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-02 13:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-02 13:07 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-02 13:07 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-02 13:02 d-------- C:\DOCUME~1\Personal\APPLIC~1\Comodo
2007-06-02 12:57 8,727 --a------ C:\WINDOWS\wazuxr.exe
2007-06-02 12:32 11,192 --a------ C:\WINDOWS\system32\drivers\gsrypjdt.sys
2007-06-02 12:27 8,727 --a------ C:\WINDOWS\xuuypb.exe
2007-06-02 12:27 8,436 --a------ C:\WINDOWS\system32\ztinetzt.exe
2007-06-02 12:21 d-------- C:\Program Files\Sunbelt Software
2007-05-28 16:29 113,364 --a------ C:\WINDOWS\system32\d02.exe
2007-05-26 11:18 d-------- C:\Program Files\GrandChase
2007-05-26 08:47 8,192 --a------ C:\WINDOWS\system32\nwizAsktao.dll
2007-05-25 12:09 6,656 —h----- C:\WINDOWS\system32\RAVMY523.dll
2007-05-09 18:22 d-------- C:\FunTown
2007-05-09 18:04 d-------- C:\Program Files\Crazy.com.tw
2007-05-05 13:10 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-05-05 13:07 d-------- C:\Program Files\Gamania
2007-05-04 22:21 d-------- C:\Temp

system · 2007-06-04T06:17:49.000Z

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-04 05:18:58 279,638 ----a-w C:\WINDOWS\system32\7.exe
2007-06-04 05:18:54 49,152 ----a-w C:\WINDOWS\system32\qwetop.exe
2007-06-04 05:13:26 -------- d-----w C:\Program Files\Yahoo!
2007-06-04 04:36:47 15,432 ----a-w C:\WINDOWS\system32\upxdnd.dll
2007-06-03 08:51:27 11,264 ----a-w C:\WINDOWS\system32\nwizhx2.dll
2007-06-03 08:51:24 8,996 ----a-w C:\WINDOWS\system32\nwizhx2.exe
2007-06-03 08:49:52 16,965 ----a-w C:\WINDOWS\upxdnd.exe
2007-06-03 08:49:50 8,240 ----a-w C:\WINDOWS\system32\mydata.exe
2007-06-03 07:06:28 16,896 ----a-w C:\WINDOWS\system32\moyu103.dll
2007-06-02 04:51:11 -------- d-----w C:\Program Files\MSN Messenger
2007-05-26 00:48:00 9,216 ----a-w C:\WINDOWS\system32\dh2103.dll
2007-05-26 00:47:56 7,360 --sha-w C:\WINDOWS\system32\nwizdh.exe
2007-05-24 08:29:51 -------- d-----w C:\DOCUME~1\Personal\APPLIC~1\Google
2007-05-23 09:09:49 377,856 ----a-w C:\WINDOWS\system32\netexe.exe
2007-05-09 10:04:24 -------- d–h–w C:\Program Files\InstallShield Installation Information
2007-04-26 02:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
2007-04-26 02:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
2007-04-13 13:50:48 -------- d-----w C:\Program Files\CP
2007-04-11 07:38:26 -------- d-----w C:\Program Files\METAL SLUG 3
2007-04-04 10:20:06 -------- d-----w C:\Program Files\hero
2007-03-31 04:44:42 286,720 ----a-w C:\WINDOWS\iun506.exe
2007-03-20 09:25:01 20 —ha-r C:\WINDOWS\assist.dat
2007-03-08 11:44:23 3,082 ----a-w C:\WINDOWS\system32\affv9869p2now.sys
2007-02-12 00:42:53 651,264 --sh–w C:\WINDOWS\system32_rejoice44.exe
2005-02-14 10:42:02 20,480 --sh–w C:\WINDOWS\system32\gomvet.exe
2005-02-14 10:41:55 38,912 --sh–w C:\WINDOWS\system32\servet.exe
2004-08-04 09:36:31 30,208 --sh–w C:\WINDOWS\system32\bbqpri.dll
1900-05-26 00:47:33 7,388 --sha-w C:\WINDOWS\system32\nwizAsktao.exe
1900-05-26 00:47:29 12,800 --sha-w C:\WINDOWS\AVPSrv.exe

