lpmu81

Sorry for the delayed response - I got tied up with some other projects and needed some extra time. I will be away for the next week, so this is my last post until that time. Here is the log from MBAM, then Hijackthis: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.27.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 new user :: D1LZ9PB1 [administrator] 4/27/2013 8:47:08 AM MBAM-log-2013-04-27 (14-57-35).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 305102 Time elapsed: 4 hour(s), 44 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\_OTL\MovedFiles\04182013_192953\C_Documents and Settings\All Users\Application Data\SystemRoot.exe (Spyware.Zeus) -> No action taken. (end) Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:09:54 PM, on 4/27/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\windows\system32\mfevtps.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\windows\system32\svchost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\windows\system32\rundll32.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\windows\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\AML Products\Registry Cleaner\regclean.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\windows\system32\ctfmon.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\new user\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120630150751.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [iPodVideoConverter_upgrade] "C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" /upgrade O4 - HKLM\..\Run: [AML Registry Cleaner] C:\Program Files\AML Products\Registry Cleaner\regclean.exe /min O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9745 bytes

Here is the file: Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.02) AML Free Registry Cleaner 4.24 Broadcom Advanced Control Suite Digital Voice Editor 3 Easy Duplicate Finder v. 2.2.4 Efficient Networks SpeedStream DSL EPSON NX410 Series Printer Uninstall EPSON Scan Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver J2SE Runtime Environment 5.0 Update 6 Java Auto Updater Java 6 Update 26 Logitech Webcam Software Logitech Webcam Software Driver Package Malwarebytes Anti-Malware version 1.65.1.1000 McAfee Total Protection Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 MSXML 6 Service Pack 2 (KB973686) Nero OEM PowerDVD 5.7 Quicken 2006 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219-v2) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135-v2) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Shared C Run-time for x86 Skype Click to Call Skype™ 6.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WD SmartWare WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows XP Service Pack 3 Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar

I re-ran ComboFix with the additional script. Here is the log: ComboFix 13-04-23.02 - new user 04/23/2013 7:32.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.234 [GMT -4:00] Running from: c:\documents and settings\new user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\new user\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 ))))))))))))))))))))))))))))))) . . 2013-04-21 11:06 . 2013-04-21 11:06 -------- d-----w- c:\documents and settings\new user\Local Settings\Application Data\Adobe 2013-04-18 23:29 . 2013-04-18 23:29 -------- d-----w- C:\_OTL 2013-04-17 11:12 . 2013-04-17 11:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-04-17 10:38 . 2013-04-17 10:38 -------- d-----w- c:\documents and settings\new user\Application Data\InstallShield 2013-04-13 15:59 . 2002-11-29 01:23 39048 ----a-w- c:\windows\system32\drivers\IcdUsb2.sys 2013-04-13 15:59 . 2002-06-24 18:50 122880 ------w- c:\windows\system32\trc.dll 2013-04-13 15:59 . 2001-10-31 17:20 26409 ----a-w- c:\windows\system32\drivers\Icdusb.sys 2013-04-13 15:52 . 2008-04-14 00:11 14336 ----a-w- c:\windows\system32\dllcache\msdmo.dll 2013-04-13 15:51 . 2008-04-13 18:39 4352 ----a-w- c:\windows\system32\drivers\swenum.sys 2013-04-13 15:50 . 2008-04-14 00:11 212480 ----a-w- c:\windows\system32\dpvoice.dll 2013-04-13 15:49 . 2002-12-12 04:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe 2013-04-13 15:47 . 2008-11-22 05:47 94208 ------w- c:\windows\system32\IcdCdda.dll 2013-04-13 15:47 . 2008-11-03 18:17 65536 ------w- c:\windows\system32\ICDUSB3.dll 2013-04-13 15:47 . 2008-07-31 21:36 73728 ------w- c:\windows\system32\ICDUSB.dll 2013-04-13 15:47 . 2008-07-31 21:32 73728 ------w- c:\windows\system32\ICDUSB2.dll 2013-04-13 15:45 . 2013-04-13 16:01 -------- d-----w- c:\program files\Sony . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-11-26 1525088] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-21 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2009-12-29 503808] "AML Registry Cleaner"="c:\program files\AML Products\Registry Cleaner\regclean.exe" [2012-07-31 567512] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot "53:UDP"= 53:UDP:Realtek AP UDP Prot . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/17/2011 7:59 PM 91168] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2011 7:59 PM 167784] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2011 7:59 PM 167784] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2011 7:59 PM 167784] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/17/2011 7:59 PM 168368] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/17/2011 7:41 PM 166320] R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/8/2010 12:40 PM 237568] R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [11/8/2010 12:43 PM 1060352] R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [11/8/2010 12:43 PM 484352] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/17/2011 7:59 PM 60480] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/17/2011 7:59 PM 360792] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 3:26 PM 3289208] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 12:21 PM 160944] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [12/3/2012 4:04 PM 146872] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/17/2013 7:12 AM 40776] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/17/2011 7:59 PM 92192] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/6/2011 9:52 AM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 14:24] . 