Jump to content

Gryn

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Gringo, I finished with deleting the remaining files and then removing the programs as requested. The computer continues to function normally. It appears all is good now. Thank you very much for your help and your patience! I am very happy with your help and will make a donation. Gryn
  2. Gringo, I cleaned up the start-up files and ran the ESET scan. It found 12 threats. Below is the log: C:\Program Files\OpenDownloaderManager\DeltaTB.exe a variant of Win32/Toolbar.Babylon.A application C:\Program Files\OpenDownloaderManager\fftsetup.exe multiple threats C:\Program Files\RealArcade\Installer\GameHouse-Installer_am-bejeweledr3_gamehouse_.exe Win32/OpenCandy application C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP1\A0000037.dll a variant of Win32/bProtector.A application C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP4\A0001080.exe a variant of Win32/bProtector.A application C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001104.dll a variant of Win32/Toolbar.MyWebSearch.A application C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001110.dll probably a variant of Win32/Toolbar.MyWebSearch.B application C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001113.dll probably a variant of Win32/Toolbar.MyWebSearch.P application C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001122.dll a variant of Win32/Toolbar.MyWebSearch.P application C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001133.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP8\A0001141.exe a variant of Win32/bProtector.A application C:\_OTL\MovedFiles\04202013_105248\C_Documents and Settings\All Users\Application Data\MigAutoPlay.exe a variant of Win32/Injector.AFBU trojan
  3. Gringo, I thought I posted a reply awile ago but do not see the update so I am posting again. I was able to complete the list of items from your last post. The computer seems to be functioning normally. Everything I have tried has worked. Below are the logs you requested: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.22.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-72FB034A10 [administrator] 4/22/2013 8:19:51 PM mbam-log-2013-04-22 (20-19-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 239935 Time elapsed: 4 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:29:24 PM, on 4/22/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\OpenDownloaderManager\odm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\User\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Open Download Manager] C:\Program Files\OpenDownloaderManager\odm.exe -autorun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2025429265-343818398-682003330-1005\..\Run: [firedogadvisor] C:\Program Files\firedog advisor\faAgnt.exe /startup (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: Download all with Open Download Manager - file://C:\Program Files\OpenDownloaderManager\dlall.htm O8 - Extra context menu item: Download selected with Open Download Manager - file://C:\Program Files\OpenDownloaderManager\dlselected.htm O8 - Extra context menu item: Download video with Open Download Manager - file://C:\Program Files\OpenDownloaderManager\dlfvideo.htm O8 - Extra context menu item: Download with Open Download Manager - file://C:\Program Files\OpenDownloaderManager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251932999515 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354297280500 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: GamesAppService - Unknown owner - C:\Program Files\WildTangent Games\App\GamesAppService.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: RoxMediaDBVHS - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9368 bytes
  4. Gringo, Here is the report: 32 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.1) Adobe Shockwave Player 11.5 American Greetings CreataCard Select 6 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour BrowserProtect BufferChm C6300 C6300_Help Cards_Calendar_OrderGift_DoMorePlugout Coupon Printer for Windows CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DirectX 9 Runtime DocProc DocProcQFolder ESET Online Scanner v3 eSupportQFolder Facebook Plug-In FLV Player 2.0 (build 25) FrostWire 5.2.11 Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper GPBaseService Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 11.0 HP Imaging Device Functions 11.0 HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4 