Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Removing Scorpion Saver Adware/Malware [Solved]

scorpion savermalwarevirus PUP removal adware Adpeak help

  • This topic is locked This topic is locked
43 replies to this topic

#31 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 07:57 PM

Hi,
 
Great work!!  Let's get rid of the rest of this and then let me know how your system is running.  :)
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::

    File::
    C:\Temp\ScorpionSaver.msi
    C:\Users\All Users\Updater\Uninstall.exe
    C:\Users\Sierra Larson\Downloads\Adobe-Reader_Allmyapps.exe
    C:\Users\Sierra Larson\Downloads\Codec-C.exe
    C:\Users\Sierra Larson\Downloads\Codec-V (1).exe
    C:\Users\Sierra Larson\Downloads\Codec-V (2).exe
    C:\Users\Sierra Larson\Downloads\Codec-V.exe
    C:\Users\Sierra Larson\Downloads\essetup (1).exe
    C:\Users\Sierra Larson\Downloads\essetup (2).exe
    C:\Users\Sierra Larson\Downloads\essetup (3).exe
    C:\Users\Sierra Larson\Downloads\essetup (4).exe
    C:\Users\Sierra Larson\Downloads\essetup.exe
    C:\Users\Sierra Larson\Downloads\thelogocreator-setup.exe
    C:\Users\Sierra Larson\Downloads\ZipOpenerSetup.exe
    C:\Windows\Installer\MSI66B5.tmp

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------


Posted Image
 
 

    Advertisements

Register to Remove


#32 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 27 December 2013 - 12:03 AM

Here is the log:

 