2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 14:24] . 2013-04-20 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-01-18 03:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell.com TCP: DhcpNameServer = 74.40.74.40 74.40.74.41 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-23 07:41 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,0a,e9,5d,cf,b7,cd,4b,bd,75,57,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,0a,e9,5d,cf,b7,cd,4b,bd,75,57,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1048) c:\windows\system32\igfxdev.dll . - - - - - - - > 'winlogon.exe'(2672) c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(5968) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . - - - - - - - > 'explorer.exe'(1504) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2013-04-23 07:44:52 ComboFix-quarantined-files.txt 2013-04-23 11:44 ComboFix2.txt 2013-04-20 17:57 . Pre-Run: 289,066,655,744 bytes free Post-Run: 289,024,364,544 bytes free . - - End Of File - - 8A4EE1532B9DCAA8AB30F776F4ADD32C

Here is the log from ComboFix: ComboFix 13-04-19.01 - new user 04/20/2013 12:16:35.1.2 - x86 Running from: c:\documents and settings\new user\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\b2fh8270h3_o\us_sres.data c:\windows\system32\AegisI5Installer.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\TEMP\logishrd\LVPrcInj01.dll . . ((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 ))))))))))))))))))))))))))))))) . . 2013-04-18 23:29 . 2013-04-18 23:29 -------- d-----w- C:\_OTL 2013-04-17 11:12 . 2013-04-17 11:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-04-17 10:38 . 2013-04-17 10:38 -------- d-----w- c:\documents and settings\new user\Application Data\InstallShield 2013-04-13 15:59 . 2002-11-29 01:23 39048 ----a-w- c:\windows\system32\drivers\IcdUsb2.sys 2013-04-13 15:59 . 2002-06-24 18:50 122880 ------w- c:\windows\system32\trc.dll 2013-04-13 15:59 . 2001-10-31 17:20 26409 ----a-w- c:\windows\system32\drivers\Icdusb.sys 2013-04-13 15:52 . 2008-04-14 00:11 14336 ----a-w- c:\windows\system32\dllcache\msdmo.dll 2013-04-13 15:51 . 2008-04-13 18:39 4352 ----a-w- c:\windows\system32\drivers\swenum.sys 2013-04-13 15:50 . 2008-04-14 00:11 212480 ----a-w- c:\windows\system32\dpvoice.dll 2013-04-13 15:49 . 2002-12-12 04:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe 2013-04-13 15:47 . 2008-11-22 05:47 94208 ------w- c:\windows\system32\IcdCdda.dll 2013-04-13 15:47 . 2008-11-03 18:17 65536 ------w- c:\windows\system32\ICDUSB3.dll 2013-04-13 15:47 . 2008-07-31 21:36 73728 ------w- c:\windows\system32\ICDUSB.dll 2013-04-13 15:47 . 2008-07-31 21:32 73728 ------w- c:\windows\system32\ICDUSB2.dll 2013-04-13 15:45 . 2013-04-13 16:01 -------- d-----w- c:\program files\Sony . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-11-26 1525088] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-21 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2009-12-29 503808] "AML Registry Cleaner"="c:\program files\AML Products\Registry Cleaner\regclean.exe" [2012-07-31 567512] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot "53:UDP"= 53:UDP:Realtek AP UDP Prot . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/17/2011 7:59 PM 91168] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2011 7:59 PM 167784] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2011 7:59 PM 167784] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2011 7:59 PM 167784] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/17/2011 7:59 PM 168368] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/17/2011 7:41 PM 166320] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 3:26 PM 3289208] R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/8/2010 12:40 PM 237568] R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [11/8/2010 12:43 PM 1060352] R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [11/8/2010 12:43 PM 484352] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/17/2011 7:59 PM 60480] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/17/2011 7:59 PM 360792] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 12:21 PM 160944] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [12/3/2012 4:04 PM 146872] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/17/2013 7:12 AM 40776] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/17/2011 7:59 PM 92192] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/6/2011 9:52 AM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 14:24] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 14:24] . 2013-04-20 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-01-18 03:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell.com TCP: DhcpNameServer = 74.40.74.40 74.40.74.41 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-20 13:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,0a,e9,5d,cf,b7,cd,4b,bd,75,57,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,0a,e9,5d,cf,b7,cd,4b,bd,75,57,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2376) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2013-04-20 13:57:33 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-20 17:57 . Pre-Run: 275,927,552,000 bytes free Post-Run: 288,853,217,280 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\windows [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 76ACC9850EA0C3819D6313EE55DBCDC3

When I tried to run ComboFix, I get an error message: "Error opening file for writing: X:\32788R22FWJFW\023.dat" I am still running from REATOGO-X-PE desktop on the infected machine and the REATOGO-X-PE CD is designated as the "X" drive. No other programs (including security software) is running.