HP Photosmart Essential 3.5 HP Smart Web Printing HP Solution Center 11.0 HP Update HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply ImageMixer 3 SE Ver.4 Transfer Utility ImageMixer 3 SE Ver.4 Video Tools iTunes Java Auto Updater Java 6 Update 29 Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Web Publishing Wizard 1.52 Microsoft Works 6-9 Converter MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Transfer Utility Ver.1 Musicnotes Software Suite 1.4.6 Network NVIDIA Control Panel 285.58 NVIDIA Drivers NVIDIA Install Application NVIDIA nView 135.95 NVIDIA Update 1.5.20 NVIDIA Update Components OCR Software by I.R.I.S. 11.0 Open Downloader Manager palmOne PanoStandAlone PS_AIO_04_C6300_ProductContext PS_AIO_04_C6300_Software PS_AIO_04_C6300_Software_Min PSSWCORE QuickTime Quizulous ReadingFanatic Toolbar Realtek High Definition Audio Driver Roxio CinePlayer Decoder Pack Roxio Easy VHS to DVD Roxio Express Labeler Roxio Video Capture USB Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shop for HP Supplies Sibelius Scorch (ActiveX Only) SolutionCenter Status Stellar Phoenix Windows Data Recovery thinkorswim Toolbox TrayApp TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wmiiper TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wmiiper TurboTax 2011 wrapper TurboTax 2012 TurboTax 2012 WinPerFedFormset TurboTax 2012 WinPerReleaseEngine TurboTax 2012 WinPerTaxSupport TurboTax 2012 wmiiper TurboTax 2012 wrapper UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB960763) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VideoToolkit01 WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Media Format Runtime
  5. Gringo, Finished that last script. Computer seems to be functioning normally. I can access and open my files, get on the internet, print, etc. I haven't seen anything abnormal. Following is the log: ComboFix 13-04-20.02 - User 04/20/2013 17:30:47.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1391 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 ))))))))))))))))))))))))))))))) . . 2013-04-20 17:14 . 2013-04-20 17:14 83 ----a-w- c:\windows\DeleteOnReboot.bat 2013-04-20 14:55 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe 2013-04-20 14:52 . 2013-04-20 14:52 -------- d-----w- C:\_OTL 2013-04-20 14:11 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9ED3A2C1-165F-4724-B95F-A45E8ADE7395}\mpengine.dll 2013-04-14 17:47 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-12 00:03 . 2013-04-12 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2013-04-11 01:56 . 2013-04-11 23:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-04-07 17:29 . 2013-04-07 17:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\IAC 2013-04-07 17:29 . 2013-04-07 17:29 -------- d-----w- c:\documents and settings\User\Application Data\ReadingFanatic_6x 2013-04-07 17:28 . 2013-04-07 17:29 -------- d-----w- c:\program files\ReadingFanatic_6x 2013-04-07 17:24 . 2013-04-20 21:33 -------- d-----w- c:\documents and settings\User\Application Data\Open Download Manager 2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\windows\system32\searchplugins 2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\windows\system32\Extensions 2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\BrowserProtect 2013-04-07 17:23 . 2013-04-07 17:24 -------- d-----w- c:\program files\OpenDownloaderManager . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-09 22:11 . 2012-02-05 16:58 248192 ----a-r- c:\windows\system32\cpnprt2.cid 2013-03-17 23:46 . 2013-03-17 23:09 283 ----a-w- c:\documents and settings\User\Application Data\$h.bat 2013-01-12 19:19 . 2013-01-12 19:19 439 ----a-w- c:\program files\0112201314190610.bat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Open Download Manager"="c:\program files\OpenDownloaderManager\odm.exe" [2013-02-20 6369280] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "ReadingFanatic Search Scope Monitor"="c:\progra~1\READIN~2\bar\1.bin\6xsrchmn.exe" [2013-04-07 42536] "ReadingFanatic_6x Browser Plugin Loader"="c:\progra~1\READIN~2\bar\1.bin\6xbrmon.exe" [2013-04-07 30096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\FrostWire 5\\FrostWire.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "427:UDP"= 427:UDP:SLP_Port(427) . R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672] S2 ReadingFanatic_6xService;ReadingFanaticService;c:\progra~1\READIN~2\bar\1.bin\6xbarsvc.exe [4/7/2013 1:28 PM 42504] S3 GamesAppService;GamesAppService;"c:\program files\WildTangent Games\App\GamesAppService.exe" --> c:\program files\WildTangent Games\App\GamesAppService.