Inactive [InActive]Anti Virus programs wont update and Anti Virus Sites blocked?

This seems to be a common new problem. Mine started after falling asleep one night with the computer on. When I woke up the next morning I had the blue screen of death and everything was unresponsive so I did a hard shut down. When I rebooted the computer seemed to take around 20 minutes to finish booting and I noticed my windows task bar color changed to a default I'm assuming. Now I am not able to update any antivirus or access and antivirus websites. I was able to download Hijack this and a couple of other programs but after they installed they would not open, so they were rendered useless. The one program the does anything is Ewido but all it does is delete a few cookies. Currently the only way I can do anything is to boot in safe mode. This has been the most frustrating thing I've ever had happen to any of my computers. Please help before I go bald.

 

Hi LoboTheWolf
Welcome to WindowsBBS.

Do you have a computer that you can download a tool and transfer it to the infected machine?

Thanks
Geri

 

Yes I do. I downloaded the combofix program already but when I try to run it nothing happens.

 

Hi
OK please delete it from the infected machine.

Redownload it and rename it Mocbotix.exe or anything of your choosing before you save it.
Then transfer it to the infected machine and run it.

Post the log here.

Thanks
Geri

 

ComboFix 09-01-19.01 - Arturo 2009-01-19 12:57:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.448 [GMT -7:00]
Running from: c:\documents and settings\Arturo\Desktop\mondofx.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Arturo\Application Data\gadcom
c:\documents and settings\Arturo\Application Data\gadcom\gadcom.exe
c:\program files\VideoAccessCodec
c:\program files\VideoAccessCodec\install.ico
c:\program files\VideoAccessCodec\Thumbs.db
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\bbxcyhay.ini
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\TDSSiyvv.sys
c:\windows\system32\mcrh.tmp
c:\windows\system32\mljJASjH.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\TDSSaqhc.dll
c:\windows\system32\TDSSeckv.log
c:\windows\system32\TDSSgxum.dll
c:\windows\system32\TDSShrpe.dll
c:\windows\system32\TDSSicen.dll
c:\windows\system32\TDSSiykj.dll
c:\windows\system32\TDSSlavt.dat
c:\windows\system32\TDSSllgr.dll
c:\windows\system32\TDSSmhju.log
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\yyIkkRCf.ini
c:\windows\system32\yyIkkRCf.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
-------\Legacy_FAD


((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-10 17:33 . 2009-01-10 17:33 244 --ah----- C:\sqmnoopt08.sqm
2009-01-10 17:33 . 2009-01-10 17:33 232 --ah----- C:\sqmdata08.sqm
2009-01-10 10:44 . 2009-01-10 10:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 10:44 . 2009-01-10 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-10 10:44 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 10:44 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 09:52 . 2009-01-10 09:52 <DIR> d-------- c:\program files\Panda Security
2009-01-10 09:52 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-23 12:58 . 2008-12-23 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-23 12:56 . 2008-12-23 13:01 <DIR> d-------- c:\documents and settings\Arturo\Application Data\Software Informer
2008-12-23 10:40 . 2008-12-23 10:40 <DIR> d-------- c:\program files\IObit
2008-12-23 10:40 . 2008-12-23 10:40 <DIR> d-------- c:\documents and settings\Arturo\Application Data\IObit
2008-12-22 22:03 . 2008-12-22 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-22 21:46 . 2008-12-22 21:46 <DIR> d-------- C:\savwsa
2008-12-21 23:12 . 2008-12-22 23:21 15,360 --ahs---- c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 16:50 --------- d-----w c:\program files\MySpace
2008-12-22 16:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 16:49 --------- d-----w c:\program files\mIRC
2008-12-19 03:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-17 12:48 --------- d-----w c:\documents and settings\Arturo\Application Data\SharePod
2008-12-07 17:52 --------- d-----w c:\program files\Camfrog
2008-12-06 21:09 --------- d-----w c:\documents and settings\Arturo\Application Data\BitTorrent
2005-10-30 01:33 251 ----a-w c:\program files\wt3d.ini
2008-07-03 02:35 56 --sh--r c:\windows\system32\AAB12E05BA.sys
2008-07-03 02:35 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig "= "c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo7 "= STV680tg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Arturo^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\documents and settings\Arturo\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 14:33 155648 c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-05-12 21:00 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2003-01-21 15:19 40960 c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-10-05 18:06 48752 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 07:57 133016 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-03-04 09:26 606208 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 12:59 385024 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 14:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 06:50 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-10-27 11:40 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-11-24 01:52 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2007-10-26 09:06 292152 c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP "= 3776:UDP:Media Center Extender Service
"3390:TCP "= 3390:TCP:Remote Media Center Experience

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-10 28544]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2006-05-08 1694592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86af7743-1da6-11db-9998-00123fe80e91}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL c:\dustin\PSP
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Arturo.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-05-05 22:15]

2009-01-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 10:24]
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
Notify-fccApQjI - fccApQjI.dll
MSConfigStartUp-Transcode360 - c:\program files\Transcode360\Transcode360Tray.exe


.
------- Supplementary Scan -------
.
TCP: {40F231C9-58B6-4FD8-AC30-616AAEF090E7} = 208.67.222.222,208.67.220.220
DPF: {69DFF81F-2214-11D6-9BE1-0050DAC94467} - hxxp://www.mysodexhoapps.com/CypherCheck.CAB
DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - hxxp://static.zangocash.com/cab/Zango/ie/bridge-c297.cab?2510c618bd5cacc0d79521befb07b5dfe1dd9584655fd95ce28af606df1309ae730df5d839a73fe26b29c9e2c8bc4918d975918c05bd71295494478aab1d5a203e70228d5649:5ca277272515bb269b863866ff9584c8
FF - ProfilePath - c:\documents and settings\Arturo\Application Data\Mozilla\Firefox\Profiles\z5g28leb.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 13:06:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath "= "C:/mysql/bin/mysqld-nt.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath "= "C:/mysql/bin/mysqld-nt.exe "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\RMSvc.exe
c:\program files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-19 13:14:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 20:14:20

Pre-Run: 8,844,800,000 bytes free
Post-Run: 8,783,986,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

 

Hi
OK looks good.

Now do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Now a on line scan.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

Please post the Panda results.

Thanks
Geri

 

Panda results

I am removing the p2p software, kids...I also ran trend micro housecall and it took off some malware. Here are the panda results:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-20 15:58:57
PROTECTIONS: 2
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus 2005 11.5.6 No No
Windows Defender 1.1.4205.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@atdmt[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@ad.yieldmanager[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@advertising[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@adrevolver[1].txt
00449733 Bck/Tdss.C Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044670.dll
00492014 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044692.dll
00497685 Trj/Agent.LFV Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP590\A0041703.exe
00497685 Trj/Agent.LFV Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044690.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044710.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044698.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044675.sys
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044671.dll
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044672.dll
04555947 Generic Trojan Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044673.dll
04560118 Trj/Downloader.MDW Virus/Trojan No 1 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044689.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ݁
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ݁
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Hi
OK looks good.

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Let me know how things are running.

Geri