I downloaded and copied both apps to the desktop of the infected machine. When I double-clicked AdwCleaner, nothing would happen. So I ran RogueKiller. Here is the report from the scan/delete: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 ) 32 bits version Started in : Normal mode User : SYSTEM [Admin rights] Mode : Remove -- Date : 04/18/2013 23:53:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] adwcleaner.exe -- B:\Documents and Settings\Default User\Desktop\adwcleaner.exe [-] -> KILLED [TermProc] [sUSP PATH] adwcleaner.exe -- B:\Documents and Settings\Default User\Desktop\adwcleaner.exe [-] -> KILLED [TermProc] [sUSP PATH] adwcleaner.exe -- B:\Documents and Settings\Default User\Desktop\adwcleaner.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [FILEASSO] HKLM\[...]\command : (X:\I386\IEXPLORE.EXE) [-] -> FOLDER NOT FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> C:\windows\system32\config\SOFTWARE -> C:\windows\system32\config\SYSTEM -> C:\Documents and Settings\Administrator\NTUSER.DAT -> C:\Documents and Settings\All Users\NTUSER.DAT -> C:\Documents and Settings\Default User\NTUSER.DAT -> C:\Documents and Settings\Lindsay\NTUSER.DAT -> C:\Documents and Settings\LocalService\NTUSER.DAT -> C:\Documents and Settings\NetworkService\NTUSER.DAT -> C:\Documents and Settings\new user\NTUSER.DAT ¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> X:\i386\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 26f67e6150cf9c6b32c183070843b9eb [bSP] a0b7dbde655f0332216cab355f28430e : Legit.C MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04182013_02d2353.txt >> RKreport[1]_S_04182013_02d2353.txt ; RKreport[2]_D_04182013_02d2353.txt

Steps completed. Here are the results: ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch deleted successfully. C:\Documents and Settings\All Users\Application Data\SystemRoot.exe moved successfully. File C:\Documents and Settings\All Users\Application Data\SystemRoot.exe not found. C:\Documents and Settings\All Users\Application Data\1.bmp moved successfully. C:\Documents and Settings\All Users\Application Data\1.jpg moved successfully. ========== FILES ========== Invalid Switch: c: File\Folder Commands not found. File\Folder [PURITY] not found. File\Folder [emptyjava] not found. File\Folder [EMPTYFLASH] not found. File\Folder [reboot] not found. OTLPE by OldTimer - Version 3.1.48.0 log created on 04182013_192953

Okay, I completed those steps. Below is the contents of the OTL.txt file that was created: OTL logfile created on: 4/18/2013 7:51:50 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 814.00 Mb Available Physical Memory | 80.00% Memory free 902.00 Mb Paging File | 847.00 Mb Available in Paging File | 94.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 257.38 Gb Free Space | 86.34% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - [2012/12/13 15:26:20 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2012/07/17 16:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto] -- C:\windows\System32\mfevtps.exe -- (mfevtp) SRV - [2012/07/17 16:05:48 | 000,168,368 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2012/07/17 16:03:46 | 000,200,816 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield) SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (RTL8192su) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/04/17 07:12:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/07/17 16:12:34 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids) DRV - [2012/07/17 16:09:10 | 000,091,168 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2012/07/17 16:08:10 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2012/07/17 16:07:00 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012/07/17 16:05:58 | 000,360,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek) DRV - [2012/07/17 16:05:38 | 000,061,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012/07/17 16:05:18 | 000,230,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012/07/17 16:04:46 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012/04/20 17:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/04/30 18:56:30 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID) DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2002/08/23 10:31:36 | 000,026,381 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com IE - HKU\Lindsay_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\Lindsay_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\Lindsay_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKU\Lindsay_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\new_user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com IE - HKU\new_user_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\new_user_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKU\new_user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\McAfee\MSC\npMcSnFFPl.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/12/28 12:35:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/04/13 11:43:55 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120630150751.dll (McAfee, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AML Registry Cleaner] C:\Program Files\AML Products\Registry Cleaner\regclean.exe (AML Software - AMLSOFT.COM) O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\SystemRoot.exe (Корпорация Майкрософт) O4 - HKLM..