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/10/2013 9:56 PM 40776] S3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2/19/2010 7:44 AM 1116656] . --- Other Services/Drivers In Memory --- . *Deregistered* - SASKUTIL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wg4n Appn TdmService ceepwrsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 11:27 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:17] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:17] . 2013-04-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25] . 2013-04-20 c:\windows\Tasks\User_Feed_Synchronization-{D8494A2B-1A55-47E3-B87C-F9D35C4482B9}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://portal.wowway.net/ uInternet Settings,ProxyOverride = *.local IE: Download all with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlall.htm IE: Download selected with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlselected.htm IE: Download video with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlfvideo.htm IE: Download with Open Download Manager - file://c:\program files\OpenDownloaderManager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: care.com\www Trusted Zone: sittercity.com\www TCP: DhcpNameServer = 64.233.217.2 64.233.217.3 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-20 17:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(288) c:\windows\system32\WININET.dll c:\progra~1\READIN~2\bar\1.bin\6xbrstub.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2013-04-20 17:35:33 ComboFix-quarantined-files.txt 2013-04-20 21:35 ComboFix2.txt 2013-04-20 20:01 . Pre-Run: 124,915,744,768 bytes free Post-Run: 124,917,395,456 bytes free . - - End Of File - - B9319E062B6FB7148C49B475CE850BD1
  6. Gringo, None of the 3 links you provided worked but I was able to go to bleepingcomputer.com, find ComboFix, and run it. Computer performance is still OK. Below is the log: ComboFix 13-04-20.02 - User 04/20/2013 15:51:05.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1463 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\4e0b82c3.pad c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\User\Application Data\0DADA0.dat c:\documents and settings\User\Application Data\skype.ini c:\windows\$NtUninstallKB17627$ c:\windows\$NtUninstallKB17627$\3778175007 c:\windows\$NtUninstallKB17627$\381702683\@ c:\windows\$NtUninstallKB17627$\381702683\cfg.ini c:\windows\$NtUninstallKB17627$\381702683\Desktop.ini c:\windows\$NtUninstallKB17627$\381702683\L\kqknkasx c:\windows\$NtUninstallKB17627$\381702683\U\00000001.@ c:\windows\$NtUninstallKB17627$\381702683\U\00000002.@ c:\windows\$NtUninstallKB17627$\381702683\U\00000004.@ c:\windows\$NtUninstallKB17627$\381702683\U\80000000.@ c:\windows\$NtUninstallKB17627$\381702683\U\80000004.@ c:\windows\$NtUninstallKB17627$\381702683\U\80000032.@ c:\windows\$NtUninstallKB17627$\381702683\version c:\windows\system32\dds_trash_log.cmd . . ((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 ))))))))))))))))))))))))))))))) . . 2013-04-20 17:14 . 2013-04-20 17:14 83 ----a-w- c:\windows\DeleteOnReboot.bat 2013-04-20 14:55 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe 2013-04-20 14:52 . 2013-04-20 14:52 -------- d-----w- C:\_OTL 2013-04-20 14:11 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9ED3A2C1-165F-4724-B95F-A45E8ADE7395}\mpengine.dll 2013-04-14 17:47 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-12 00:03 . 2013-04-12 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2013-04-11 01:56 . 2013-04-11 23:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-04-07 17:29 . 2013-04-07 17:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\IAC 2013-04-07 17:29 . 2013-04-07 17:29 -------- d-----w- c:\documents and settings\User\Application Data\ReadingFanatic_6x 2013-04-07 17:28 . 2013-04-07 17:29 -------- d-----w- c:\program files\ReadingFanatic_6x 2013-04-07 17:24 . 2013-04-20 17:12 -------- d-----w- c:\documents and settings\User\Application Data\Open Download Manager 2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\windows\system32\searchplugins 2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\windows\system32\Extensions 2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\BrowserProtect 2013-04-07 17:23 . 2013-04-07 17:24 -------- d-----w- c:\program files\OpenDownloaderManager . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-09 22:11 . 2012-02-05 16:58 248192 ----a-r- c:\windows\system32\cpnprt2.cid 2013-03-17 23:46 . 2013-03-17 23:09 283 ----a-w- c:\documents and settings\User\Application Data\$h.bat 2013-01-12 19:19 . 2013-01-12 19:19 439 ----a-w- c:\program files\0112201314190610.bat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Open Download Manager"="c:\program files\OpenDownloaderManager\odm.exe" [2013-02-20 6369280] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "ReadingFanatic Search Scope Monitor"="c:\progra~1\READIN~2\bar\1.bin\6xsrchmn.exe" [2013-04-07 42536] "ReadingFanatic_6x Browser Plugin Loader"="c:\progra~1\READIN~2\bar\1.bin\6xbrmon.exe" [2013-04-07 30096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\FrostWire 5\\FrostWire.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "427:UDP"= 427:UDP:SLP_Port(427) . R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672] S2 ReadingFanatic_6xService;ReadingFanaticService;c:\progra~1\READIN~2\bar\1.bin\6xbarsvc.exe [4/7/2013 1:28 PM 42504] S3 GamesAppService;GamesAppService;"c:\program files\WildTangent Games\App\GamesAppService.exe" --> c:\program files\WildTangent Games\App\GamesAppService.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/10/2013 9:56 PM 40776] S3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2/19/2010 7:44 AM 1116656] . --- Other Services/Drivers In Memory --- . *Deregistered* - SASKUTIL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wg4n Appn TdmService ceepwrsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 11:27 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:17] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:17] . 2013-04-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25] . 2013-04-20 c:\windows\Tasks\User_Feed_Synchronization-{D8494A2B-1A55-47E3-B87C-F9D35C4482B9}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://portal.wowway.net/ uInternet Settings,ProxyOverride = *.local IE: Download all with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlall.htm IE: Download selected with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlselected.htm IE: Download video with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlfvideo.htm IE: Download with Open Download Manager - file://c:\program files\OpenDownloaderManager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: care.com\www Trusted Zone: sittercity.com\www TCP: DhcpNameServer = 64.233.217.2 64.233.217.3 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\SmileBox_EN\prxtbSmi2.dll BHO-{f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\SmileBox_EN\prxtbSmi2.dll Toolbar-{f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\SmileBox_EN\prxtbSmi2.dll WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - c:\program files\SmileBox_EN\prxtbSmi2.dll HKCU-Run-SearchEngineProtection - c:\program files\Gamesbar\SearchEngineProtection.exe HKCU-Run-Yontoo Desktop - c:\documents and settings\User\Application Data\Yontoo\YontooDesktop.exe HKLM-Run-MigAutoPlay - c:\documents and settings\All Users\Application Data\MigAutoPlay.exe AddRemove-Bejeweled 3 - c:\program files\iWin.com\Bejeweled 3\Uninstall.exe AddRemove-delta - c:\program files\Delta\delta\1.8.10.0\GUninstaller.exe AddRemove-Delta Chrome Toolbar - c:\documents and settings\User\Application Data\BabSolution\Shared\GUninstaller.exe AddRemove-GamesBar - c:\program files\GamesBar\uninst.exe AddRemove-WT066036 - c:\program files\WildGames\Chuzzle Deluxe\Uninstall.exe AddRemove-WT069980 - c:\program files\WildGames\The Hidden Object Game Show\Uninstall.exe AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files\WildTangent Games\App\Uninstall.exe AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-20 15:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(960) c:\windows\system32\WININET.dll c:\progra~1\READIN~2\bar\1.bin\6xbrstub.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RunDLL32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2013-04-20 16:01:29 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-20 20:01 . Pre-Run: 124,437,864,448 bytes free Post-Run: 124,934,225,920 bytes free . - - End Of File - - 016D227D8CD98DB535F45E7280102F29
  7. Gringo, I was able to download AdwCleaner but not able to run it completely. It stalled about 1/4 of the way through deleting. I am not able to download RogueKiller. When I click on the link you sent it takes me to Tigzy's website. When I click on Tools/RogueKiller nothing happens.
