FBI MoneyPak

mustangbubba44 · November 6, 2012

I've got this problem, FBI MoneyPak. Says I downloaded pirated material and owe a fine. I ran ComboFix. My log is attached. Any suggestions?

Maniac · November 6, 2012

Hello mustangbubba44! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Your log file is not attached. Please post it in your next reply.

mustangbubba44 · November 6, 2012

Hi Maniac, Here is my log. Also, I will need to leave here in about a half hour for an appointment that will take about two hours. I'll do my best to keep active on this. Thanks in advance for your help.

ComboFix 12-11-06.03 - Tom Endicott 11/06/2012 16:36:13.4.4 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2702 [GMT -5:00]

Running from: c:\documents and settings\Tom Endicott\Desktop\ieplore.exe.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

c:\program files\Mozilla Firefox\components\AskHPRFF.js

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))

.

2012-11-06 19:06 . 2012-11-06 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SOPAgent

2012-11-05 12:25 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2917786D-1792-43CB-81D5-E80E70308AA8}\mpengine.dll

2012-11-04 07:16 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-27 23:36 . 2010-05-14 18:56 125440 ----a-w- c:\windows\system32\hpf3l02t.dll

2012-10-27 23:36 . 2010-05-14 18:56 319488 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp02t.dll

2012-10-27 23:20 . 2012-10-27 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2012-10-27 23:04 . 2010-04-26 08:52 454504 ----a-w- c:\windows\system32\hpzids01.dll

2012-10-24 21:31 . 2012-10-24 21:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\IObit

2012-10-24 21:31 . 2012-10-24 21:31 -------- d-----w- c:\documents and settings\Tom Endicott\AppData

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 22:20 . 2012-05-07 12:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 22:20 . 2011-11-17 01:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 23:54 . 2011-06-06 21:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 02:03 . 2009-06-18 22:48 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 15:14 . 2004-08-10 16:51 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-10 16:51 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33 . 2004-08-10 16:51 2148864 ------w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2004-08-04 02:59 2027520 ------w- c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 20:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D578D806-C260-4321-9AE0-3B181B39538C}"= "c:\progra~1\COMMON~1\mcafee\mcproxy\proxyver.dll" [2009-07-08 149520]

"{0A9B27F1-F902-43a1-8663-BFF940E2F280}"= "c:\progra~1\COMMON~1\mcafee\mcproxy\proxyver.dll" [2009-07-08 149520]

"{0E3F1A07-DA76-4168-BA0F-4AFA3007CEFF}"= "c:\progra~1\COMMON~1\mcafee\mcproxy\proxyver.dll" [2009-07-08 149520]

"{4CE3F02C-E146-4C4F-A35D-16C9DA764CC2}"= "c:\progra~1\COMMON~1\mcafee\mcproxy\proxyver.dll" [2009-07-08 149520]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d578d806-c260-4321-9ae0-3b181b39538c}]

[HKEY_CLASSES_ROOT\TypeLib\{D578D806-C260-4321-9AE0-3B181B39538C}]

.

[HKEY_CLASSES_ROOT\clsid\{0a9b27f1-f902-43a1-8663-bff940e2f280}]

[HKEY_CLASSES_ROOT\TypeLib\{0A9B27F1-F902-43a1-8663-BFF940E2F280}]

.

[HKEY_CLASSES_ROOT\clsid\{0e3f1a07-da76-4168-ba0f-4afa3007ceff}]

[HKEY_CLASSES_ROOT\TypeLib\{0E3F1A07-DA76-4168-BA0F-4AFA3007CEFF}]

.

[HKEY_CLASSES_ROOT\clsid\{4ce3f02c-e146-4c4f-a35d-16c9da764cc2}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-07-11 198704]

"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]

"SOPAgent"="c:\documents and settings\All Users\Application Data\SOPAgent\sopag_xejjsme.exe" [2012-11-06 90112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech BT Wizard"="LBTWiz.exe -silent" [X]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]

"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]

"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-11 669936]

.

c:\documents and settings\Tom Endicott\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-8-29 679936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2007-02-20 17:57 65536 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\Tom Endicott\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/3/2009 10:35 AM 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1036104]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 AM 169408]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [10/24/2012 4:31 PM 1026432]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9/19/2012 3:21 PM 795072]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/11/2012 6:54 AM 399432]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2011 4:18 PM 676936]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2011 4:18 PM 22856]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:34]

.

