Gryn
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Gryn
-
-
Gringo,
I cleaned up the start-up files and ran the ESET scan. It found 12 threats.
Below is the log:
C:\Program Files\OpenDownloaderManager\DeltaTB.exe a variant of Win32/Toolbar.Babylon.A application
C:\Program Files\OpenDownloaderManager\fftsetup.exe multiple threats
C:\Program Files\RealArcade\Installer\GameHouse-Installer_am-bejeweledr3_gamehouse_.exe Win32/OpenCandy application
C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP1\A0000037.dll a variant of Win32/bProtector.A application
C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP4\A0001080.exe a variant of Win32/bProtector.A application
C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001104.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001110.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001113.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001122.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP7\A0001133.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\System Volume Information\_restore{506A87B1-8CB0-470F-8D38-53C3CC3F5380}\RP8\A0001141.exe a variant of Win32/bProtector.A application
C:\_OTL\MovedFiles\04202013_105248\C_Documents and Settings\All Users\Application Data\MigAutoPlay.exe a variant of Win32/Injector.AFBU trojan
-
Gringo,
I thought I posted a reply awile ago but do not see the update so I am posting again.
I was able to complete the list of items from your last post.
The computer seems to be functioning normally. Everything I have tried has worked.
Below are the logs you requested:
Malwarebytes Anti-Malware 1.75.0.1300
Database version: v2013.04.22.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-72FB034A10 [administrator]
4/22/2013 8:19:51 PM
mbam-log-2013-04-22 (20-19-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239935
Time elapsed: 4 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:29:24 PM, on 4/22/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OpenDownloaderManager\odm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Open Download Manager] C:\Program Files\OpenDownloaderManager\odm.exe -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2025429265-343818398-682003330-1005\..\Run: [firedogadvisor] C:\Program Files\firedog advisor\faAgnt.exe /startup (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download all with Open Download Manager - file://C:\Program Files\OpenDownloaderManager\dlall.htm
O8 - Extra context menu item: Download selected with Open Download Manager - file://C:\Program Files\OpenDownloaderManager\dlselected.htm
O8 - Extra context menu item: Download video with Open Download Manager - file://C:\Program Files\OpenDownloaderManager\dlfvideo.htm
O8 - Extra context menu item: Download with Open Download Manager - file://C:\Program Files\OpenDownloaderManager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251932999515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354297280500
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GamesAppService - Unknown owner - C:\Program Files\WildTangent Games\App\GamesAppService.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: RoxMediaDBVHS - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9368 bytes
-
Gringo,
Here is the report:
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
American Greetings CreataCard Select 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BrowserProtect
BufferChm
C6300
C6300_Help
Cards_Calendar_OrderGift_DoMorePlugout
Coupon Printer for Windows
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DirectX 9 Runtime
DocProc
DocProcQFolder
ESET Online Scanner v3
eSupportQFolder
Facebook Plug-In
FLV Player 2.0 (build 25)
FrostWire 5.2.11
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
ImageMixer 3 SE Ver.4 Transfer Utility
ImageMixer 3 SE Ver.4 Video Tools
iTunes
Java Auto Updater
Java 6 Update 29
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works 6-9 Converter
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer Utility Ver.1
Musicnotes Software Suite 1.4.6
Network
NVIDIA Control Panel 285.58
NVIDIA Drivers
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA Update 1.5.20
NVIDIA Update Components
OCR Software by I.R.I.S. 11.0
Open Downloader Manager
palmOne
PanoStandAlone
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PSSWCORE
QuickTime
Quizulous
ReadingFanatic Toolbar
Realtek High Definition Audio Driver
Roxio CinePlayer Decoder Pack
Roxio Easy VHS to DVD
Roxio Express Labeler
Roxio Video Capture USB
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Sibelius Scorch (ActiveX Only)
SolutionCenter
Status
Stellar Phoenix Windows Data Recovery
thinkorswim
Toolbox
TrayApp
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmiiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmiiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmiiper
TurboTax 2012 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
-
Gringo,
Finished that last script.
Computer seems to be functioning normally. I can access and open my files, get on the internet, print, etc. I haven't seen anything abnormal.
Following is the log:
ComboFix 13-04-20.02 - User 04/20/2013 17:30:47.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1391 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 )))))))))))))))))))))))))))))))
.
.