system · 2007-06-04T06:18:31.000Z

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}=C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2007-05-24 05:14]
{54EBD53A-9BC1-480B-966A-843A333CA162}=C:\WINDOWS\QQIEHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 10:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe” [2004-10-14 10:11]
“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2004-09-23 13:41]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 17:41]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-11-17 16:56]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 23:42]
“SpywareTerminator”=“C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe” [2007-06-03 16:59]
“rxsa”=“C:\DOCUME~1\Personal\LOCALS~1\Temp\rxso.exe” [2007-06-04 13:18]
“qjsa”=“C:\DOCUME~1\Personal\LOCALS~1\Temp\qjso.exe” [2007-06-04 13:18]
“mhsa”=“C:\DOCUME~1\Personal\LOCALS~1\Temp\mhso.exe” [2007-06-04 13:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 09:07]
“msnmsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:54]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“4jbbhd”=C:\WINDOWS\TEMP\c0nime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
“RavMon”=C:\DOCUME~1\Personal\LOCALS~1\Temp\RavMonD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}”=“C:\WINDOWS\system32\msacn.dll” [2004-08-04 09:07]
“{62A612A4-4334-4424-4234-42261A31A238}”=“C:\WINDOWS\system32\bbqpri.dll” [2004-08-04 17:36]
“{27622928-28E4-115D-40A0-0BBFE89C54D6}”=“C:\WINDOWS\system32\zt.DLL”
“{DE35052A-9E37-4827-A1EC-79BF400D27A4}”=“C:\Program Files\Internet Explorer\PLUGINS\System64.aaa” [1900-02-14 18:42]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^百度下吧.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\百度下吧.lnk
backup=C:\WINDOWS\pss\百度下吧.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BaiduXUpdate]
“C:\Program Files\Baidu\BaiduX\MovieUpdate.exe” --Update

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DinerDashFotGSetup.exe]
C:\DOCUME~1\Personal\Desktop\DINERD~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\helper.dll]
C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
“C:\Program Files\ICQLite\ICQLite.exe” -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
“C:\Program Files\MSN Messenger\msnmsgr.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
“C:\Program Files\Yahoo!\Messenger\ypager.exe” -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yassistse]
“C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YLive.exe]
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost netsvcs

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 13:18:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

C:\WINDOWS\system32\qwetop.exe
C:\WINDOWS\system32\7.exe

scan completed successfully
hidden files: 2

Completion time: 2007-06-04 13:22:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-06-04 13:22