  8. Gringo, I'm back from out-of-town now. I ran the OTL script. It disabled the FBI virus so that my infected machine was able to boot-up and I am able to access programs now (I am responding to you now on that machine). Below is the OTL log you requested: ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MigAutoPlay deleted successfully. C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe moved successfully. C:\Documents and Settings\User\Local Settings\Application Data\6o4v7yr6ikfw18072u moved successfully. C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u moved successfully. C:\Documents and Settings\All Users\Application Data\1.bmp moved successfully. C:\Documents and Settings\All Users\Application Data\1.jpg moved successfully. C:\Documents and Settings\All Users\Application Data\~TZgq6iowFS4dXh moved successfully. C:\Documents and Settings\All Users\Application Data\~TZgq6iowFS4dXhr moved successfully. C:\Documents and Settings\All Users\Application Data\TZgq6iowFS4dXh moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration C:\cmd.bat deleted successfully. C:\cmd.txt deleted successfully. ========== COMMANDS ========== Error: Unable to interpret <[emptyjava]> in the current context! [EMPTYFLASH] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 3787692 bytes ->Temporary Internet Files folder emptied: 765095728 bytes ->Flash cache emptied: 8092 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: User ->Temp folder emptied: 4452884412 bytes ->Temporary Internet Files folder emptied: 76489797 bytes ->Java cache emptied: 2707743 bytes ->Flash cache emptied: 56487 bytes Total Flash Files Cleaned = 5,056.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 04202013_105248
  9. Gringo, Good news. I was able to successfully download and run the REALTOGO software on the infected machines. I will only be around until 6:00 today and then not again until this weekend. I will contact you then. Following is the OTL log you requested: OTL logfile created on: 4/16/2013 4:39:22 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 111.08 Gb Free Space | 47.70% Space Free | Partition Type: NTFS Drive D: | 141.72 Gb Total Space | 99.29 Gb Free Space | 70.06% Space Free | Partition Type: NTFS Drive G: | 7.30 Gb Total Space | 2.26 Gb Free Space | 31.00% Space Free | Partition Type: FAT32 Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (Yontoo Desktop Updater) SRV - File not found [Auto] -- -- (wg4n) SRV - File not found [Auto] -- -- (TdmService) SRV - File not found [On_Demand] -- -- (GamesAppService) SRV - File not found [Auto] -- -- (ceepwrsvc) SRV - File not found [Auto] -- -- (Appn) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2013/04/07 13:28:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbarsvc.exe -- (ReadingFanatic_6xService) SRV - [2013/04/05 06:57:04 | 002,569,168 | ---- | M] () [Auto] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/10/08 00:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/02/19 07:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/04/11 19:44:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009/06/19 17:59:52 | 000,533,752 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2009/06/19 17:58:56 | 000,572,280 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2008/11/25 04:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/08/18 06:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts) DRV - [2008/07/31 23:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008/07/31 23:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2004/08/14 14:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://portal.wowway.net/ IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/ IE - HKU\User_ON_C\..\URLSearchHook: {421fb3de-4b9f-48e5-abf1-f96f8aaca70a} - Reg Error: Key error. File not found IE - HKU\User_ON_C\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - File not found IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.6: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Program Files\Musicnotes\NPSibelius.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/09/02 22:49:25 | 000,000,000 | ---D | M] [2013/04/07 13:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions Hosts file not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Search Assistant BHO) - {2d948797-8fe3-4508-9b6f-4bf349a9ea34} - C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll (MindSpark) O2 - BHO: (ShopAtHome.com Toolbar) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.) O2 - BHO: (Toolbar BHO) - {f149b372-5830-4d88-b8f6-2853d12c1af5} - C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark) O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - File not found O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - File not found O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (ReadingFanatic) - {b36151d1-7770-4480-87e4-f89fb54e173d} - C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark) O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - File not found O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - File not found O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (ReadingFanatic) - {B36151D1-7770-4480-87E4-F89FB54E173D} - C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark) O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [MigAutoPlay] C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe () O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [ReadingFanatic Search Scope Monitor] C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xSrchMn.exe (MindSpark) O4 - HKLM..\Run: [ReadingFanatic_6x Browser Plugin Loader] C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbrmon.exe (VER_COMPANY_NAME) O4 - HKU\UpdatusUser_ON_C..\Run: [firedogadvisor] File not found O4 - HKU\User_ON_C..\Run: [Open Download Manager] C:\Program Files\OpenDownloaderManager\odm.exe (OpenDownloadManager.com) O4 - HKU\User_ON_C..\Run: [searchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media ) O4 - HKU\User_ON_C..