2013-04-20 17:14 . 2013-04-20 17:14 83 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-20 14:55 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2013-04-20 14:52 . 2013-04-20 14:52 -------- d-----w- C:\_OTL
2013-04-20 14:11 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9ED3A2C1-165F-4724-B95F-A45E8ADE7395}\mpengine.dll
2013-04-14 17:47 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-12 00:03 . 2013-04-12 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-04-11 01:56 . 2013-04-11 23:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-07 17:29 . 2013-04-07 17:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\IAC
2013-04-07 17:29 . 2013-04-07 17:29 -------- d-----w- c:\documents and settings\User\Application Data\ReadingFanatic_6x
2013-04-07 17:28 . 2013-04-07 17:29 -------- d-----w- c:\program files\ReadingFanatic_6x
2013-04-07 17:24 . 2013-04-20 21:33 -------- d-----w- c:\documents and settings\User\Application Data\Open Download Manager
2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\windows\system32\searchplugins
2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\windows\system32\Extensions
2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\BrowserProtect
2013-04-07 17:23 . 2013-04-07 17:24 -------- d-----w- c:\program files\OpenDownloaderManager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-09 22:11 . 2012-02-05 16:58 248192 ----a-r- c:\windows\system32\cpnprt2.cid
2013-03-17 23:46 . 2013-03-17 23:09 283 ----a-w- c:\documents and settings\User\Application Data\$h.bat
2013-01-12 19:19 . 2013-01-12 19:19 439 ----a-w- c:\program files\0112201314190610.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Open Download Manager"="c:\program files\OpenDownloaderManager\odm.exe" [2013-02-20 6369280]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"ReadingFanatic Search Scope Monitor"="c:\progra~1\READIN~2\bar\1.bin\6xsrchmn.exe" [2013-04-07 42536]
"ReadingFanatic_6x Browser Plugin Loader"="c:\progra~1\READIN~2\bar\1.bin\6xbrmon.exe" [2013-04-07 30096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
.
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
S2 ReadingFanatic_6xService;ReadingFanaticService;c:\progra~1\READIN~2\bar\1.bin\6xbarsvc.exe [4/7/2013 1:28 PM 42504]
S3 GamesAppService;GamesAppService;"c:\program files\WildTangent Games\App\GamesAppService.exe" --> c:\program files\WildTangent Games\App\GamesAppService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/10/2013 9:56 PM 40776]
S3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2/19/2010 7:44 AM 1116656]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wg4n
Appn
TdmService
ceepwrsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 11:27 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:17]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:17]
.
2013-04-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2013-04-20 c:\windows\Tasks\User_Feed_Synchronization-{D8494A2B-1A55-47E3-B87C-F9D35C4482B9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.net/
uInternet Settings,ProxyOverride = *.local
IE: Download all with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - file://c:\program files\OpenDownloaderManager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: care.com\www
Trusted Zone: sittercity.com\www
TCP: DhcpNameServer = 64.233.217.2 64.233.217.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-20 17:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(288)
c:\windows\system32\WININET.dll
c:\progra~1\READIN~2\bar\1.bin\6xbrstub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-04-20 17:35:33
ComboFix-quarantined-files.txt 2013-04-20 21:35
ComboFix2.txt 2013-04-20 20:01
.
Pre-Run: 124,915,744,768 bytes free
Post-Run: 124,917,395,456 bytes free
.
- - End Of File - - B9319E062B6FB7148C49B475CE850BD1
-
Gringo,
None of the 3 links you provided worked but I was able to go to bleepingcomputer.com, find ComboFix, and run it.
Computer performance is still OK.
Below is the log:
ComboFix 13-04-20.02 - User 04/20/2013 15:51:05.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1463 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\4e0b82c3.pad
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\User\Application Data\0DADA0.dat
c:\documents and settings\User\Application Data\skype.ini
c:\windows\$NtUninstallKB17627$
c:\windows\$NtUninstallKB17627$\3778175007
c:\windows\$NtUninstallKB17627$\381702683\@
c:\windows\$NtUninstallKB17627$\381702683\cfg.ini
c:\windows\$NtUninstallKB17627$\381702683\Desktop.ini
c:\windows\$NtUninstallKB17627$\381702683\L\kqknkasx
c:\windows\$NtUninstallKB17627$\381702683\U\00000001.@
c:\windows\$NtUninstallKB17627$\381702683\U\00000002.@
c:\windows\$NtUninstallKB17627$\381702683\U\00000004.@
c:\windows\$NtUninstallKB17627$\381702683\U\80000000.@
c:\windows\$NtUninstallKB17627$\381702683\U\80000004.@
c:\windows\$NtUninstallKB17627$\381702683\U\80000032.@
c:\windows\$NtUninstallKB17627$\381702683\version
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 )))))))))))))))))))))))))))))))
.