--- E O F ---

system · 2007-06-04T06:20:16.000Z

ne\C\Program Files\Internet Explorer\PLUGINS\system64.jmp.vir
1987-02-12 14:10 81 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\Death.SiShen.vir
2003-02-21 04:42 348160 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\msvcr71.dll.vir
2003-03-18 20:14 499712 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\msvcp71.dll.vir
2003-03-18 22:12 1047552 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\mfc71u.dll.vir
2004-08-04 09:07 12800 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uovwrl.dll.vir
2004-08-04 09:07 237568 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\cmwrj.dll.vir
2004-08-04 09:07 66417 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\zt.DLL.vir
2004-08-04 09:07 9344 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\uovwrl.sys.vir
2005-02-12 20:48 19968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\SVCH0ST.EXE.vir
2005-02-14 13:31 886 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinEx.ini.vir
2005-02-14 14:00 20 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\windows2.log.vir
2005-02-14 14:01 32 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mprmsgse.axz.vir
2005-02-14 14:02 10030 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\irunin.dat.vir
2005-02-14 14:02 12331 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\irunin.lng.vir
2005-02-14 14:02 8134 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\irunin.bmp.vir
2005-02-14 14:03 212992 --a------ C:\Qoobox\Quarantine\C\WINDOWS\QQIEHelper.dll.vir
2005-02-14 14:03 60933 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ad_1993.exe.vir
2005-02-14 14:04 1420 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\STARTM~1\Programs\KKTONE\Uninstall KKTONE.lnk.vir
2005-02-14 14:04 14537 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\irunin.ini.vir
2005-02-14 14:04 39 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\pluglist.xml.vir
2005-02-14 14:04 91 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\ThirdSoftInfo2.vir
2005-02-14 18:22 185 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\DD95F06E.dat.vir
2005-02-14 18:33 30828 --a------ C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE.win.vir
2005-02-14 18:47 134 --a------ C:\Qoobox\Quarantine\C\WINDOWS\sysdn.ini.vir
2005-02-14 19:26 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\hitpop_tmp.txt.vir
2005-02-14 19:26 154 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mywebhit.ini.vir
2005-02-14 19:26 4191 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mywebhit.ini.tmp.vir
2005-02-15 20:00 1886 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\taobao.ico.vir
2005-02-15 20:00 5734 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\yahoomsg.ico.vir
2005-02-15 20:00 5734 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\ymail.ico.vir
2005-02-15 20:00 6526 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\sms.ico.vir
2005-02-15 20:06 7682 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsHook.dll.1.log.vir
2005-05-25 20:51 233472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2005-05-25 20:51 61440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket.dll.vir
2005-05-25 20:51 81920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\Packet.dll.vir
2005-05-26 08:47 8350 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Kvsc3.exe.vir
2005-08-29 16:03 2793472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\InstAll.exe.vir
2006-05-23 15:25 239 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\10.gif.vir
2006-05-23 15:28 230 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\16.gif.vir
2006-05-23 15:29 240 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\3.gif.vir
2006-05-23 15:30 155 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\9.gif.vir
2006-05-23 15:30 262 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\20.gif.vir
2006-05-23 15:30 275 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\7.gif.vir
2006-06-04 12:47 617 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\6.gif.vir
2006-06-04 16:03 223 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\18.gif.vir
2006-06-06 07:24 628 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\11.gif.vir
2006-06-06 09:07 282 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\14.gif.vir
2006-06-06 09:12 619 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\15.gif.vir
2006-06-06 09:50 219 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\13.gif.vir
2006-06-06 10:59 281 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\22.gif.vir
2006-06-26 17:50 403 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\8.gif.vir
2006-06-26 17:50 416 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\17.gif.vir
2006-06-26 17:50 420 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\19.gif.vir
2006-09-06 16:31 51712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\CnsMinKP.sys.vir
2006-09-18 11:34 661 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\1.gif.vir
2006-09-28 13:55 5017 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\CNSMIN.DAT.vir
2006-11-15 16:36 5064 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yal01.dat.vir
2006-11-15 17:45 101816 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\Update\yzsnetproto.dll.vir
2006-11-15 17:46 28088 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\Update\yassisres.dll.vir
2006-11-15 17:46 28088 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yadwreg.dll.vir
2006-11-15 17:47 64952 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\Update\yascenter.exe.vir
2006-11-15 17:48 101816 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Update\ynotifier.dll.vir
2006-11-15 17:48 134584 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Update\yalliveex.dll.vir
2006-11-15 17:50 32184 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yxpstyle.dll.vir
2006-11-15 17:50 97720 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\Update\yphotoseasy.dll.vir
2006-11-15 17:51 28088 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yupdateok.dll.vir
2006-11-15 17:51 32184 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ycnsdtu.dll.vir
2006-11-15 17:52 249272 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ywiper.dll.vir
2006-11-24 11:16 44472 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Update\yscrblock.dll.vir
2006-12-03 19:35 105912 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yhelperup.dll.vir
2006-12-14 09:35 2162 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\sound.wav.vir
2006-12-14 09:35 25496 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\myrss.xml.vir
2006-12-14 09:35 334996 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yierepairn.dat.vir
2006-12-14 09:35 7645 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\float.gif.vir
2006-12-14 09:35 7974 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\filter.ini.vir
2006-12-14 13:55 101816 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yzsnetproto.dll.vir
2006-12-14 13:55 56760 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yadfilter.dll.vir