\Run: [iPodVideoConverter_upgrade] C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe (E-Z soft) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKU\Lindsay_ON_C..\Run: [EPSON NX410 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE (SEIKO EPSON CORPORATION) O4 - HKU\Lindsay_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\Lindsay_ON_C..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.) O4 - Startup: C:\Documents and Settings\Lindsay\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Lindsay_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\new_user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.40.74.40 74.40.74.41 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/04/17 07:12:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2013/04/17 06:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new user\Application Data\InstallShield [2013/04/17 06:30:12 | 000,032,256 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\SystemRoot.exe [2013/04/16 22:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee [2013/04/13 12:01:42 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxafs.dll [2013/04/13 12:01:42 | 000,122,864 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxinsi64.exe [2013/04/13 12:01:42 | 000,120,816 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxcpyi64.exe [2013/04/13 12:01:42 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxhpinst.exe [2013/04/13 12:01:42 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxcpya64.exe [2013/04/13 12:01:42 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxinsa64.exe [2013/04/13 12:01:42 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\windows\System32\drivers\cdralw2k.sys [2013/04/13 12:01:42 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\windows\System32\drivers\cdr4_xp.sys [2013/04/13 12:01:41 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxsfs.dll [2013/04/13 12:01:41 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxdrv.dll [2013/04/13 12:01:41 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxwave.dll [2013/04/13 12:01:41 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\windows\System32\vxblock.dll [2013/04/13 12:01:41 | 000,063,984 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxwma.dll [2013/04/13 12:01:40 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\windows\System32\px.dll [2013/04/13 12:01:40 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxmas.dll [2013/04/13 12:01:24 | 000,031,744 | ---- | C] (Sony Corporation) -- C:\windows\System32\drivers\ICDSX.sys [2013/04/13 11:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lindsay\My Documents\Voice Files [2013/04/13 11:59:44 | 000,039,048 | ---- | C] (Sony Corporation) -- C:\windows\System32\drivers\IcdUsb2.sys [2013/04/13 11:59:39 | 000,026,409 | ---- | C] (Sony Corporation) -- C:\windows\System32\drivers\Icdusb.sys [2013/04/13 11:53:56 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wstdecod.dll [2013/04/13 11:53:54 | 001,428,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msvidctl.dll [2013/04/13 11:53:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kswdmcap.ax [2013/04/13 11:53:29 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wstdecod.dll [2013/04/13 11:53:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax [2013/04/13 11:53:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax [2013/04/13 11:53:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbisurf.ax [2013/04/13 11:53:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsink.ax [2013/04/13 11:53:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmband.dll [2013/04/13 11:53:15 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dxapi.sys [2013/04/13 11:53:14 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmusic.dll [2013/04/13 11:53:14 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmsynth.dll [2013/04/13 11:53:13 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmstyle.dll [2013/04/13 11:53:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmloader.dll [2013/04/13 11:53:11 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmime.dll [2013/04/13 11:53:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmcompos.dll [2013/04/13 11:53:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dswave.dll [2013/04/13 11:53:09 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmscript.dll [2013/04/13 11:53:07 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dinput8.dll [2013/04/13 11:53:05 | 001,179,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3d8.dll [2013/04/13 11:53:04 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\joy.cpl [2013/04/13 11:53:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\pid.dll [2013/04/13 11:53:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\qasf.dll [2013/04/13 11:52:59 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mswebdvd.dll [2013/04/13 11:52:43 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dxdiag.exe [2013/04/13 11:52:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3drm.dll [2013/04/13 11:52:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dxof.dll [2013/04/13 11:52:40 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dramp.dll [2013/04/13 11:52:40 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dim.dll [2013/04/13 