.
2013-04-20 17:14 . 2013-04-20 17:14 83 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-20 14:55 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2013-04-20 14:52 . 2013-04-20 14:52 -------- d-----w- C:\_OTL
2013-04-20 14:11 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9ED3A2C1-165F-4724-B95F-A45E8ADE7395}\mpengine.dll
2013-04-14 17:47 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-12 00:03 . 2013-04-12 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-04-11 01:56 . 2013-04-11 23:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-07 17:29 . 2013-04-07 17:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\IAC
2013-04-07 17:29 . 2013-04-07 17:29 -------- d-----w- c:\documents and settings\User\Application Data\ReadingFanatic_6x
2013-04-07 17:28 . 2013-04-07 17:29 -------- d-----w- c:\program files\ReadingFanatic_6x
2013-04-07 17:24 . 2013-04-20 17:12 -------- d-----w- c:\documents and settings\User\Application Data\Open Download Manager
2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\windows\system32\searchplugins
2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\windows\system32\Extensions
2013-04-07 17:24 . 2013-04-07 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\BrowserProtect
2013-04-07 17:23 . 2013-04-07 17:24 -------- d-----w- c:\program files\OpenDownloaderManager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-09 22:11 . 2012-02-05 16:58 248192 ----a-r- c:\windows\system32\cpnprt2.cid
2013-03-17 23:46 . 2013-03-17 23:09 283 ----a-w- c:\documents and settings\User\Application Data\$h.bat
2013-01-12 19:19 . 2013-01-12 19:19 439 ----a-w- c:\program files\0112201314190610.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Open Download Manager"="c:\program files\OpenDownloaderManager\odm.exe" [2013-02-20 6369280]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"ReadingFanatic Search Scope Monitor"="c:\progra~1\READIN~2\bar\1.bin\6xsrchmn.exe" [2013-04-07 42536]
"ReadingFanatic_6x Browser Plugin Loader"="c:\progra~1\READIN~2\bar\1.bin\6xbrmon.exe" [2013-04-07 30096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
.
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
S2 ReadingFanatic_6xService;ReadingFanaticService;c:\progra~1\READIN~2\bar\1.bin\6xbarsvc.exe [4/7/2013 1:28 PM 42504]
S3 GamesAppService;GamesAppService;"c:\program files\WildTangent Games\App\GamesAppService.exe" --> c:\program files\WildTangent Games\App\GamesAppService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/10/2013 9:56 PM 40776]
S3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2/19/2010 7:44 AM 1116656]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wg4n
Appn
TdmService
ceepwrsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 11:27 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:17]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:17]
.
2013-04-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2013-04-20 c:\windows\Tasks\User_Feed_Synchronization-{D8494A2B-1A55-47E3-B87C-F9D35C4482B9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.net/
uInternet Settings,ProxyOverride = *.local
IE: Download all with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - file://c:\program files\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - file://c:\program files\OpenDownloaderManager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: care.com\www
Trusted Zone: sittercity.com\www
TCP: DhcpNameServer = 64.233.217.2 64.233.217.3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\SmileBox_EN\prxtbSmi2.dll
BHO-{f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\SmileBox_EN\prxtbSmi2.dll
Toolbar-{f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\SmileBox_EN\prxtbSmi2.dll
WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - c:\program files\SmileBox_EN\prxtbSmi2.dll
HKCU-Run-SearchEngineProtection - c:\program files\Gamesbar\SearchEngineProtection.exe
HKCU-Run-Yontoo Desktop - c:\documents and settings\User\Application Data\Yontoo\YontooDesktop.exe
HKLM-Run-MigAutoPlay - c:\documents and settings\All Users\Application Data\MigAutoPlay.exe
AddRemove-Bejeweled 3 - c:\program files\iWin.com\Bejeweled 3\Uninstall.exe
AddRemove-delta - c:\program files\Delta\delta\1.8.10.0\GUninstaller.exe
AddRemove-Delta Chrome Toolbar - c:\documents and settings\User\Application Data\BabSolution\Shared\GUninstaller.exe
AddRemove-GamesBar - c:\program files\GamesBar\uninst.exe
AddRemove-WT066036 - c:\program files\WildGames\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT069980 - c:\program files\WildGames\The Hidden Object Game Show\Uninstall.exe
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files\WildTangent Games\App\Uninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-20 15:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(960)
c:\windows\system32\WININET.dll
c:\progra~1\READIN~2\bar\1.bin\6xbrstub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-04-20 16:01:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-20 20:01
.