system · 2007-06-04T06:20:48.000Z

ne\C\Program Files\Yahoo!\ASSIST~1\yhelper.dll.vir
2006-12-14 13:57 134584 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasnoad.dll.vir
2006-12-14 13:57 28088 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yassisres.dll.vir
2006-12-14 13:57 28088 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Shell\yIEAngel.dll.vir
2006-12-14 13:57 28088 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Shell\ysp.exe.vir
2006-12-14 13:57 294328 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasierres.dll.vir
2006-12-14 13:57 36280 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yassistex.dll.vir
2006-12-14 13:57 40376 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Shell\yMenuInfo.dll.vir
2006-12-14 13:57 64952 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Shell\yAsMenu.dll.vir
2006-12-14 13:57 77240 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yassistse.exe.vir
2006-12-14 13:58 101816 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yeheocx.dll.vir
2006-12-14 13:58 196024 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yieares.dll.vir
2006-12-14 13:58 261560 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yieacore.dll.vir
2006-12-14 13:58 32184 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasctrlh.dll.vir
2006-12-14 13:58 64952 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yascenter.exe.vir
2006-12-14 13:59 101816 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yNotifier.dll.vir
2006-12-14 13:59 134584 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yprockg.dll.vir
2006-12-14 13:59 134584 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yalLiveEx.dll.vir
2006-12-14 13:59 153866 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yiebwlist.dat.vir
2006-12-14 13:59 277944 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yrepair.dll.vir
2006-12-14 13:59 44472 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yscrblock.dll.vir
2006-12-14 13:59 64952 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yoptimum.dll.vir
2006-12-14 14:00 122296 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yphtb.dll.vir
2006-12-14 14:00 97720 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yphotoseasy.dll.vir
2006-12-14 14:01 146872 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yiesetres.dll.vir
2006-12-14 14:01 171448 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ysearch.dll.vir
2006-12-14 14:01 191928 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yrss.dll.vir
2006-12-14 14:01 64440 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ysettings.dll.vir
2006-12-14 14:02 85432 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ymyweb.dll.vir
2006-12-14 14:03 155064 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ymailp.dll.vir
2006-12-14 14:03 179640 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yieaUI.dll.vir
2006-12-14 14:51 167352 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasiesec.dll.vir
2006-12-14 14:52 108472 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasfsks.dll.vir
2006-12-16 18:03 20 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\YLive.exe.1.log.vir
2006-12-16 18:03 82 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\24.gif.vir
2006-12-16 18:03 86 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\23.gif.vir
2006-12-16 18:05 70904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinAL.cab.vir
2006-12-20 18:07 135168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\cnshint.dll.vir
2006-12-20 18:07 49152 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\cnsplus.dll.vir
2006-12-21 09:40 331192 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasbar0.dll.vir
2006-12-21 09:40 73144 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yassist.dll.vir
2006-12-21 09:43 142776 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yaswiper.dll.vir
2006-12-21 09:43 52664 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yassecblk.dll.vir
2006-12-21 09:43 52664 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Shell\yAssecblk.dll.vir
2006-12-21 17:39 17132 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\notify.wav.vir
2006-12-21 17:45 167352 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yangling.dll.vir
2006-12-21 17:55 24576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinDT.dll.vir
2006-12-25 08:27 217 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yaskpsec.dat.vir
2006-12-28 14:39 331192 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasbar.dll.vir
2006-12-30 15:08 69048 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\ylive.exe.vir
2006-12-30 15:11 130488 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yalive.dll.vir
2006-12-30 15:15 60856 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yclickonup.dll.vir
2006-12-30 15:15 64952 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yClickOn.dll.vir
2006-12-30 19:50 8111 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\profile\profile.xml.vir
2006-12-31 19:38 40376 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ykern.dll.vir
2007-01-20 19:58 11021 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinDT.cab.vir
2007-01-20 19:58 15574 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsPlus.cab.vir
2007-01-20 19:58 35563 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinEx.cab.vir
2007-01-20 19:58 61315 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsHint.cab.vir
2007-01-20 19:58 78256 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cns.dat.vir
2007-01-24 18:59 45056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\cnsio.dll.vir
2007-01-24 19:00 36864 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinIO.dll.vir
2007-02-28 19:50 28672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cns.exe.vir
2007-02-28 19:50 32768 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cns.dll.vir
2007-03-08 19:13 25260 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinIO.cab.vir
2007-03-09 18:15 114688 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\TSConvert2U.dll.vir