11:52:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dsdmoprp.dll [2013/04/13 11:52:40 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dpmesh.dll [2013/04/13 11:52:39 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dsdmo.dll [2013/04/13 11:52:39 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpvvox.dll [2013/04/13 11:52:38 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\diactfrm.dll [2013/04/13 11:52:38 | 000,212,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpvoice.dll [2013/04/13 11:52:38 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpvsetup.exe [2013/04/13 11:52:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpvacm.dll [2013/04/13 11:52:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dimap.dll [2013/04/13 11:52:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnsvr.exe [2013/04/13 11:52:36 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnhupnp.dll [2013/04/13 11:52:36 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnhpast.dll [2013/04/13 11:52:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnlobby.dll [2013/04/13 11:52:35 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnet.dll [2013/04/13 11:52:35 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnaddr.dll [2013/04/13 11:52:33 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dx8vb.dll [2013/04/13 11:52:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3d8thk.dll [2013/04/13 11:52:32 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dx7vb.dll [2013/04/13 11:52:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\gcdef.dll [2013/04/13 11:52:30 | 001,293,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dsound3d.dll [2013/04/13 11:52:30 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpwsockx.dll [2013/04/13 11:52:29 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dplayx.dll [2013/04/13 11:52:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpmodemx.dll [2013/04/13 11:52:28 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dinput.dll [2013/04/13 11:52:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dplaysvr.exe [2013/04/13 11:52:28 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ddrawex.dll [2013/04/13 11:52:27 | 000,824,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dim700.dll [2013/04/13 11:52:27 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ddraw.dll [2013/04/13 11:52:25 | 000,143,422 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\l3codecx.ax [2013/04/13 11:52:21 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll [2013/04/13 11:52:18 | 001,689,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll [2013/04/13 11:51:45 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\stream.sys [2013/04/13 11:51:42 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys [2013/04/13 11:51:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksuser.dll [2013/04/13 11:51:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ksuser.dll [2013/04/13 11:51:41 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax [2013/04/13 11:51:40 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dmusic.dll [2013/04/13 11:51:40 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dmsynth.dll [2013/04/13 11:51:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dmstyle.dll [2013/04/13 11:51:38 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dmime.dll [2013/04/13 11:51:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dmloader.dll [2013/04/13 11:51:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dmcompos.dll [2013/04/13 11:51:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dmband.dll [2013/04/13 11:51:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dswave.dll [2013/04/13 11:51:35 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dmscript.dll [2013/04/13 11:51:34 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dinput8.dll [2013/04/13 11:51:31 | 001,179,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d8.dll [2013/04/13 11:51:29 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxapi.sys [2013/04/13 11:51:28 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pid.dll [2013/04/13 11:51:27 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\joy.cpl [2013/04/13 11:51:21 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll [2013/04/13 11:51:20 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mswebdvd.dll [2013/04/13 11:51:08 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\encapi.dll [2013/04/13 11:51:06 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiag.exe [2013/04/13 11:51:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dxof.dll [2013/04/13 11:51:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3drm.dll [2013/04/13 11:51:03 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dramp.dll [2013/04/13 11:51:03 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dpmesh.dll [2013/04/13 11:51:02 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dim.dll [2013/04/13 11:51:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsdmoprp.dll [2013/04/13 11:51:01 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsdmo.dll [2013/04/13 11:51:00 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpvvox.dll [2013/04/13 11:51:00 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpvsetup.exe [2013/04/13 11:50:59 | 000,212,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpvoice.dll [2013/04/13 