Pre-Run: 124,437,864,448 bytes free
Post-Run: 124,934,225,920 bytes free
.
- - End Of File - - 016D227D8CD98DB535F45E7280102F29
-
Gringo,
I was able to download AdwCleaner but not able to run it completely. It stalled about 1/4 of the way through deleting.
I am not able to download RogueKiller. When I click on the link you sent it takes me to Tigzy's website. When I click on Tools/RogueKiller nothing happens.
-
Gringo,
I'm back from out-of-town now.
I ran the OTL script.
It disabled the FBI virus so that my infected machine was able to boot-up and I am able to access programs now (I am responding to you now on that machine).
Below is the OTL log you requested:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MigAutoPlay deleted successfully.
C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\6o4v7yr6ikfw18072u moved successfully.
C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u moved successfully.
C:\Documents and Settings\All Users\Application Data\1.bmp moved successfully.
C:\Documents and Settings\All Users\Application Data\1.jpg moved successfully.
C:\Documents and Settings\All Users\Application Data\~TZgq6iowFS4dXh moved successfully.
C:\Documents and Settings\All Users\Application Data\~TZgq6iowFS4dXhr moved successfully.
C:\Documents and Settings\All Users\Application Data\TZgq6iowFS4dXh moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptyjava]> in the current context!
[EMPTYFLASH]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 3787692 bytes
->Temporary Internet Files folder emptied: 765095728 bytes
->Flash cache emptied: 8092 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: User
->Temp folder emptied: 4452884412 bytes
->Temporary Internet Files folder emptied: 76489797 bytes
->Java cache emptied: 2707743 bytes
->Flash cache emptied: 56487 bytes
Total Flash Files Cleaned = 5,056.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 04202013_105248
-
Gringo,
Good news. I was able to successfully download and run the REALTOGO software on the infected machines.
I will only be around until 6:00 today and then not again until this weekend.
I will contact you then.
Following is the OTL log you requested:
OTL logfile created on: 4/16/2013 4:39:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 111.08 Gb Free Space | 47.70% Space Free | Partition Type: NTFS
Drive D: | 141.72 Gb Total Space | 99.29 Gb Free Space | 70.06% Space Free | Partition Type: NTFS
Drive G: | 7.30 Gb Total Space | 2.26 Gb Free Space | 31.00% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (Yontoo Desktop Updater)
SRV - File not found [Auto] -- -- (wg4n)
SRV - File not found [Auto] -- -- (TdmService)
SRV - File not found [On_Demand] -- -- (GamesAppService)
SRV - File not found [Auto] -- -- (ceepwrsvc)
SRV - File not found [Auto] -- -- (Appn)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/04/07 13:28:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbarsvc.exe -- (ReadingFanatic_6xService)
SRV - [2013/04/05 06:57:04 | 002,569,168 | ---- | M] () [Auto] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/10/08 00:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/02/19 07:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/04/11 19:44:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/19 17:59:52 | 000,533,752 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009/06/19 17:58:56 | 000,572,280 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/11/25 04:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/18 06:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/07/31 23:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/07/31 23:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/14 14:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://portal.wowway.net/
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/
IE - HKU\User_ON_C\..\URLSearchHook: {421fb3de-4b9f-48e5-abf1-f96f8aaca70a} - Reg Error: Key error. File not found
IE - HKU\User_ON_C\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - File not found
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.6: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Program Files\Musicnotes\NPSibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/09/02 22:49:25 | 000,000,000 | ---D | M]
[2013/04/07 13:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {2d948797-8fe3-4508-9b6f-4bf349a9ea34} - C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll (MindSpark)
O2 - BHO: (ShopAtHome.com Toolbar) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Toolbar BHO) - {f149b372-5830-4d88-b8f6-2853d12c1af5} - C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - File not found
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (ReadingFanatic) - {b36151d1-7770-4480-87e4-f89fb54e173d} - C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - File not found
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - File not found
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (ReadingFanatic) - {B36151D1-7770-4480-87E4-F89FB54E173D} - C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbar.dll (MindSpark)
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MigAutoPlay] C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [ReadingFanatic Search Scope Monitor] C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [ReadingFanatic_6x Browser Plugin Loader] C:\Program Files\ReadingFanatic_6x\bar\1.bin\6xbrmon.exe (VER_COMPANY_NAME)
O4 - HKU\UpdatusUser_ON_C..\Run: [firedogadvisor] File not found
O4 - HKU\User_ON_C..\Run: [Open Download Manager] C:\Program Files\OpenDownloaderManager\odm.exe (OpenDownloadManager.com)
O4 - HKU\User_ON_C..\Run: [searchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\User_ON_C..\Run: [Yontoo Desktop] C:\Documents and Settings\User\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251932999515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354297280500 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.2 64.233.217.3
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/03 06:51:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/10 15:17:10 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/04/11 20:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/04/10 21:56:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/07 13:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ReadingFanatic_6x