system · 2007-06-04T06:22:18.000Z

2007-03-09 18:15 184320 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\KKToneAgent.exe.vir
2007-03-09 18:15 22016 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\ktoc.dll.vir
2007-03-09 18:15 53248 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\dmfa.dll.vir
2007-03-09 18:15 94208 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\KKTone_vis.dll.vir
2007-03-14 18:23 1781760 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\KKTone.exe.vir
2007-03-16 11:29 52664 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ydragsearch.dll.vir
2007-03-16 16:29 8656 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yckrule.dat.vir
2007-03-16 20:02 204 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ysearch.dll.1.log.vir
2007-03-20 10:47 13 --a------ C:\Qoobox\Quarantine\C\Program Files\KKTONE\KKTONE.ini.vir
2007-03-21 15:52 1768 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\Cns02.dat.vir
2007-03-28 16:50 108182 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinUp.cab.vir
2007-04-06 16:23 32184 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasrde.exe.vir
2007-04-06 16:23 36280 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasrdd.dll.vir
2007-04-06 16:55 36280 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\ykeepmain.dll.vir
2007-04-06 16:55 63928 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\yaskp.sys.vir
2007-04-09 15:53 36864 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\keepmain.dll.vir
2007-04-09 20:46 74 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yasbar.dll.1.log.vir
2007-04-11 14:56 103981 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\keepmainM.cab.vir
2007-04-26 16:31 4896 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yphishrule.dat.vir
2007-05-08 11:14 186436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\acpidisk.sys.vir
2007-05-10 14:10 218 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yckrule.ini.vir
2007-05-15 13:36 32667 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinHK.cab.vir
2007-05-18 12:55 374 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yaLive.dll.1.log.vir
2007-05-24 15:42 8208 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsHook.dll.2.log.vir
2007-05-26 08:47 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2007-05-30 09:56 2385 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yphishbrule.dat.vir
2007-06-02 12:31 8149 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yassistnsw3.ini.vir
2007-06-02 12:32 919 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yalvsw3.ini.vir
2007-06-02 12:38 2560 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mscpx32r.det.vir
2007-06-02 12:59 98 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\d3d1caps.SRG.vir
2007-06-03 08:04 106 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsUp.ini.vir
2007-06-03 08:04 137 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMin.ini.vir
2007-06-03 16:38 9623 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinCg.ini.vir
2007-06-03 16:47 6656 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
2007-06-03 20:12 13312 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\4.exe.vir
2007-06-04 11:41 10 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo~lu.dat.vir
2007-06-04 11:41 181 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\GetADParameter.vir
2007-06-04 11:41 181 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\GetAdType.vir
2007-06-04 11:41 196 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\AdList.vir
2007-06-04 11:41 2369 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\Assist\yassistn3.ini.vir
2007-06-04 11:41 33 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\AllUrlList.vir
2007-06-04 11:41 54 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\RelateKey.vir
2007-06-04 11:41 6834 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\adsend.vir
2007-06-04 11:41 814 --a------ C:\Qoobox\Quarantine\C\Program Files\Yahoo!\ASSIST~1\yalive3.ini.vir
2007-06-04 12:20 181 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\GetADID.vir
2007-06-04 13:00 37 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\adshow.dat.vir
2007-06-04 13:00 59 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Personal\APPLIC~1\Cuckoo\windows1.log.vir
2007-06-04 13:09 1002 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_YASKP.reg.cf
2007-06-04 13:09 1032 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf
2007-06-04 13:09 1038 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CNSMINKP.reg.cf
2007-06-04 13:09 1044 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CELINDRV.reg.cf
2007-06-04 13:09 1076 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_UOVWRL.reg.cf
2007-06-04 13:09 1100 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_ACPIDISK.reg.cf
2007-06-04 13:09 2404 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.cf
2007-06-04 13:09 2430 --a------ C:\Qoobox\Quarantine\Registry_backups\services_uovwrl.reg.cf
2007-06-04 13:09 2578 --a------ C:\Qoobox\Quarantine\Registry_backups\services_yaskp.reg.cf
2007-06-04 13:09 2602 --a------ C:\Qoobox\Quarantine\Registry_backups\services_acpidisk.reg.cf
2007-06-04 13:09 2994 --a------ C:\Qoobox\Quarantine\Registry_backups\services_CnsMinKP.reg.cf
2007-06-04 13:09 3296 --a------ C:\Qoobox\Quarantine\Registry_backups\services_iSPONER.reg.cf
2007-06-04 13:09 804 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_ISPONER.reg.cf
2007-06-04 13:09 826 --a------ C:\Qoobox\Quarantine\Registry_backups\services_CelInDrv.reg.cf
2007-06-04 13:09 828 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_RELATIONS.reg.cf
2007-06-04 13:09 840 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_MSDEBUGSVC.reg.cf
2007-06-04 13:09 860 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CDNPROT.reg.cf

