Jump to content

LarryBoberry2013

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry, also forgot to add I am running Wondows XP and followed the OLTPE scan procedure for other XP users. Thanks for any help anyone has.
  2. My desktop computer has become infected with what is apperantly the "moneypak" virus. Sure enough the only thing I get when I boot up is a white screen demanding money. I've tried safe mode and such with no luck... In looking at previous posts I was able to make an OLTPE disk on another computer and scan my system. I'll post the log below if it helps. Not sure what to do next. Can anyone please help me out on this one? OTLPE LOG from earlier today: OTL logfile created on: 9/14/2013 1:46:51 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 372.61 Gb Total Space | 220.13 Gb Free Space | 59.08% Space Free | Partition Type: NTFS Drive D: | 232.88 Gb Total Space | 89.72 Gb Free Space | 38.53% Space Free | Partition Type: NTFS Drive E: | 1397.25 Gb Total Space | 650.82 Gb Free Space | 46.58% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - [2013/09/13 23:42:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/08/26 19:37:59 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/28 22:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/11/11 17:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2010/11/11 17:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2010/11/11 17:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010/11/11 17:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum) SRV - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- D:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (NTACCESS) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI) DRV - File not found [Kernel | On_Demand] -- -- (cpuz132) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/09/14 14:25:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/07/28 21:27:36 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010/07/06 07:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2010/01/28 10:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2009/11/18 10:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 10:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/08/15 23:49:14 | 000,155,792 | R--- | M] (Promise Technology, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\FTT3.sys -- (FTT3) DRV - [2007/03/16 13:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- D:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007/03/16 13:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2005/01/15 03:25:20 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM) DRV - [2005/01/15 03:24:36 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2005/01/15 03:24:30 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM) DRV - [2005/01/15 03:24:30 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) DRV - [2005/01/14 20:24:14 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\an983.sys -- (AN983) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: D:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: D:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/09/14 10:40:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/14 10:40:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/26 19:37:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/26 19:37:53 | 000,000,000 | ---D | M] [2010/09/13 19:09:23 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2012/11/11 19:03:35 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9sacqu6.default\extensions [2010/09/14 23:25:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9sacqu6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/14 13:53:04 | 000,001,832 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9sacqu6.default\searchplugins\bing.xml [2013/08/26 19:37:52 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions [2013/08/26 19:37:52 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013/08/26 19:37:52 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/08/26 19:37:51 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions [2013/08/26 19:38:00 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- [2011/12/03 14:12:20 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- D:\Program Files\mozilla firefox\plugins\NPcol400.dll [2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2011/11/12 13:45:34 | 000,438,353 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15079 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\Administrator_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [bCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DisplaySwitch] D:\Documents and Settings\Administrator\Templates\securitywindrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [EEventManager] D:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Recordpad] D:\Program Files\NCH Software\Recordpad\recordpad.exe (NCH Software) O4 - HKLM..\Run: [RemoteControl] D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Zune Launcher] D:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\Administrator_ON_D..\Run: [NBJ] D:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKU\Administrator_ON_D..\Run: [sansaDispatch] D:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKU\Administrator_ON_D..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\Administrator_ON_D..\Run: [TBPanel] D:\Program Files\Vtune\TBPanel.exe () O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Convert link target to Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/07/04 14:30:47 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/09/14 14:25:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/08/26 20:54:27 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Recent [2013/08/26 19:37:51 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox [2010/09/14 13:48:43 | 000,047,360 | ---- | C] (VSO Software) -- D:\Documents and Settings\Administrator\Application Data\pcouffin.sys [8 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/09/14 14:29:07 | 000,000,300 | ---- | M] () -- D:\WINDOWS\tasks\recordpadShakeIcon.job [2013/09/14 14:28:40 | 000,002,335 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013/09/14 14:28:20 | 000,278,041 | ---- | M] () -- D:\WINDOWS\System32\NvApps.xml [2013/09/14 14:28:01 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2013/09/14 14:25:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/09/14 