[2013/04/07 13:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\IAC
[2013/04/07 13:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\ReadingFanatic_6x
[2013/04/07 13:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Delta
[2013/04/07 13:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Open Download Manager
[2013/04/07 13:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\OpenDownloaderManager
[2013/04/07 13:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2013/04/07 13:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2013/04/07 13:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\BrowserProtect
[2013/04/07 13:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/04/07 13:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yontoo
[2013/04/07 13:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/04/07 13:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2013/04/07 13:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\BabSolution
[2013/04/07 13:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/04/07 13:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/07 13:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Babylon
[2013/04/07 13:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/04/07 13:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDownloaderManager
[2013/03/22 22:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
========== Files - Modified Within 30 Days ==========
[2013/04/15 21:59:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D8494A2B-1A55-47E3-B87C-F9D35C4482B9}.job
[2013/04/15 21:56:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/15 21:56:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/15 19:58:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/12 17:55:59 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/12 17:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/11 19:44:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/11 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2013/04/10 21:37:35 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe
[2013/04/10 12:30:23 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/10 12:04:24 | 000,717,654 | ---- | M] () -- C:\Documents and Settings\User\My Documents\lindsey4.bmp
[2013/04/10 11:46:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9
[2013/04/09 18:11:01 | 000,248,192 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2013/04/06 11:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/01 22:57:57 | 001,096,864 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-343818398-682003330-1004-0.dat
[2013/04/01 22:57:57 | 000,248,242 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/04/01 22:31:43 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2013/03/22 22:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/19 06:17:34 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2013/03/17 19:55:37 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\User\Application Data\skype.ini
[2013/03/17 19:46:50 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\User\Application Data\$h.bat
========== Files Created - No Company Name ==========
[2013/04/10 21:37:39 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe
[2013/04/10 12:48:56 | 000,717,654 | ---- | C] () -- C:\Documents and Settings\User\My Documents\lindsey4.bmp
[2013/03/17 19:14:47 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\skype.ini
[2013/03/17 19:09:48 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\User\Application Data\$h.bat
[2013/02/05 23:49:45 | 000,108,300 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zobqawocqbjogdl
[2013/01/13 12:46:50 | 000,003,550 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\6o4v7yr6ikfw18072u
[2013/01/13 12:46:50 | 000,003,550 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
[2013/01/12 15:19:06 | 000,000,439 | ---- | C] () -- C:\Program Files\0112201314190610.bat
[2013/01/09 21:27:26 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/01/09 21:27:09 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/11/30 18:03:06 | 000,056,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/06 22:44:34 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4e0b82c3.pad
[2012/04/27 19:43:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\spwdra.INI
[2012/04/06 20:10:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/06 19:44:43 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\User\Application Data\0DADA0.dat
[2012/02/14 19:06:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/15 16:09:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012/01/06 00:05:33 | 001,096,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-343818398-682003330-1004-0.dat
[2012/01/06 00:05:29 | 000,248,242 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/05 20:07:24 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/11 21:52:29 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/11 21:52:29 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/11 21:52:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/11 21:52:11 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/03 14:00:28 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~TZgq6iowFS4dXh
[2011/12/03 14:00:28 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~TZgq6iowFS4dXhr
[2011/12/03 13:50:23 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TZgq6iowFS4dXh
[2011/11/12 00:05:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/11/12 00:05:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/01/29 17:41:58 | 000,019,517 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/10/31 22:53:03 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/08 21:42:39 | 000,001,230 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/09/04 12:27:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/09/03 20:57:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Ÿ9Ÿ9
