Jump to content

MoneyPak Has Disabled Safe Mode


Recommended Posts

See if you can create this on a clean PC, Then boot the sick PC with the CD..

1. Download OTLPEStd.exe to your desktop

2. Ensure that you have a blank CD in the drive

3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD

4. Boot your sick PC using the CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps Here

5. As the CD needs to detect your hardware and load the operating system, I would recommend grabbing something to drink while it loads.

6. Your system should now display a Reatogo desktop.

Double-click on the OTLPE icon.

  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings.
    Change Drivers to All
    Change Standard Registry to All
  • Under the Custom Scan box paste this in. If the internet does not work you can use a USB stick to transfer over

    msconfig
    %SYSTEMDRIVE%\*.exe
    %LOCALAPPDATA%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop


  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file and post in reply, if no internet connection transfer to a USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • Please post the contents of the C:\OTL.txt file in your reply.

Link to post
Share on other sites

Is this what I was to copy.

OTL logfile created on: 11/28/2012 8:38:48 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 556.00 Mb Available Physical Memory | 73.00% Memory free

706.00 Mb Paging File | 579.00 Mb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.24 Gb Total Space | 13.72 Gb Free Space | 36.82% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)

SRV - File not found [Auto] -- -- (CLTNetCnService)

SRV - File not found [On_Demand] -- -- (AppMgmt)

SRV - [2012/10/31 01:28:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2008/07/09 02:38:27 | 000,026,488 | ---- | M] () [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)

SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2012/11/28 21:09:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012/10/28 10:27:29 | 000,035,144 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2007/08/09 13:17:24 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2003/06/30 20:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE&PC=UP09

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE&PC=UP09

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.48\coFFFw\

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files\Google\Google Photos Screensaver\FF_ext [2007/07/23 22:14:51 | 000,000,000 | ---D | M]

[2008/08/28 16:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2010/09/11 13:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrxizue4.default\extensions

[2010/09/04 20:10:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrxizue4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2007/10/22 16:06:45 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrxizue4.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

[2009/01/31 17:37:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrxizue4.default\extensions\moveplayer@movenetworks.com

[2007/10/22 20:27:03 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrxizue4.default\searchplugins\aolsearch.xml

[2012/11/17 05:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2007/08/12 15:48:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2006/01/18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/01/01 13:40:57 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Microsoft Updater] C:\Documents and Settings\Owner\Local Settings\Temp\013b48995214.exe (Корпорация Майкрософт)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKU\Owner_ON_C..\Run: [Google] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/07/23 00:46:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "Apple Mobile Device"

MsConfig - Services: "ALG"

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe - (Google)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found

MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found

MsConfig - StartUpReg: EA Core - hkey= - key= - File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found

MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 21:09:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/11/28 15:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

[2012/11/22 22:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink

[2012/11/18 14:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/11/18 13:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\CyberLink PowerDVD

[2012/11/16 15:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2012/11/16 15:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/11/16 15:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/11/16 15:40:13 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/11/15 01:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(3)

[2012/11/15 01:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(3)

[2012/11/15 01:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)

[2012/11/15 01:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)

[2012/11/15 01:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012/11/15 01:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/10/31 14:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google

[687 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 21:09:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/11/28 21:08:37 | 000,018,252 | ---- | M] () -- C:\Documents and Settings\Owner\1.mp3

[2012/11/28 21:08:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/28 21:02:55 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2012/11/28 21:01:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/11/28 17:22:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/11/28 01:42:48 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2012/11/24 11:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/11/23 22:16:23 | 009,293,805 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\US Ammo.pdf

[2012/11/18 16:17:44 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2012/11/18 15:38:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/11/18 14:45:22 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/11/18 14:44:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/11/16 15:49:24 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/11/16 15:49:24 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/11/16 15:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2012/11/08 15:31:29 | 000,018,252 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1.mp3

[2012/10/31 01:28:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/10/31 01:28:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[687 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 21:08:37 | 000,018,252 | ---- | C] () -- C:\Documents and Settings\Owner\1.mp3

[2012/11/23 22:16:20 | 009,293,805 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\US Ammo.pdf

[2012/11/18 14:55:20 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2012/11/18 14:45:22 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/11/15 00:43:38 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/11/08 15:31:29 | 000,018,252 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1.mp3

[2012/10/28 10:27:29 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2010/09/29 21:47:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/09/08 16:48:04 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/09/08 16:48:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT

[2010/09/07 16:18:38 | 000,036,576 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2007/12/08 10:33:30 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/10/22 13:10:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini

[2007/10/12 02:00:40 | 000,001,142 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2007/08/20 09:37:17 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2007/08/13 16:53:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2007/08/09 00:05:19 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2007/07/24 21:27:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2007/07/23 22:07:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/07/23 20:11:53 | 000,026,488 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.exe

[2007/07/23 00:52:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2007/07/23 00:43:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2007/07/22 23:44:53 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

[2007/07/22 23:34:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2007/07/22 17:38:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/07/22 17:34:34 | 000,191,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/07/16 15:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/07/16 15:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/07/16 15:41:25 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/07/16 15:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/07/16 15:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/07/16 15:41:21 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/07/16 15:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/07/16 15:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/07/16 15:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/07/16 15:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/07/22 23:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore

[2007/11/30 17:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish

[2007/07/24 17:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint

[2012/11/16 15:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2010/08/31 15:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2007/10/22 13:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/01/17 21:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2010/09/07 07:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/11/28 21:02:55 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

Invalid Environment Variable: %LOCALAPPDATA%\*.exe

< MD5 for: EXPLORER.EXE >

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe

[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe

[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2003/07/16 15:28:11 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >

[2003/07/16 15:47:02 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

[2003/07/16 15:49:24 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

[2003/07/16 15:51:38 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< End of report >

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.