ComboFix 13-12-26.01 - Sierra Larson 12/27/2013   0:44.7.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1755 [GMT -5:00]
Running from: c:\users\Sierra Larson\Desktop\ComboFix.exe
Command switches used :: c:\users\Sierra Larson\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\temp\ScorpionSaver.msi"
"c:\users\All Users\Updater\Uninstall.exe"
"c:\users\Sierra Larson\Downloads\Adobe-Reader_Allmyapps.exe"
"c:\users\Sierra Larson\Downloads\Codec-C.exe"
"c:\users\Sierra Larson\Downloads\Codec-V (1).exe"
"c:\users\Sierra Larson\Downloads\Codec-V (2).exe"
"c:\users\Sierra Larson\Downloads\Codec-V.exe"
"c:\users\Sierra Larson\Downloads\essetup (1).exe"
"c:\users\Sierra Larson\Downloads\essetup (2).exe"
"c:\users\Sierra Larson\Downloads\essetup (3).exe"
"c:\users\Sierra Larson\Downloads\essetup (4).exe"
"c:\users\Sierra Larson\Downloads\essetup.exe"
"c:\users\Sierra Larson\Downloads\thelogocreator-setup.exe"
"c:\users\Sierra Larson\Downloads\ZipOpenerSetup.exe"
"c:\windows\Installer\MSI66B5.tmp"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sierra Larson\Documents\~WRL0838.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-27 to 2013-12-27  )))))))))))))))))))))))))))))))
.
.
2013-12-27 05:58 . 2013-12-27 05:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-26 05:34 . 2013-12-26 05:34 -------- d-----w- c:\program files (x86)\ESET
2013-12-26 05:11 . 2013-12-26 05:11 -------- d-----w- c:\programdata\McAfee Security Scan
2013-12-26 05:11 . 2013-12-26 05:11 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-12-26 05:09 . 2013-12-26 05:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-26 05:08 . 2013-12-26 05:07 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-26 05:07 . 2013-12-26 05:07 -------- d-----w- c:\program files (x86)\Java
2013-12-26 02:54 . 2013-12-26 02:54 -------- d-----w- c:\users\Sierra Larson\AppData\Roaming\Malwarebytes
2013-12-26 02:54 . 2013-12-26 02:54 -------- d-----w- c:\programdata\Malwarebytes
2013-12-26 02:54 . 2013-12-26 02:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-26 02:54 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-26 02:07 . 2013-12-26 02:07 -------- d-----w- c:\windows\ERUNT
2013-12-22 04:18 . 2013-12-22 04:18 -------- d-----w- c:\program files (x86)\Audible
2013-12-21 22:50 . 2013-12-22 06:18 -------- d-----w- c:\programdata\TubeDimmer
2013-12-18 01:07 . 2013-11-26 11:54 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-12-17 05:07 . 2013-12-21 17:49 -------- d-----w- C:\AdwCleaner
2013-12-15 18:03 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-15 05:13 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-15 05:13 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-15 05:13 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-15 05:11 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-15 05:11 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-15 05:08 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-15 05:08 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-15 05:03 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-15 05:03 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-15 05:03 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-15 05:03 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-15 04:57 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-15 04:57 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-15 04:57 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-15 04:57 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-15 04:57 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-15 04:57 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-11 05:12 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\SysWow64\win_utilman.exe
2013-12-11 05:12 . 2013-12-11 05:12 -------- d-----w- c:\users\Sierra Larson\AppData\Roaming\_MDLogs
2013-11-30 01:46 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-30 01:41 . 2013-11-30 01:41 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 02:30 . 2013-11-13 22:18 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 22:18 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 22:18 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 22:18 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 22:18 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 01:23 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 01:23 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 01:13 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 01:13 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 01:13 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 01:13 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 01:13 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 01:13 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 22:19 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 22:19 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}"= "c:\users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport.dll" [2013-11-04 11520]
.
[HKEY_CLASSES_ROOT\clsid\{7c8d4a29-2dc9-4970-83b8-1e51b961e00f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Sierra Larson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxddserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe;c:\windows\SYSNATIVE\lxddcoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-11 04:32 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 01:20]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 01:20]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565193607-854521613-1741241799-1001Core.job
- c:\users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-03 01:20]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565193607-854521613-1741241799-1001UA.job
- c:\users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-03 01:20]
.
2013-12-19 c:\windows\Tasks\HPCeeScheduleForSIERRALARSON-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}"= "c:\users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport64.dll" [2013-11-04 12032]
.
[HKEY_CLASSES_ROOT\CLSID\{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ExpressInvoice - c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
AddRemove-InternetUpdater - c:\programdata\InternetUpdater\uninstall.exe
AddRemove-Scribe - c:\program files (x86)\NCH Software\Scribe\scribe.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-27  01:02:43
ComboFix-quarantined-files.txt  2013-12-27 06:02
ComboFix2.txt  2013-12-21 07:17
ComboFix3.txt  2013-12-20 03:56
ComboFix4.txt  2013-12-20 03:25
ComboFix5.txt  2013-12-27 05:41
.
Pre-Run: 386,839,166,976 bytes free
Post-Run: 386,495,393,792 bytes free
.
- - End Of File - - 56656BF4FF9FED44F80C8395B93DDD97


#33 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 07:10 AM

and then let me know how your system is running.

 

:)


Posted Image
 
 

#34 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 29 December 2013 - 12:20 PM

Still here? 


Posted Image
 
 

#35 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 29 December 2013 - 08:13 PM

Hey Jeff, it seems to be working great now. Thanks so much! So how do I go about getting my pictures back now?



#36 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 29 December 2013 - 08:43 PM

Hi,
 
Run the following and then let me know if the pictures are back.  :)
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Dequarantine::
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP 2012.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP 2012 Friends.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP '12.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Weekend at Westpoint April '12.zip.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Wedding.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\wedding 1.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Wedding (2).jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 9.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 8.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 7.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 6.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 5.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 4.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 3.png.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 13.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 2.png.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 12.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 10.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 11.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 1.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Proposal.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pics Folder 2.zip.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pics Folder 1.zip.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 9.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 8.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 7.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 6.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 5.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 4.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 3.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 3.1.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 14.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 13.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 12.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 11.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 10.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Boondock Saints.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 019.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\badboy.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 018.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 017.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 016.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 015.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 014.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 013.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 012.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 011.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 009.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 006.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 004.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 001.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 016.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 025.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 004.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-21 001 2012-06-21 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 001.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 011.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 009.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 006.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 002 2012-04-29 001.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 002 2012-04-29 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 096.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 095.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 094.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 093.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 093 (2).jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 091.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 092.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 090.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 088.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 089.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 087.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 086.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 084.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 085.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 083.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 082.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 080.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 081.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 079.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 078.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 076.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 077.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 074.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 075.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 072.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 073.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 071.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 069.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 070.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 068.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 066.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 067.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 065.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 064.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg.vir

    Quit::

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

 

There will be one log made showing that the files were restored....let me know if you see your pictures again.  :)


Posted Image
 
 

#37 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 January 2014 - 10:37 AM

Still here?