2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 22:20]

.

2012-11-06 c:\windows\Tasks\AdobeAAMUpdater-1.0-TOMSCOMPUTER-Tom Endicott.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]

.

2012-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2012-11-06 c:\windows\Tasks\ASC6_AutoClean.job

- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2012-10-24 18:51]

.

2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397943351-4291228987-2028307631-1006Core.job

- c:\documents and settings\Tom Endicott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-08 20:04]

.

2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397943351-4291228987-2028307631-1006UA.job

- c:\documents and settings\Tom Endicott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-08 20:04]

.

2012-11-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]

.

2012-11-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 20:31]

.

2012-11-25 c:\windows\Tasks\User_Feed_Synchronization-{A4D4F966-11CC-4BAA-B939-BE0AE4021753}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070829

uInternet Settings,ProxyOverride = <local>;*.local

IE: Free YouTube to Mp3 Converter - c:\documents and settings\Tom Endicott\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm

TCP: DhcpNameServer = 192.168.1.1

DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} - hxxp://www.hostacam.com/scripts/VitaminCtrl_2_1_0_26.cab

DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://valuemanager.iasreo.com/BPO/ImageUploader6.cab

DPF: {E4BBF5F2-453C-4D24-8547-A717DD7592B9} - hxxps://valuemanager.iasreo.com/BPO/ImageUploader6.cab

FF - ProfilePath - c:\documents and settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=13739&l=dir

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-06 16:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3397943351-4291228987-2028307631-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:d4,e6,94,6e,dc,b6,30,04,1f,e9,1a,15,78,45,2a,9e,f5,34,66,2c,d0,59,c4,

3e,30,fe,10,58,0d,80,97,63,e2,a8,82,61,2b,b0,ab,e9,c6,3b,f6,b3,30,74,e5,f0,\

"??"=hex:f9,3c,4c,01,e5,1e,f9,46,76,91,6e,b9,de,50,8d,8b

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(348)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

c:\windows\system32\l3codeca.acm

.

- - - - - - - > 'explorer.exe'(1160)

c:\windows\system32\WININET.dll

c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\l3codeca.acm

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

Completion time: 2012-11-06 16:44:49

ComboFix-quarantined-files.txt 2012-11-06 21:44

ComboFix2.txt 2011-06-04 23:14

ComboFix3.txt 2010-01-28 16:43

.

Pre-Run: 219,414,212,608 bytes free

Post-Run: 219,388,076,032 bytes free

.

- - End Of File - - 9C9D3838009C791ABC13D411D4DC4FAE

Maniac · November 6, 2012

Please post the contents of C:\Qoobox\Add-Remove-Programs-list.txt in your next reply.

mustangbubba44 · November 6, 2012

How do I generate the C:\Qoobox\Add-Remove-Programs-list.txt ?

mustangbubba44 · November 7, 2012

How do I generate the C:\Qoobox\Add-Remove-Programs-list.txt ?

Please post the contents of C:\Qoobox\Add-Remove-Programs-list.txt in your next reply.

32 Bit HP CIO Components Installer

3ivx MPEG-4 5.0.3 (remove only)

8500A909_eDocs

Ad-Aware

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.4)

Advanced SystemCare 6

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

BPD_DSWizards

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CDDRV_Installer

Cisco WebEx Meetings

Comm1: VFR Radio Simulator

Conexant D850 56K V.9x DFVc Modem

Coupon Printer for Windows

Dave Ramsey's Financial Peace Software

Deep Space Explorer

Dell CinePlayer

Dell Driver Reset Tool

Dell Support Center

Dell System Restore

DellSupport

Destinations

DeviceDiscovery

Dictionary.com Toolbar

Dictionary.com Toolbar Updater

Digital Line Detect

DocMgr

DocProc

mustangbubba44 · November 7, 2012

32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
8500A909_eDocs
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.4)
Advanced SystemCare 6
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CDDRV_Installer
Cisco WebEx Meetings
Comm1: VFR Radio Simulator
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Dave Ramsey's Financial Peace Software
Deep Space Explorer
Dell CinePlayer
Dell Driver Reset Tool
Dell Support Center
Dell System Restore
DellSupport
Destinations
DeviceDiscovery
Dictionary.com Toolbar
Dictionary.com Toolbar Updater
Digital Line Detect
DocMgr
DocProc

Oops, didn't use select all. Here is the whole file:

32 Bit HP CIO Components Installer

3ivx MPEG-4 5.0.3 (remove only)

8500A909_eDocs

Ad-Aware

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.4)

Advanced SystemCare 6

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

BPD_DSWizards

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CDDRV_Installer

Cisco WebEx Meetings

Comm1: VFR Radio Simulator

Conexant D850 56K V.9x DFVc Modem

Coupon Printer for Windows

Dave Ramsey's Financial Peace Software

Deep Space Explorer

Dell CinePlayer

Dell Driver Reset Tool

Dell Support Center

Dell System Restore

DellSupport

Destinations

DeviceDiscovery

Dictionary.com Toolbar

Dictionary.com Toolbar Updater

Digital Line Detect

DocMgr

DocProc

Documentation & Support Launcher

Dropbox

Elements 9 Organizer

Elements STI Installer

Fax

Flight Simulator X

Flight Simulator X Service Pack 1

FlipShare

FormViewer

Free Audio CD Burner version 1.4

Free YouTube Download 2.3

Free YouTube to MP3 Converter version 3.8

Games, Music, & Photos Launcher

GARMIN 500 Series Trainer

Google Chrome

Google Toolbar for Internet Explorer

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 12.0

HP Document Manager 2.0

HP Driver Diagnostics

HP Imaging Device Functions 14.0

HP Officejet Pro 8500 A909 Series

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HPSSupply

Intel® Matrix Storage Manager

Intel® PRO Network Connections 11.2.1.69

IrfanView (remove only)

iTunes

Java 6 Update 17

KhalSetup

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Flight Simulator X

Microsoft Flight Simulator X: Acceleration

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Security Client

Microsoft Security Essentials

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C Runtime

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Zoo Tycoon

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

MobileMe Control Panel

Modem Helper

Mozilla Firefox (3.0.12)

MPM

MSVCSetup

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Musicmatch for Windows Media Player

Nancy Drew: Danger on Deception Island

Nancy Drew: Last Train to Blue Moon Canyon

Nancy Drew: Ransom of the Seven Ships

Nancy Drew: The Phantom of Venice

Nancy Drew: Treasure in the Royal Tower

Nancy Drew: Warnings at Waverly Academy

NetWaiting

Network

NVIDIA Drivers

OCR Software by I.R.I.S. 14.0

PhotoScape

Photosmart 130,230,7150,7345,7350,7550 (Remove only)

PrimoPDF -- by Nitro PDF Software

Punch! Home and Landscape Design Suite

QualxServ Service Agreement

Quicken 2010

QuickTime

Risk (remove only)

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio MyDVD DE

Roxio Update Manager

Scan

SearchAssist

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SetPoint

Shop for HP Supplies

SmartWebPrinting

SolutionCenter

Sonic Activation Module

Southwest Calculator

Starry Night CSAP

Status

Toolbox

Top Producer Editor

TrayApp

Uniblue ProcessQuickLink 2

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB968220)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WebReg

WIDCOMM Bluetooth Software

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format Runtime

Windows Media Player 10

Windows Movie Maker 2.0

Windows XP Service Pack 3

Yahoo! Messenger

Yahoo! Toolbar

Maniac · November 7, 2012

Please do not run ComboFix anymore without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Step 1

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

Junkware Removal Tool log
Malwarebytes' Anti-Malware log
aswMBR log

mustangbubba44 · November 7, 2012

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 2.8.4 (11.07.2012)

OS: Microsoft Windows XP x86

Ran by Tom Endicott on Wed 11/07/2012 at 7:56:37.67

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] Application Updater

Successfully deleted: [service] Application Updater

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\ApnUpdater

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\search settings"

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"

Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\askbardis"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"

Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Tom Endicott\Application Data\dvdvideosoftiehelpers"

Successfully deleted: [Folder] "C:\Documents and Settings\Tom Endicott\Application Data\search settings"

Successfully deleted: [Folder] "C:\Program Files\Common Files\dvdvideosoft"

Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"

Successfully deleted: [Folder] "C:\Program Files\application updater"

Successfully deleted: [Folder] "C:\Program Files\coupons"

Successfully deleted: [Folder] "C:\Program Files\dvdvideosoft"

Failed to delete: [Folder-LOCKED!] "C:\Program Files\ask.com"

Successfully deleted: [Folder] "C:\Documents and Settings\Tom Endicott\local settings\application data\asktoolbar"

Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\user.js

Failed to delete: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\extensions\iobit@mybrowserbar.com

Successfully deleted: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\extensions\toolbar@ask.com

Failed to delete: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\extensions\wtxpcom@mybrowserbar.com

Successfully deleted: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}

Successfully deleted: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

Successfully deleted: [File] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\searchplugins\askcom.xml

Failed to delete: [npCouponPrinter.dll] from [FF plugins]

Failed to delete: [npMozCouponPrinter.dll] from [FF plugins]

user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100010,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12");

user_pref("extensions.snipit.chromeURL", "http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q={searchTerms}&crm=1");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 11/07/2012 at 7:59:43.43

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mustangbubba44 · November 7, 2012

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.07.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Tom Endicott :: TOMSCOMPUTER [administrator]

Protection: Disabled

11/7/2012 8:05:03 AM

mbam-log-2012-11-07 (08-05-03).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 239912

Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SOPAgent (Backdoor.Bot) -> Data: C:\Documents and Settings\All Users\Application Data\SOPAgent\sopag_xejjsme.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\All Users\Application Data\SOPAgent\sopag_xejjsme.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

(end)

Maniac · November 7, 2012

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

mustangbubba44 · November 7, 2012

I want to clean it, but will probably end up getting a new one as I was planning on doing so anyway.

Run date: 2012-11-07 08:18:05

-----------------------------

08:18:05.250 OS Version: Windows 5.1.2600 Service Pack 3

08:18:05.250 Number of processors: 4 586 0xF0B

08:18:05.250 ComputerName: TOMSCOMPUTER UserName: Tom Endicott

08:18:05.875 Initialize success

08:19:17.812 AVAST engine defs: 12110700

08:19:27.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

08:19:27.609 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 3

08:19:27.625 Disk 0 MBR read successfully

08:19:27.625 Disk 0 MBR scan

08:19:27.656 Disk 0 unknown MBR code

08:19:27.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63

08:19:27.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 301940 MB offset 96390

08:19:27.734 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3255 MB offset 618470370

08:19:27.765 Disk 0 scanning sectors +625137345

08:19:27.859 Disk 0 scanning C:\WINDOWS\system32\drivers

08:19:35.390 Service scanning

08:19:48.140 Modules scanning

08:19:51.593 Disk 0 trace - called modules:

08:19:51.765 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

08:19:51.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abea9c0]

08:19:52.062 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8abb5030]

08:19:52.812 AVAST engine scan C:\WINDOWS

08:19:58.781 AVAST engine scan C:\WINDOWS\system32

08:21:46.046 AVAST engine scan C:\WINDOWS\system32\drivers

08:21:59.062 AVAST engine scan C:\Documents and Settings\Tom Endicott

08:28:46.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tom Endicott\Desktop\MBR.dat"

08:28:46.140 The log file has been saved successfully to "C:\Documents and Settings\Tom Endicott\Desktop\aswMBR.txt"

08:40:45.453 AVAST engine scan C:\Documents and Settings\All Users

08:52:16.953 Scan finished successfully

08:52:53.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tom Endicott\Desktop\MBR.dat"

08:52:53.218 The log file has been saved successfully to "C:\Documents and Settings\Tom Endicott\Desktop\aswMBR.txt"

Maniac · November 7, 2012

Okay. In this case, boot in Normal mode, update Malwarebytes' Anti-Malware and perform a quick scan. Post the log in your next reply.

mustangbubba44 · November 7, 2012

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.07.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Tom Endicott :: TOMSCOMPUTER [administrator]

Protection: Enabled

11/7/2012 9:18:15 AM

mbam-log-2012-11-07 (09-18-15).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 241571

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Maniac · November 7, 2012

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

mustangbubba44 · November 7, 2012

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f9b14e2c386eed4b982f09c98743d1ea

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-07 04:51:47

# local_time=2012-11-07 11:51:48 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 44169749 44169749 0 0

# compatibility_mode=1024 16777215 100 0 44279179 44279179 0 0

# compatibility_mode=5891 16776869 42 93 0 5001591 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=240945

# found=5

# cleaned=5

# scan_time=5289

C:\Program Files\IObit Toolbar\IE\6.3\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1765\A0209786.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1765\A0209792.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1766\A0209859.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\Installer\309a53b.msi probably a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

Maniac · November 7, 2012

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

LDTate · November 27, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

FBI MoneyPak

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information