[2009/09/03 07:00:51 | 000,004,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/09/03 07:00:29 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/09/03 07:00:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/09/03 07:00:00 | 000,023,629 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/03 07:00:00 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/09/03 06:52:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/03 06:49:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/03 02:23:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/03 02:21:56 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/02 22:25:51 | 000,166,716 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
[2009/09/02 22:25:51 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
[2009/01/21 12:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/21 12:08:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/01/21 12:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/21 12:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/01/21 12:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/21 12:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/21 12:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/01/21 12:08:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,472,894 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,075,988 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2013/04/07 13:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BabSolution
[2013/04/07 13:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Babylon
[2012/03/04 11:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Catalina Marketing Corp
[2011/10/04 11:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/04/07 13:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Delta
[2010/02/06 23:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook
[2009/09/03 22:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HotSync
[2009/09/03 22:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2012/11/13 23:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oberon Media
[2013/04/15 22:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Open Download Manager
[2012/06/27 18:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2013/04/07 13:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ReadingFanatic_6x
[2012/01/07 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ShopAtHomeToolbar
[2011/12/17 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop
[2010/04/03 14:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WeatherBug
[2013/04/11 20:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Yontoo
[2013/03/16 17:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/04/07 13:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/04/07 13:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2013/02/05 23:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ckdvprqzusajtmx
[2012/04/06 19:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D562C8000083BB6A47CF24D151FC84
[2012/11/16 18:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar
[2010/01/14 17:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2013/04/11 20:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/09/03 22:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2012/05/09 08:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/06/13 19:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2012/11/13 23:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/11/02 22:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pixela
[2011/11/12 00:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/12/31 15:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2013/04/07 13:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/11/15 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/15 16:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/11/12 13:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/12/29 17:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/04/11 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2013/04/15 21:59:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8494A2B-1A55-47E3-B87C-F9D35C4482B9}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA4982C6
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9A60C8F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F4A0A6B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F4A7B6A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
-
OK. I'll try to get the CD burned and, hopefully, the OTL.txt log created and back to you tomorrow.
Unfortunately I will be leaving to go out of town for work tomorrow evening and won't return until Friday evening.
Can we leave this topic open until then so we can continue working this weekend?
-
I've just discovered that the laptop I'm using to troubleshoot (it's my computer issued by my employer) is locked out (I need administrator rights to be able to download anything). I'll need to get another computer. It will probably be tomorrow until I can get my daughter's laptop.
Are there specific times during which I can reach you?
-
It's windows XP.
-
Hello Gringo,
I think you have helped me in the past with other issues. Good to see you're still helping out!
Sorry I took so long to get back with you but I am here for the evening today.
So when I use F8 to get to the Advanced Options I do not have a "repair your computer" item.
I have the following:
- Safe Mode
- Safe Mode w/Networking
- Safe Mode w/command prompt
- Enable boot logging
- Enable VGA mode
- Last know good config
- Directory Services Restore Mode
- Debugging Mode
- Disable Auto restart
- Start Windows normally
- Reboot
- Return to OS choices
Where do I go from here?
-
My computer has been hijacked with the FBI virus.
It won't allow me to start-up in any of the safe modes (cursor, with or without internet).
I tried disconnnecting it from the internet with no change.
It is a 32-bit machine.
I need help to get on the computer and eliminate the virus.
I have another computer that I can I can use to access this forum, the internet, etc.
Thanks in advance!
-
I have the FBI Moneypak virus. I cannot start up my computer in safe mode. I could use some help in eliminating this virus.
Hijacked with FBI virus
in Resolved Malware Removal Logs
Posted
Gringo,
I finished with deleting the remaining files and then removing the programs as requested.
The computer continues to function normally.
It appears all is good now.
Thank you very much for your help and your patience! I am very happy with your help and will make a donation.
Gryn