Posted Image
 
 

#38 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 01 January 2014 - 12:44 PM

They're back! Thank you so much! And Happy New Year :-)

 

 

C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg.vir -> C:\Classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg.vir -> C:\Classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg.vir -> C:\Classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 064.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 064.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 065.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 065.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 066.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 066.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 067.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 067.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 068.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 068.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 069.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 069.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 070.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 070.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 071.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 071.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 072.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 072.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 073.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 073.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 074.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 074.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 075.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 075.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 076.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 076.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 077.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 077.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 078.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 078.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 079.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 079.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 080.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 080.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 081.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 081.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 082.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 082.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 083.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 083.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 084.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 084.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 085.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 085.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 086.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 086.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 087.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 087.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 088.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 088.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 089.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 089.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 090.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 090.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 091.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 091.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 092.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 092.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 093 (2).jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 093 (2).jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 093.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 093.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 094.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 094.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 095.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 095.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 096.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 096.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 002 2012-04-29 001.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 002 2012-04-29 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 002 2012-04-29 003.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 002 2012-04-29 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 002.jpg.vir -> C:\Classified\Cal and Me\2012-05-01 001 2012-05-01 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 006.jpg.vir -> C:\Classified\Cal and Me\2012-05-01 001 2012-05-01 006.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 007.jpg.vir -> C:\Classified\Cal and Me\2012-05-01 001 2012-05-01 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 008.jpg.vir -> C:\Classified\Cal and Me\2012-05-01 001 2012-05-01 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 009.jpg.vir -> C:\Classified\Cal and Me\2012-05-01 001 2012-05-01 009.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 010.jpg.vir -> C:\Classified\Cal and Me\2012-05-01 001 2012-05-01 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 011.jpg.vir -> C:\Classified\Cal and Me\2012-05-01 001 2012-05-01 011.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-21 001 2012-06-21 010.jpg.vir -> C:\Classified\Cal and Me\2012-06-21 001 2012-06-21 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 001.jpg.vir -> C:\Classified\Cal and Me\2012-06-24 001 2012-06-24 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 002.jpg.vir -> C:\Classified\Cal and Me\2012-06-24 001 2012-06-24 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 003.jpg.vir -> C:\Classified\Cal and Me\2012-06-24 001 2012-06-24 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 004.jpg.vir -> C:\Classified\Cal and Me\2012-06-24 001 2012-06-24 004.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 005.jpg.vir -> C:\Classified\Cal and Me\2012-06-24 001 2012-06-24 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 016.jpg.vir -> C:\Classified\Cal and Me\2012-06-24 001 2012-06-24 016.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 025.jpg.vir -> C:\Classified\Cal and Me\2012-06-24 001 2012-06-24 025.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 001.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 002.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 003.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 004.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 004.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 005.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 006.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 006.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 007.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 008.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 009.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 009.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 010.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 011.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 011.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 012.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 012.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 013.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 013.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 014.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 014.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 015.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 015.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 016.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 016.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 017.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 017.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 018.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 018.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 019.jpg.vir -> C:\Classified\Cal and Me\2012-08-02 001 2012-08-02 019.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Boondock Saints.jpg.vir -> C:\Classified\Cal and Me\Boondock Saints.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 10.jpg.vir -> C:\Classified\Cal and Me\Pic 10.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 11.jpg.vir -> C:\Classified\Cal and Me\Pic 11.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 12.jpg.vir -> C:\Classified\Cal and Me\Pic 12.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 13.jpg.vir -> C:\Classified\Cal and Me\Pic 13.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 14.jpg.vir -> C:\Classified\Cal and Me\Pic 14.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 3.1.jpg.vir -> C:\Classified\Cal and Me\Pic 3.1.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 3.jpg.vir -> C:\Classified\Cal and Me\Pic 3.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 4.jpg.vir -> C:\Classified\Cal and Me\Pic 4.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 5.jpg.vir -> C:\Classified\Cal and Me\Pic 5.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 6.jpg.vir -> C:\Classified\Cal and Me\Pic 6.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 7.jpg.vir -> C:\Classified\Cal and Me\Pic 7.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 8.jpg.vir -> C:\Classified\Cal and Me\Pic 8.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 9.jpg.vir -> C:\Classified\Cal and Me\Pic 9.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pics Folder 1.zip.vir -> C:\Classified\Cal and Me\Pics Folder 1.zip
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pics Folder 2.zip.vir -> C:\Classified\Cal and Me\Pics Folder 2.zip
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Proposal.jpg.vir -> C:\Classified\Cal and Me\Proposal.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 1.jpg.vir -> C:\Classified\Cal and Me\ring 1.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 10.jpg.vir -> C:\Classified\Cal and Me\ring 10.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 11.jpg.vir -> C:\Classified\Cal and Me\ring 11.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 12.jpg.vir -> C:\Classified\Cal and Me\ring 12.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 13.jpg.vir -> C:\Classified\Cal and Me\ring 13.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 2.png.vir -> C:\Classified\Cal and Me\ring 2.png
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 3.png.vir -> C:\Classified\Cal and Me\ring 3.png
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 4.jpg.vir -> C:\Classified\Cal and Me\ring 4.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 5.jpg.vir -> C:\Classified\Cal and Me\ring 5.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 6.jpg.vir -> C:\Classified\Cal and Me\ring 6.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 7.jpg.vir -> C:\Classified\Cal and Me\ring 7.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 8.jpg.vir -> C:\Classified\Cal and Me\ring 8.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 9.jpg.vir -> C:\Classified\Cal and Me\ring 9.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Wedding (2).jpg.vir -> C:\Classified\Cal and Me\Wedding (2).jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\wedding 1.jpg.vir -> C:\Classified\Cal and Me\wedding 1.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Wedding.jpg.vir -> C:\Classified\Cal and Me\Wedding.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\Weekend at Westpoint April '12.zip.vir -> C:\Classified\Cal and Me\Weekend at Westpoint April '12.zip
C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP '12.jpg.vir -> C:\Classified\Cal and Me\WP '12.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP 2012 Friends.jpg.vir -> C:\Classified\Cal and Me\WP 2012 Friends.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP 2012.jpg.vir -> C:\Classified\Cal and Me\WP 2012.jpg