\Run: [Yontoo Desktop] C:\Documents and Settings\User\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251932999515 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354297280500 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.2 64.233.217.3 O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/09/03 06:51:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/01/10 15:17:10 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/04/11 20:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2013/04/10 21:56:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/04/07 13:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ReadingFanatic_6x [2013/04/07 13:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\IAC [2013/04/07 13:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\ReadingFanatic_6x [2013/04/07 13:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Delta [2013/04/07 13:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Open Download Manager [2013/04/07 13:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\OpenDownloaderManager [2013/04/07 13:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins [2013/04/07 13:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions [2013/04/07 13:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\BrowserProtect [2013/04/07 13:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2013/04/07 13:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yontoo [2013/04/07 13:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2013/04/07 13:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect [2013/04/07 13:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\BabSolution [2013/04/07 13:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013/04/07 13:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/04/07 13:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Babylon [2013/04/07 13:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon [2013/04/07 13:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDownloaderManager [2013/03/22 22:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth ========== Files - Modified Within 30 Days ========== [2013/04/15 21:59:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D8494A2B-1A55-47E3-B87C-F9D35C4482B9}.job [2013/04/15 21:56:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/04/15 21:56:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/15 19:58:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/12 17:55:59 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/04/12 17:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/04/11 19:44:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/04/11 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2013/04/10 21:37:35 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe [2013/04/10 12:30:23 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/04/10 12:04:24 | 000,717,654 | ---- | M] () -- C:\Documents and Settings\User\My Documents\lindsey4.bmp [2013/04/10 11:46:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9 [2013/04/09 18:11:01 | 000,248,192 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid [2013/04/06 11:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/04/01 22:57:57 | 001,096,864 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-343818398-682003330-1004-0.dat [2013/04/01 22:57:57 | 000,248,242 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2013/04/01 22:31:43 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk [2013/03/22 22:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth [2013/03/19 06:17:34 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk [2013/03/17 19:55:37 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\User\Application Data\skype.ini [2013/03/17 19:46:50 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\User\Application Data\$h.bat ========== Files Created - No Company Name ========== [2013/04/10 21:37:39 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe [2013/04/10 12:48:56 | 000,717,654 | ---- | C] () -- C:\Documents and Settings\User\My Documents\lindsey4.bmp [2013/03/17 19:14:47 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\skype.ini [2013/03/17 19:09:48 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\User\Application Data\$h.bat [2013/02/05 23:49:45 | 000,108,300 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zobqawocqbjogdl [2013/01/13 12:46:50 | 000,003,550 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\6o4v7yr6ikfw18072u [2013/01/13 12:46:50 | 000,003,550 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u [2013/01/12 15:19:06 | 000,000,439 | ---- | C] () -- C:\Program Files\0112201314190610.bat [2013/01/09 21:27:26 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/01/09 21:27:09 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2012/11/30 18:03:06 | 000,056,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/10/06 22:44:34 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4e0b82c3.pad [2012/04/27 19:43:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\spwdra.INI [2012/04/06 20:10:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/04/06 19:44:43 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\User\Application Data\0DADA0.dat [2012/02/14 19:06:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/15 16:09:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012/01/06 00:05:33 | 001,096,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-343818398-682003330-1004-0.dat [2012/01/06 00:05:29 | 000,248,242 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/01/05 20:07:24 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2011/12/11 21:52:29 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/12/11 21:52:29 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/12/11 21:52:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011/12/11 21:52:11 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/12/03 14:00:28 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~TZgq6iowFS4dXh [2011/12/03 14:00:28 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~TZgq6iowFS4dXhr [2011/12/03 13:50:23 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TZgq6iowFS4dXh [2011/11/12 00:05:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2011/11/12 00:05:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2010/01/29 17:41:58 | 000,019,517 | ---- | C] () -- C:\WINDOWS\hpqins13.dat [2009/10/31 22:53:03 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/08 21:42:39 | 000,001,230 | ---- | C] () -- C:\WINDOWS\checkip.dat [2009/09/04 12:27:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2009/09/03 20:57:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Ÿ9Ÿ9 [2009/09/03 07:00:51 | 000,004,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2009/09/03 