system · 2007-06-04T06:22:54.000Z

Folder PATH listing
Volume serial number is 5C40-B0FF
C:\QOOBOX
\---Quarantine
    +---C
    |   +---DOCUME~1
    |   |   +---ALLUSE~1
    |   |   |   \---STARTM~1
    |   |   |       \---Programs
    |   |   |           \---KKTONE
    |   |   |                   Uninstall KKTONE.lnk.vir
    |   |   |                   
    |   |   \---Personal
    |   |       \---APPLIC~1
    |   |           \---Cuckoo
    |   |                   AdList.vir
    |   |                   adsend.vir
    |   |                   adshow.dat.vir
    |   |                   AllUrlList.vir
    |   |                   GetADID.vir
    |   |                   GetADParameter.vir
    |   |                   GetAdType.vir
    |   |                   pluglist.xml.vir
    |   |                   RelateKey.vir
    |   |                   ThirdSoftInfo2.vir
    |   |                   windows1.log.vir
    |   |                   windows2.log.vir
    |   |                   ~lu.dat.vir
    |   |                   
    |   +---Program Files
    |   |   +---3721
    |   |   |       CNSMIN.DAT.vir
    |   |   |       
    |   |   +---3721.vir
    |   |   +---Internet Explorer
    |   |   |   |   IEXPLORE.win.vir
    |   |   |   |   
    |   |   |   \---PLUGINS
    |   |   |           system64.jmp.vir
    |   |   |           
    |   |   +---KKTONE
    |   |   |       dmfa.dll.vir
    |   |   |       irunin.bmp.vir
    |   |   |       irunin.dat.vir
    |   |   |       irunin.ini.vir
    |   |   |       irunin.lng.vir
    |   |   |       KKTone.exe.vir
    |   |   |       KKTONE.ini.vir
    |   |   |       KKToneAgent.exe.vir
    |   |   |       KKTone_vis.dll.vir
    |   |   |       ktoc.dll.vir
    |   |   |       mfc71u.dll.vir
    |   |   |       msvcp71.dll.vir
    |   |   |       msvcr71.dll.vir
    |   |   |       TSConvert2U.dll.vir
    |   |   |       
    |   |   \---Yahoo!
    |   |       \---ASSIST~1
    |   |           |   yal01.dat.vir
    |   |           |   yaLive.dll.1.log.vir
    |   |           |   yalive.dll.vir
    |   |           |   yalive3.ini.vir
    |   |           |   yalLiveEx.dll.vir
    |   |           |   yalvsw3.ini.vir
    |   |           |   yassistse.exe.vir
    |   |           |   yckrule.dat.vir
    |   |           |   yckrule.ini.vir
    |   |           |   yClickOn.dll.vir
    |   |           |   yclickonup.dll.vir
    |   |           |   yhelper.dll.vir
    |   |           |   YLive.exe.1.log.vir
    |   |           |   ylive.exe.vir
    |   |           |   yNotifier.dll.vir
    |   |           |   yscrblock.dll.vir
    |   |           |   
    |   |           +---Assist
    |   |           |   |   filter.ini.vir
    |   |           |   |   float.gif.vir
    |   |           |   |   myrss.xml.vir
    |   |           |   |   notify.wav.vir
    |   |           |   |   sound.wav.vir
    |   |           |   |   yadfilter.dll.vir
    |   |           |   |   yadwreg.dll.vir
    |   |           |   |   yangling.dll.vir
    |   |           |   |   yasbar.dll.1.log.vir
    |   |           |   |   yasbar.dll.vir
    |   |           |   |   yasbar0.dll.vir
    |   |           |   |   yascenter.exe.vir
    |   |           |   |   yasctrlh.dll.vir
    |   |           |   |   yasfsks.dll.vir
    |   |           |   |   yasierres.dll.vir
    |   |           |   |   yasiesec.dll.vir
    |   |           |   |   yaskpsec.dat.vir
    |   |           |   |   yasnoad.dll.vir
    |   |           |   |   yasrdd.dll.vir
    |   |           |   |   yasrde.exe.vir
    |   |           |   |   yassecblk.dll.vir
    |   |           |   |   yassisres.dll.vir
    |   |           |   |   yassist.dll.vir
    |   |           |   |   yassistex.dll.vir
    |   |           |   |   yassistn3.ini.vir
    |   |           |   |   yassistnsw3.ini.vir
    |   |           |   |   yaswiper.dll.vir
    |   |           |   |   ycnsdtu.dll.vir
    |   |           |   |   ydragsearch.dll.vir
    |   |           |   |   yeheocx.dll.vir
    |   |           |   |   yhelperup.dll.vir
    |   |           |   |   yieacore.dll.vir
    |   |           |   |   yieares.dll.vir
    |   |           |   |   yieaUI.dll.vir
    |   |           |   |   yiebwlist.dat.vir
    |   |           |   |   yierepairn.dat.vir
    |   |           |   |   yiesetres.dll.vir
    |   |           |   |   ykeepmain.dll.vir
    |   |           |   |   ykern.dll.vir
    |   |           |   |   ymailp.dll.vir
    |   |           |   |   ymyweb.dll.vir
    |   |           |   |   yoptimum.dll.vir
    |   |           |   |   yphishbrule.dat.vir
    |   |           |   |   yphishrule.dat.vir
    |   |           |   |   yphotoseasy.dll.vir
    |   |           |   |   yphtb.dll.vir
    |   |           |   |   yprockg.dll.vir
    |   |           |   |   yrepair.dll.vir
    |   |           |   |   yrss.dll.vir