#39 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 January 2014 - 03:26 PM

Perfect!!!  :)

 

Any other malware related issues?? 


Posted Image
 
 

#40 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 04 January 2014 - 06:46 PM

Still working well?  :)


Posted Image
 
 

    Advertisements

Register to Remove


#41 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 05 January 2014 - 05:02 PM

Providing there are no other malware related problems...

IT APPEARS THAT THE LOGS WE HAVE NOW ARE NOW CLEAN!  GREAT JOB!!  

This infection appears to have been cleared, but I can not give you any absolute guarantees.  As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Press the Windows key + R and this will open the Run text box.  Copy/paste the following text into the Run box as shown and click OK.
  Combofix /Uninstall
  (Note: There is a space between the ..X and the /U that needs to be there.)

jEuYelX.jpg
----------
 
81mYIKe.jpg  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

--------------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.
----------

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free

5. Make sure you keep your Windows OS currentWindows XP users can visit Windows update   regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
----------


Posted Image
 
 

#42 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 05 January 2014 - 06:05 PM

Hey Jeff,

 

Everything is still working great. Thanks! Do you know of something I can use to protect Google Chrome? That's my preferred browser. 



#43 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 January 2014 - 06:35 AM

Hi,

 

When I use Chrome...the only extension that I use is AdBlock.  You can find it here >> https://chrome.googl...kbiglidom?hl=en

 

There are some alternatives to NoScript for Chrome as well but I have not had too much luck with them.  Hope this helps!  :)


Posted Image
 
 

#44 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 07 January 2014 - 07:02 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Posted Image
 
 

Related Topics




Also tagged with one or more of these keywords: scorpion savermalwarevirus, PUP, removal, adware, Adpeak, help

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users