11:50:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpvacm.dll [2013/04/13 11:50:56 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diactfrm.dll [2013/04/13 11:50:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimap.dll [2013/04/13 11:50:55 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnsvr.exe [2013/04/13 11:50:54 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnhupnp.dll [2013/04/13 11:50:54 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnlobby.dll [2013/04/13 11:50:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnhpast.dll [2013/04/13 11:50:51 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnet.dll [2013/04/13 11:50:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnaddr.dll [2013/04/13 11:50:47 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dx8vb.dll [2013/04/13 11:50:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d8thk.dll [2013/04/13 11:50:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gcdef.dll [2013/04/13 11:50:43 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dx7vb.dll [2013/04/13 11:50:41 | 001,293,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsound3d.dll [2013/04/13 11:50:40 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsound.dll [2013/04/13 11:50:40 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dsound.dll [2013/04/13 11:50:39 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dplayx.dll [2013/04/13 11:50:39 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpwsockx.dll [2013/04/13 11:50:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpmodemx.dll [2013/04/13 11:50:38 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dplaysvr.exe [2013/04/13 11:50:37 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dinput.dll [2013/04/13 11:50:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ddrawex.dll [2013/04/13 11:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013/04/13 11:50:36 | 000,824,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dim700.dll [2013/04/13 11:50:36 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ddraw.dll [2013/04/13 11:50:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bdaplgin.ax [2013/04/13 11:50:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bdaplgin.ax [2013/04/13 11:50:22 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mpe.sys [2013/04/13 11:50:22 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpe.sys [2013/04/13 11:50:22 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bdasup.sys [2013/04/13 11:50:22 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bdasup.sys [2013/04/13 11:50:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksolay.ax [2013/04/13 11:49:58 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdllreg.exe [2013/04/13 11:48:11 | 000,208,896 | ---- | C] (Sony Corporation) -- C:\windows\System32\ICDFConv.dll [2013/04/13 11:48:11 | 000,061,440 | ---- | C] (Sony Corporation) -- C:\windows\System32\DSConv.dll [2013/04/13 11:48:11 | 000,057,344 | ---- | C] (Sony Corporation) -- C:\windows\System32\StrmOut.dll [2013/04/13 11:48:10 | 001,650,688 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdShlex.dll [2013/04/13 11:48:10 | 000,126,976 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdYsys.dll [2013/04/13 11:48:09 | 000,586,992 | ---- | C] (Gracenote) -- C:\windows\System32\CddbLinkSony.dll [2013/04/13 11:48:08 | 001,029,360 | ---- | C] (Gracenote) -- C:\windows\System32\CDDBUISony.dll [2013/04/13 11:48:07 | 001,340,656 | ---- | C] (Gracenote, Inc.) -- C:\windows\System32\CDDBControlSony.dll [2013/04/13 11:48:06 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\windows\System32\spiccDve.dll [2013/04/13 11:48:06 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\windows\System32\spicc.dll [2013/04/13 11:48:06 | 000,094,208 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdSptSv.exe [2013/04/13 11:48:06 | 000,028,672 | ---- | C] ( Sony/AC開発部) -- C:\windows\System32\spc.dll [2013/04/13 11:48:05 | 000,573,440 | ---- | C] (http://www.id3lib.org/) -- C:\windows\System32\id3lib.dll [2013/04/13 11:48:05 | 000,065,536 | ---- | C] (Sony corporation) -- C:\windows\System32\rcnv2.dll [2013/04/13 11:48:05 | 000,057,344 | ---- | C] (Sony Corporation) -- C:\windows\System32\icdcomm.dll [2013/04/13 11:48:04 | 000,348,160 | ---- | C] (Sony Corporation) -- C:\windows\System32\MP3Enc.dll [2013/04/13 11:48:03 | 000,323,584 | ---- | C] (Sony corporation) -- C:\windows\System32\LPEC.dll [2013/04/13 11:48:03 | 000,317,440 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdXa.dll [2013/04/13 11:48:02 | 000,249,856 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdStor2.dll [2013/04/13 11:48:02 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdSpiDve.dll [2013/04/13 11:48:02 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdSpi.dll [2013/04/13 11:48:02 | 000,016,384 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdShare.dll [2013/04/13 11:48:01 | 000,233,472 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdComm4.dll [2013/04/13 11:48:01 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdSConv.dll [2013/04/13 11:48:01 | 000,086,016 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdMSCom.dll [2013/04/13 11:48:00 | 000,221,184 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdComm3.dll [2013/04/13 11:48:00 | 000,221,184 