    |   |           |   |   ysearch.dll.1.log.vir
    |   |           |   |   ysearch.dll.vir
    |   |           |   |   ysettings.dll.vir
    |   |           |   |   yupdateok.dll.vir
    |   |           |   |   ywiper.dll.vir
    |   |           |   |   yxpstyle.dll.vir
    |   |           |   |   yzsnetproto.dll.vir
    |   |           |   |   
    |   |           |   +---profile
    |   |           |   |       1.gif.vir
    |   |           |   |       10.gif.vir
    |   |           |   |       11.gif.vir
    |   |           |   |       13.gif.vir
    |   |           |   |       14.gif.vir
    |   |           |   |       15.gif.vir
    |   |           |   |       16.gif.vir
    |   |           |   |       17.gif.vir
    |   |           |   |       18.gif.vir
    |   |           |   |       19.gif.vir
    |   |           |   |       20.gif.vir
    |   |           |   |       22.gif.vir
    |   |           |   |       23.gif.vir
    |   |           |   |       24.gif.vir
    |   |           |   |       3.gif.vir
    |   |           |   |       6.gif.vir
    |   |           |   |       7.gif.vir
    |   |           |   |       8.gif.vir
    |   |           |   |       9.gif.vir
    |   |           |   |       profile.xml.vir
    |   |           |   |       
    |   |           |   \---Update
    |   |           |           yascenter.exe.vir
    |   |           |           yassisres.dll.vir
    |   |           |           yphotoseasy.dll.vir
    |   |           |           yzsnetproto.dll.vir
    |   |           |           
    |   |           +---Shell
    |   |           |       yAsMenu.dll.vir
    |   |           |       yAssecblk.dll.vir
    |   |           |       yIEAngel.dll.vir
    |   |           |       yMenuInfo.dll.vir
    |   |           |       ysp.exe.vir
    |   |           |       
    |   |           \---Update
    |   |                   yalliveex.dll.vir
    |   |                   ynotifier.dll.vir
    |   |                   yscrblock.dll.vir
    |   |                   
    |   \---WINDOWS
    |       |   hitpop_tmp.txt.vir
    |       |   InstAll.exe.vir
    |       |   Kvsc3.exe.vir
    |       |   QQIEHelper.dll.vir
    |       |   sysdn.ini.vir
    |       |   
    |       +---DOWNLO~1
    |       |       Cns02.dat.vir
    |       |       CnsHint.cab.vir
    |       |       cnshint.dll.vir
    |       |       CnsHook.dll.1.log.vir
    |       |       CnsHook.dll.2.log.vir
    |       |       cnsio.dll.vir
    |       |       CnsMin.ini.vir
    |       |       CnsMinAL.cab.vir
    |       |       CnsMinCg.ini.vir
    |       |       CnsMinDT.cab.vir
    |       |       CnsMinDT.dll.vir
    |       |       CnsMinEx.cab.vir
    |       |       CnsMinEx.ini.vir
    |       |       CnsMinHK.cab.vir
    |       |       CnsMinIO.cab.vir
    |       |       CnsMinIO.dll.vir
    |       |       CnsMinUp.cab.vir
    |       |       CnsPlus.cab.vir
    |       |       cnsplus.dll.vir
    |       |       CnsUp.ini.vir
    |       |       keepmain.dll.vir
    |       |       keepmainM.cab.vir
    |       |       sms.ico.vir
    |       |       taobao.ico.vir
    |       |       yahoomsg.ico.vir
    |       |       ymail.ico.vir
    |       |       
    |       \---system32
    |           |   4.exe.vir
    |           |   ad_1993.exe.vir
    |           |   cns.dat.vir
    |           |   cns.dll.vir
    |           |   cns.exe.vir
    |           |   d3d1caps.SRG.vir
    |           |   DD95F06E.dat.vir
    |           |   Death.SiShen.vir
    |           |   Kvsc3.dll.vir
    |           |   mprmsgse.axz.vir
    |           |   mscpx32r.det.vir
    |           |   mywebhit.ini.tmp.vir
    |           |   mywebhit.ini.vir
    |           |   Packet.dll.vir
    |           |   SVCH0ST.EXE.vir
    |           |   uovwrl.dll.vir
    |           |   WanPacket.dll.vir
    |           |   wpcap.dll.vir
    |           |   zt.DLL.vir
    |           |   
    |           +---drivers
    |           |       acpidisk.sys.vir
    |           |       CnsMinKP.sys.vir
    |           |       npf.sys.vir
    |           |       uovwrl.sys.vir
    |           |       yaskp.sys.vir
    |           |       
    |           \---wbem
    |                   cmwrj.dll.vir
    |                   
    \---Registry_backups
            LEGACY_ACPIDISK.reg.cf
            LEGACY_CDNPROT.reg.cf
            LEGACY_CELINDRV.reg.cf
            LEGACY_CNSMINKP.reg.cf
            LEGACY_ISPONER.reg.cf
            LEGACY_MSDEBUGSVC.reg.cf
            LEGACY_NPF.reg.cf
            LEGACY_RELATIONS.reg.cf
            LEGACY_UOVWRL.reg.cf
            LEGACY_YASKP.reg.cf
            services_acpidisk.reg.cf
            services_CelInDrv.reg.cf
            services_CnsMinKP.reg.cf
            services_iSPONER.reg.cf
            services_NPF.reg.cf
            services_uovwrl.reg.cf
            services_yaskp.reg.cf

