Jump to content

FBI Moneypak Malware Infection on XP OS


spicer

Recommended Posts

My computer has contracted FBI Moneypak malware. When I use F8 and attempt to enter any kind of Safe Mode, I get the blue screen saying a problem has been detected and windows has been shut down to prevent damage to the computer. I am using Windows XP OS. Would anyone have any suggestions on how to gain access to this computer so I can run malwarebytes, etc?

Link to post
Share on other sites

Ok. I got the scan done and the following is the output:

OTL logfile created on: 1/14/2013 4:08:36 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 814.00 Mb Available Physical Memory | 80.00% Memory free

907.00 Mb Paging File | 847.00 Mb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 30.25 Gb Free Space | 40.59% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (avg9wd)

SRV - File not found [Auto] -- -- (avg9emc)

SRV - File not found [On_Demand] -- -- (AVG Security Toolbar Service)

SRV - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/12 19:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/06/02 09:28:00 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2007/02/21 13:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | Boot] -- -- (cerc6)

DRV - [2013/01/13 13:32:46 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD991DB9-C229-4CD8-9817-9D43209099F0}\MpKsl4262e074.sys -- (MpKsl4262e074)

DRV - [2012/12/14 19:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/09/19 22:10:47 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/09/19 22:10:38 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/09/19 22:10:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2007/02/21 13:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/02/08 15:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®

DRV - [2006/05/10 17:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2005/11/11 00:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)

DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005/04/21 23:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)

DRV - [2004/11/15 17:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)

DRV - [2002/11/15 22:07:38 | 000,084,840 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.OWNER-6F2431579_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\owner_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found

IE - HKU\owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5C372E6C-8A0F-4927-BAFE-40FEAC226837}: C:\Documents and Settings\owner\Local Settings\Application Data\{5C372E6C-8A0F-4927-BAFE-40FEAC226837} [2010/09/19 12:30:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared

[2012/11/30 06:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found

O3 - HKU\owner_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKU\owner_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] File not found

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sbupese] File not found

O4 - HKU\owner_ON_C..\Run: [Run-OSByPetzl] C:\Program Files\Petzl\OSByPetzl\WinPetzlController.exe (Petzl)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator.OWNER-6F2431579_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258567206853 (WUWebControl Class)

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\Land Desktop 3\AcDcToday.ocx (AcDcToday Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\Land Desktop 3\InstBanr.ocx (NOXLATE-BANR)

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\Land Desktop 3\InstFred.ocx (InstaFred)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\Land Desktop 3\AcPreview.ocx (AcPreview Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\owner\Application Data\unzhaza) - C:\Documents and Settings\owner\Application Data\unzhaza.exe (Juvarif)

O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (opoopq.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/18 11:47:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/14 12:37:09 | 000,114,688 | ---- | C] (Juvarif) -- C:\Documents and Settings\owner\Application Data\unzhaza.exe

[2013/01/14 12:32:01 | 000,114,688 | ---- | C] (Juvarif) -- C:\Documents and Settings\owner\Local Settings\Application Data\unzhaza.exe

[2013/01/14 12:31:54 | 000,114,688 | ---- | C] (Juvarif) -- C:\Documents and Settings\All Users\Application Data\unzhaza.exe

[2012/12/28 23:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Petzl

[2012/12/28 23:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Petzl

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/14 15:43:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/14 14:20:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/14 14:16:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/14 14:15:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/14 14:15:38 | 000,114,688 | ---- | M] (Juvarif) -- C:\Documents and Settings\owner\Local Settings\Application Data\unzhaza.exe

[2013/01/14 14:15:35 | 000,114,688 | ---- | M] (Juvarif) -- C:\Documents and Settings\owner\Application Data\unzhaza.exe

[2013/01/14 13:38:27 | 000,114,688 | ---- | M] (Juvarif) -- C:\Documents and Settings\All Users\Application Data\unzhaza.exe

[2013/01/14 13:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2013/01/14 13:09:42 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/01/14 12:49:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/14 12:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2013/01/14 11:56:30 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Microsoft Office Word 2007.lnk

[2013/01/14 11:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2013/01/13 22:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At40.job

[2013/01/13 21:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At38.job

[2013/01/13 20:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At36.job

[2013/01/13 19:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At34.job

[2013/01/13 18:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At32.job

[2013/01/13 17:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job

[2013/01/13 16:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At28.job

[2013/01/13 15:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At26.job

[2013/01/13 14:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2013/01/13 08:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2013/01/13 07:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2013/01/12 23:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job

[2013/01/11 14:10:03 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Microsoft Office Excel 2007 (2).lnk

[2013/01/10 13:56:17 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Home - Welcome to CenturyLink.url

[2013/01/10 06:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2013/01/10 05:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2013/01/10 04:54:59 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\list.url

[2013/01/10 04:54:16 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Commuting-Touring Bike.url