13:42:00 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/09/14 11:12:23 | 000,298,848 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2013/09/14 11:00:06 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK [2013/09/13 23:42:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerApp.exe [2013/09/13 23:42:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/09/13 23:08:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight [2013/09/13 22:57:32 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2013/08/26 21:13:18 | 000,000,245 | -HS- | M] () -- D:\boot.ini [2013/08/26 20:52:26 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2013/08/17 18:53:40 | 000,435,688 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2013/08/17 18:53:40 | 000,068,584 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [8 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/09/14 10:55:46 | 000,000,300 | ---- | C] () -- D:\WINDOWS\tasks\recordpadShakeIcon.job [2013/09/02 16:42:29 | 000,001,374 | ---- | C] () -- D:\WINDOWS\imsins.BAK [2012/02/15 18:24:33 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll [2011/08/01 12:16:33 | 000,000,297 | ---- | C] () -- D:\WINDOWS\EReg072.dat [2011/05/07 13:54:21 | 000,000,557 | ---- | C] () -- D:\WINDOWS\cdplayer.ini [2011/05/07 13:43:05 | 000,001,492 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\ss.ini [2010/10/15 15:06:12 | 000,000,128 | ---- | C] () -- D:\WINDOWS\LIBENMP3.INI [2010/10/15 15:06:12 | 000,000,075 | ---- | C] () -- D:\WINDOWS\LIBENACM.INI [2010/10/15 15:06:12 | 000,000,048 | ---- | C] () -- D:\WINDOWS\LIBENVRS.INI [2010/10/15 15:06:12 | 000,000,029 | ---- | C] () -- D:\WINDOWS\LIBENWMA.INI [2010/10/15 13:37:34 | 000,002,102 | ---- | C] () -- D:\WINDOWS\smp3m45v.ini [2010/09/20 14:38:30 | 000,010,240 | ---- | C] () -- D:\WINDOWS\System32\vidx16.dll [2010/09/18 18:01:43 | 000,037,376 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/14 17:55:30 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini [2010/09/14 13:56:27 | 000,000,032 | ---- | C] () -- D:\WINDOWS\CD_Start.INI [2010/09/14 13:52:21 | 000,002,126 | ---- | C] () -- D:\WINDOWS\AutostarSuite.ini [2010/09/14 13:48:43 | 000,087,608 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\ezpinst.exe [2010/09/14 13:48:43 | 000,007,824 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\pcouffin.cat [2010/09/14 13:48:43 | 000,001,144 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\pcouffin.inf [2010/09/14 13:44:52 | 000,040,960 | ---- | C] () -- D:\Program Files\Uninstall_CDS.exe [2010/09/14 11:01:43 | 000,000,000 | ---- | C] () -- D:\WINDOWS\EEventManager.INI [2010/09/14 10:45:06 | 000,073,220 | ---- | C] () -- D:\WINDOWS\System32\EPPICPrinterDB.dat [2010/09/14 10:45:06 | 000,031,053 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern131.dat [2010/09/14 10:45:06 | 000,029,114 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern1.dat [2010/09/14 10:45:06 | 000,027,417 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern121.dat [2010/09/14 10:45:06 | 000,021,021 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern3.dat [2010/09/14 10:45:06 | 000,015,670 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern5.dat [2010/09/14 10:45:06 | 000,013,280 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern2.dat [2010/09/14 10:45:06 | 000,010,673 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern4.dat [2010/09/14 10:45:06 | 000,004,943 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern6.dat [2010/09/14 10:45:06 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_PT.dat [2010/09/14 10:45:06 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_BP.dat [2010/09/14 10:45:06 | 000,001,137 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_ES.dat [2010/09/14 10:45:06 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_FR.dat [2010/09/14 10:45:06 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_CF.dat [2010/09/14 10:45:06 | 000,001,104 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_EN.dat [2010/09/14 10:45:06 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\PICSDK.ini [2010/09/13 19:09:14 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat [2010/07/04 14:31:46 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat [2010/07/04 14:26:32 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat [2010/07/04 07:18:36 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI [2010/07/04 07:17:35 | 000,298,848 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2010/05/06 06:25:58 | 002,185,518 | ---- | C] () -- D:\WINDOWS\System32\nvdata.bin [2010/01/12 09:35:44 | 000,080,416 | ---- | C] () -- D:\WINDOWS\System32\RtNicProp32.dll [2008/01/09 05:53:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll [2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat [2002/08/29 12:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin [2002/08/29 12:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat [2002/08/29 12:00:00 | 000,435,688 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat [2002/08/29 12:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat [2002/08/29 12:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat [2002/08/29 12:00:00 | 000,068,584 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat [2002/08/29 12:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin [2002/08/29 12:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat [2002/08/29 12:00:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat [2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2010/09/14 14:14:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software [2012/12/01 14:20:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Battle.net [2010/09/14 10:44:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\EPSON [2011/05/07 13:40:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\FreeRIP [2011/07/11 19:10:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2010/07/04 17:21:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2012/02/12 19:23:01 | 000,000,304 | ---- | M] () -- D:\WINDOWS\Tasks\expresszipShakeIcon.job [2013/09/14 14:29:07 | 000,000,300 | ---- | M] () -- D:\WINDOWS\Tasks\recordpadShakeIcon.job [2011/10/25 17:28:02 | 000,000,292 | ---- | M] () -- D:\WINDOWS\Tasks\wavepadShakeIcon.job ========== Purity Check ========== < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.