system · 2007-06-04T06:23:29.000Z

what to do next?

TedNelly · 2007-06-04T06:54:56.000Z

Short answer
Perhaps read here
PC Pitstop Forums Re:Qoobox
ComboFix creates a folder called QooBox in C: (C:\QooBox). … An empty folder called Qoobox has appeared on my C drive, dated Oct. 29. .

essexboy · 2007-06-04T21:23:18.000Z

Bear with me please there are still a raft of infections there, whilst you are waiting

Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop

I will give files and instructions soon

essexboy · 2007-06-04T21:47:53.000Z

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\3.exe
C:\WINDOWS\system32\2.exe
C:\DOCUME~1\Personal\APPLIC~1\Cuckoo
C:\WINDOWS\system32\dnnimq.dll
C:\WINDOWS\lpdwzn.exe
C:\WINDOWS\system32\lxyrjn.dll
C:\WINDOWS\csmsmt.exe
C:\WINDOWS\jttlsm.exe
C:\WINDOWS\czbpnz.exe
C:\WINDOWS\system32\zwwtvs.dll
C:\WINDOWS\zfdfds.exe
C:\WINDOWS\system32\ztinetzt.dll
C:\WINDOWS\nujdxh.exe
C:\WINDOWS\system32\Deleteme.bat
C:\WINDOWS\wazuxr.exe
C:\WINDOWS\system32\drivers\gsrypjdt.sys
C:\WINDOWS\xuuypb.exe
C:\WINDOWS\system32\ztinetzt.exe
c:\WINDOWS\system32\RAVMY523.dll
C:\WINDOWS\system32\7.exe
C:\WINDOWS\system32\qwetop.exe
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\nwizhx2.dll
C:\WINDOWS\system32\nwizhx2.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\system32\mydata.exe
C:\WINDOWS\system32\moyu103.dll
C:\WINDOWS\system32\dh2103.dll
C:\WINDOWS\system32\nwizdh.exe
C:\WINDOWS\system32_rejoice44.exe
C:\WINDOWS\system32\gomvet.exe
C:\WINDOWS\system32\servet.exe
C:\WINDOWS\system32\bbqpri.dll
C:\WINDOWS\system32\nwizAsktao.exe
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\system32\qwetop.exe
C:\WINDOWS\system32\7.exe

Return to OTMoveIt, right click on the “Paste List of Files/Folders to be moved” window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

First we must back up the entire registry.To do this

REGISTRY BACKUP

Go START > RUN and type in REGEDIT then press your enter key.
When Regedit is open ensure that ‘my computer’ is highlighted in the left pane.
Go to FILE and select EXPORT.
Check the ‘all’ button at the bottom of the screen to backup the entire registry.
You will need to select a location to save the exported registry (it will be saved as a single file) I would suggest the Desktop
Choose the FILE NAME as Oldreg
In the drop down box called SAVE AS TYPE select registration files (*.reg).
Then click SAVE
This will create a file on your desktop called Oldreg.reg
http://img127.imageshack.us/img127/433/regtg8.jpg

REGISTRY FIX

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
rxsa=-
qjsa=-
mhsa=-

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
4jbbhd=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
RavMon=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{62A612A4-4334-4424-4234-42261A31A238}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{27622928-28E4-115D-40A0-0BBFE89C54D6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{DE35052A-9E37-4827-A1EC-79BF400D27A4}]

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop
http://img127.imageshack.us/img127/433/regtg8.jpg

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

We appear to be about halfway there at the moment you have one of the new chinese type infections so most of the removal will be manual

Lisandro · 2007-06-05T01:17:18.000Z

essexboy post:54:

REGISTRY BACKUP

I suggest the automated ERUNT for this: http://www.larshederer.homepage.t-online.de/erunt/

essexboy · 2007-06-05T17:09:43.000Z

I’ve never used that myself Tech, is it any good. Does it require the .net framework to run. Probably a safer way to back up the registry though, but having said that none of the changes I am making should cause any damage

EDIT just looked at the link and bookmarked Ta

Lisandro · 2007-06-05T17:19:04.000Z

essexboy post:56:

I’ve never used that myself Tech, is it any good.

Any good? Is a fantastic tool… saved me more than once.
It can backup the registry AND restore it (the manual method won’t restore all the Registry).
It can ‘compact’ (defragment) the registry too.

essexboy post:56:

Does it require the .net framework to run.

No. Just unpack it (unzip) and use in a folder of your choice.
You can use command-line parameters to.

essexboy post:56:

Probably a safer way to back up the registry though, but having said that none of the changes I am making should cause any damage

Your method won’t allow full restore of the registry like ERUNT will.

essexboy · 2007-06-05T19:56:09.000Z

You have sold me Tech I will re-write my canned to incorporate ERUNT Thanks ;D

system · 2007-06-06T06:38:53.000Z

bad news…my friend pc alredy sent to formate… :-\

essexboy · 2007-06-06T08:04:37.000Z

No problem as this looked like it was going to be a lengthy one

Announcements