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdComm2.dll [2013/04/13 11:48:00 | 000,094,208 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdCddaDve.dll [2013/04/13 11:47:59 | 000,094,208 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdCdda.dll [2013/04/13 11:47:59 | 000,065,536 | ---- | C] (Sony Corporation) -- C:\windows\System32\ICDUSB3.dll [2013/04/13 11:47:58 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\windows\System32\ICDUSB2.dll [2013/04/13 11:47:58 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\windows\System32\ICDUSB.dll [2013/04/13 11:46:46 | 000,110,592 | ---- | C] (Sony Corporation) -- C:\windows\System32\trcsp.ax [2013/04/13 11:46:46 | 000,102,400 | ---- | C] (Sony Corporation) -- C:\windows\System32\msvdec.ax [2013/04/13 11:46:46 | 000,069,632 | ---- | C] (Sony Corporation) -- C:\windows\System32\trcde.ax [2013/04/13 11:46:45 | 000,995,328 | ---- | C] (Sony Corporation) -- C:\windows\System32\lcstde.ax [2013/04/13 11:46:45 | 000,131,072 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdSrc3.ax [2013/04/13 11:46:45 | 000,110,592 | ---- | C] (Sony Corporation) -- C:\windows\System32\lpecsp.ax [2013/04/13 11:46:45 | 000,110,592 | ---- | C] (Sony Corporation) -- C:\windows\System32\lcstsp.ax [2013/04/13 11:46:45 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\windows\System32\icdsrc.ax [2013/04/13 11:46:45 | 000,069,632 | ---- | C] (Sony Corporation) -- C:\windows\System32\lpecde.ax [2013/04/13 11:46:44 | 000,102,400 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdPars.ax [2013/04/13 11:46:44 | 000,077,824 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdSrc2.ax [2013/04/13 11:46:44 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\windows\System32\DPCtrl.ax [2013/04/13 11:46:44 | 000,065,536 | ---- | C] (Sony Corporation) -- C:\windows\System32\IcdAfs.ax [2013/04/13 11:46:37 | 000,053,248 | ---- | C] (Sony Corporation) -- C:\windows\System32\AudiDest.ax [2013/04/13 11:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony Digital Voice Editor 3 [2013/04/13 11:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2013/04/13 11:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lindsay\Application Data\InstallShield ========== Files - Modified Within 30 Days ========== [2013/04/17 07:12:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2013/04/17 07:11:43 | 000,000,262 | ---- | M] () -- C:\windows\tasks\WGASetup.job [2013/04/17 07:11:39 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/17 07:09:09 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2013/04/17 06:30:37 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/04/17 06:30:20 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2013/04/17 06:30:10 | 000,032,256 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\SystemRoot.exe [2013/04/17 05:44:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/16 22:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee [2013/04/14 09:34:33 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\Lindsay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/04/13 12:03:30 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk [2013/04/13 11:54:06 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk [2013/04/13 11:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony Digital Voice Editor 3 [2013/04/13 11:46:08 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Digital Voice Editor 3.lnk [2013/04/13 11:25:13 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Lindsay\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2013/04/13 10:40:27 | 000,472,970 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/04/13 10:40:26 | 000,084,364 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/04/13 10:38:56 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl ========== Files Created - No Company Name ========== [2013/04/17 06:30:35 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/04/17 06:30:17 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2013/04/13 11:59:40 | 000,122,880 | ---- | C] () -- C:\windows\System32\trc.dll [2013/04/13 11:54:05 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk [2013/04/13 11:54:05 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk [2013/04/13 11:53:30 | 000,118,272 | ---- | C] () -- C:\windows\System32\mpeg2data.ax [2013/04/13 11:53:02 | 000,733,696 | ---- | C] () -- C:\windows\System32\dllcache\qedwipes.dll [2013/04/13 11:53:01 | 000,562,176 | ---- | C] () -- C:\windows\System32\dllcache\qedit.dll [2013/04/13 11:52:58 | 000,014,336 | ---- | C] () -- C:\windows\System32\dllcache\msdmo.dll [2013/04/13 11:52:52 | 000,386,048 | ---- | C] () -- C:\windows\System32\dllcache\qdvd.dll [2013/04/13 11:52:50 | 000,279,040 | ---- | C] () -- C:\windows\System32\dllcache\qdv.dll [2013/04/13 11:52:49 | 000,192,512 | ---- | C] () -- C:\windows\System32\dllcache\qcap.dll [2013/04/13 11:52:49 | 000,148,992 | ---- | C] () -- C:\windows\System32\dllcache\mpg2splt.ax [2013/04/13 11:52:48 | 000,035,328 | ---- | C] () -- C:\windows\System32\dllcache\mciqtz32.dll [2013/04/13 11:52:46 | 000,070,656 | ---- | C] () -- C:\windows\System32\dllcache\amstream.dll [2013/04/13 11:51:16 | 001,292,288 | ---- | C] () -- C:\windows\System32\dllcache\quartz.dll [2013/04/13 11:51:10 | 000,148,992 | ---- | C] () -- C:\windows\System32\mpg2splt.ax [2013/04/13 11:51:08 | 000,059,904 | ---- | C] () -- C:\windows\System32\dllcache\devenum.dll [2013/04/13 11:50:22 | 000,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll [2013/04/13 11:50:22 | 000,354,816 | ---- | C] () -- C:\windows\System32\dllcache\psisdecd.dll [2013/04/13 11:50:22 | 000,052,224 | ---- | C] () -- C:\windows\System32\msdvbnp.ax [2013/04/13 11:50:22 | 000,052,224 | ---- | C] () -- C:\windows\System32\dllcache\msdvbnp.ax [2013/04/13 11:50:22 | 000,030,208 | ---- | C] () -- C:\windows\System32\psisrndr.ax [2013/04/13 11:50:22 | 000,030,208 | ---- | C] () -- C:\windows\System32\dllcache\psisrndr.ax [2013/04/13 11:48:07 | 000,005,120 | ---- | C] () -- C:\windows\System32\IcdSptSvps.dll [2013/04/13 11:48:05 | 000,118,784 | ---- | C] () -- C:\windows\System32\mp3dec.dll [2013/04/13 11:48:04 | 000,081,920 | ---- | C] () -- C:\windows\System32\dsp_trc.dll [2013/04/13 11:46:08 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Digital Voice Editor 3.lnk [2013/04/13 11:25:13 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Lindsay\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2012/11/17 15:39:50 | 000,082,289 | ---- | C] () -- C:\windows\System32\lvcoinst.ini [2012/08/11 03:28:23 | 000,314,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/03/07 19:13:39 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll [2011/02/23 06:07:15 | 000,000,099 | ---- | C] () -- C:\windows\Quicken.ini [2011/01/17 19:23:51 | 000,376,832 | ---- | C] () -- C:\windows\System32\AegisI5Installer.exe [2011/01/17 19:23:11 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe [2010/12/06 23:07:18 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\Lindsay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/06 23:07:16 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini [2010/11/27 13:48:25 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat [2010/11/27 13:38:03 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys [2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll [2006/08/28 22:47:38 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini [2006/08/28 22:28:34 | 000,049,152 | ---- | C] () -- C:\windows\setpwrcg.exe [2006/08/28 22:28:16 | 000,000,391 | ---- | C] () -- C:\windows\System32\OEMINFO.INI [2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\windows\orun32.ini [2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat [2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat [2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini [2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI [2004/08/11 17:06:43 | 000,267,008 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat [2004/08/11 17:00:28 | 000,472,970 | ---- | C] () -- C:\windows\System32\perfh009.dat [2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat [2004/08/11 17:00:28 | 000,084,364 | ---- | C] () -- C:\windows\System32\perfc009.dat [2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat [2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\windows\System32\oembios.dat [2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin [2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat [2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin [2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat [2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin ========== LOP Check ========== [2011/01/02 19:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lindsay\Application Data\Easy Duplicate Finder [2012/11/17 15:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lindsay\Application Data\Leadertech [2011/01/02 15:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder [2012/12/17 20:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2010/11/27 13:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital [2013/04/17 07:11:43 | 000,000,262 | ---- | M] () -- C:\windows\Tasks\WGASetup.job ========== Purity Check ========== < End of report >

I have a similar situation to some of the others posters that I have seen in this Forum with the Moneypak virus. But I want to make sure that I follow the right course of action, so I'm posting this request for help. Here are the particulars of my situation: the infected machine is a 32-bit machine that is running Windows XP (my "clean" machine is a 64-bit) there are two user accounts on the machine - both appear to be infected I have tried to boot in Safe Mode, but that appears to be disabled as I always get the "Blue Screen of Death" during boot-up Malwarebytes is already installed on the infected machine, but the virus blocks any programs from being run before it locks up the machine I'm looking for any help in removing the virus. Thanks.

I have a similar situation to some of the others posters that I have seen in this Forum with the Moneypak virus. But I want to make sure that I follow the right course of action, so I'm posting this request for help. Here are the particulars of my situation: the infected machine is a 32-bit machine that is running Windows XP (my "clean" machine is a 64-bit) there are two user accounts on the machine - both appear to be infected I have tried to boot in Safe Mode, but that appears to be disabled as I always get the "Blue Screen of Death" during boot-up Malwarebytes is already installed on the infected machine, but the virus blocks any programs from being run before it locks up the machine I'm looking for any help in removing the virus. Thanks.