07:00:29 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2009/09/03 07:00:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009/09/03 07:00:00 | 000,023,629 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009/09/03 07:00:00 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009/09/03 06:52:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/09/03 06:49:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/09/03 02:23:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/09/03 02:21:56 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/09/02 22:25:51 | 000,166,716 | ---- | C] () -- C:\WINDOWS\hpoins31.dat [2009/09/02 22:25:51 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat [2009/01/21 12:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009/01/21 12:08:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2009/01/21 12:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009/01/21 12:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2009/01/21 12:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009/01/21 12:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009/01/21 12:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2009/01/21 12:08:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/14 08:00:00 | 000,472,894 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/14 08:00:00 | 000,075,988 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2013/04/07 13:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BabSolution [2013/04/07 13:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Babylon [2012/03/04 11:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Catalina Marketing Corp [2011/10/04 11:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013/04/07 13:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Delta [2010/02/06 23:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook [2009/09/03 22:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HotSync [2009/09/03 22:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech [2012/11/13 23:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oberon Media [2013/04/15 22:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Open Download Manager [2012/06/27 18:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong [2013/04/07 13:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ReadingFanatic_6x [2012/01/07 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ShopAtHomeToolbar [2011/12/17 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop [2010/04/03 14:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WeatherBug [2013/04/11 20:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Yontoo [2013/03/16 17:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/04/07 13:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2013/04/07 13:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect [2013/02/05 23:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ckdvprqzusajtmx [2012/04/06 19:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D562C8000083BB6A47CF24D151FC84 [2012/11/16 18:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar [2010/01/14 17:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii [2013/04/11 20:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2009/09/03 22:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync [2012/05/09 08:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games [2010/06/13 19:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2012/11/13 23:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media [2009/11/02 22:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pixela [2011/11/12 00:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games [2011/12/31 15:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2013/04/07 13:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2012/11/15 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/01/15 16:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2011/11/12 13:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2011/12/29 17:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2013/04/11 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job [2013/04/15 21:59:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8494A2B-1A55-47E3-B87C-F9D35C4482B9}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA4982C6 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9A60C8F @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F4A0A6B @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F4A7B6A @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 < End of report >
  10. OK. I'll try to get the CD burned and, hopefully, the OTL.txt log created and back to you tomorrow. Unfortunately I will be leaving to go out of town for work tomorrow evening and won't return until Friday evening. Can we leave this topic open until then so we can continue working this weekend?
  11. I've just discovered that the laptop I'm using to troubleshoot (it's my computer issued by my employer) is locked out (I need administrator rights to be able to download anything). I'll need to get another computer. It will probably be tomorrow until I can get my daughter's laptop. Are there specific times during which I can reach you?
  12. Hello Gringo, I think you have helped me in the past with other issues. Good to see you're still helping out! Sorry I took so long to get back with you but I am here for the evening today. So when I use F8 to get to the Advanced Options I do not have a "repair your computer" item. I have the following: - Safe Mode - Safe Mode w/Networking - Safe Mode w/command prompt - Enable boot logging - Enable VGA mode - Last know good config - Directory Services Restore Mode - Debugging Mode - Disable Auto restart - Start Windows normally - Reboot - Return to OS choices Where do I go from here?
  13. My computer has been hijacked with the FBI virus. It won't allow me to start-up in any of the safe modes (cursor, with or without internet). I tried disconnnecting it from the internet with no change. It is a 32-bit machine. I need help to get on the computer and eliminate the virus. I have another computer that I can I can use to access this forum, the internet, etc. Thanks in advance!
  14. I have the FBI Moneypak virus. I cannot start up my computer in safe mode. I could use some help in eliminating this virus.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.