[2013/01/10 04:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2013/01/10 03:12:09 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2013/01/10 03:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2013/01/09 20:17:50 | 000,615,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/09 20:17:50 | 000,141,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/05 21:02:51 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Ad Hunt'r - Search ALL of Craigslist™ and more!.url

[2013/01/04 15:51:53 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Cyclofiend.com.url

[2013/01/04 09:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2013/01/03 02:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At48.job

[2013/01/03 01:12:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At46.job

[2013/01/03 00:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At44.job

[2012/12/31 12:12:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/31 12:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/29 22:23:30 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Everyday Commentary Reviews.url

[2012/12/29 22:03:01 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\www.edgeobserver.com.url

[2012/12/29 00:05:54 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\650B Conversion Guidlines.url

[2012/12/28 23:54:34 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OSByPetzl.lnk

[2012/12/28 23:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Petzl

[2012/12/25 12:19:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/12/24 17:02:27 | 000,000,203 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\page4.url

[2012/12/24 16:21:55 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Craigslist Cities.url

[2012/12/24 11:39:27 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\used_bikeslist.url

[2012/12/24 10:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2012/12/22 20:18:13 | 000,225,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/12/22 20:01:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/12/18 11:47:00 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\iBOB Mailing List Reader yojimg.net.url

[2012/12/18 11:39:51 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Cyclofiend iBob & Related Resources.url

[2012/12/18 11:29:01 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Bike Pages.url

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll

[2012/12/15 20:04:23 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\An Alaskan Adventure Review Rocky Mountain Sherpa touring bike One of the best touring bikes out there..url

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/04 15:51:53 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Cyclofiend.com.url

[2012/12/29 22:03:01 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\www.edgeobserver.com.url

[2012/12/29 00:05:54 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\650B Conversion Guidlines.url

[2012/12/28 23:54:34 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OSByPetzl.lnk

[2012/12/26 11:40:56 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\list.url

[2012/12/24 17:02:27 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\page4.url

[2012/12/24 16:21:55 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Craigslist Cities.url

[2012/12/23 17:55:25 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\used_bikeslist.url

[2012/12/18 11:47:00 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\iBOB Mailing List Reader yojimg.net.url

[2012/12/18 11:39:51 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Cyclofiend iBob & Related Resources.url

[2012/12/18 11:29:01 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Bike Pages.url

[2012/12/17 14:26:24 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Ad Hunt'r - Search ALL of Craigslist™ and more!.url

[2012/11/29 13:26:49 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\1.bmp

[2012/11/29 13:26:41 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\1.jpg

[2012/11/19 14:06:35 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0.pad

[2012/11/02 10:46:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\srfvdo.dat

[2012/07/31 11:28:21 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ras_0oed.pad

[2012/07/30 09:50:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2012/07/27 08:50:13 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2012/07/27 08:50:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2012/07/27 08:50:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2012/07/27 08:50:13 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2012/07/27 08:50:13 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2012/07/27 08:50:13 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2012/07/27 08:50:13 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2012/07/27 08:50:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2012/07/27 08:50:13 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2012/07/27 08:50:13 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2012/07/27 08:50:13 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2012/07/27 08:50:13 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2012/07/27 08:50:13 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2012/07/27 08:50:13 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2012/07/27 08:50:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2012/07/27 08:50:12 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2012/02/17 12:42:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/02 19:32:44 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Lf3XHRai0.dat

[2011/12/02 19:08:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{53D85DE5-A1C3-4D69-9875-A5543121FD00}

[2011/12/02 19:05:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{ECFBF80F-6F3C-49B0-A41D-C0FA3644EDB2}

[2011/11/24 17:04:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{3882A235-9A53-4BB3-A130-5F12547B7D92}

[2011/01/18 19:51:54 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\uid_pal

[2010/10/04 17:45:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/01 20:36:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/09/19 12:30:20 | 000,017,812 | ---- | C] () -- C:\WINDOWS\Msitobe.dat

[2010/09/19 12:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ugaki.bin

[2009/12/17 12:15:32 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat

[2009/12/17 11:41:01 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll

[2009/12/17 11:28:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll

[2009/12/06 11:47:15 | 000,000,413 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2009/11/19 16:55:09 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/19 12:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/11/18 16:10:02 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/11/18 12:46:33 | 000,104,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2009/11/18 11:50:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/11/18 11:44:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/11/18 04:33:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/11/18 04:32:40 | 000,225,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/14 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 02:00:00 | 000,615,772 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 02:00:00 | 000,141,580 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/04/15 06:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/04/15 06:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/04/23 03:07:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe

[2000/09/18 21:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2011/11/20 11:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\a3rfbK2dU1sYqT9

[2009/12/17 12:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Autodesk

[2010/09/22 04:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\AVG9

[2011/11/20 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\dUJ1wcY0aTNp

[2011/11/20 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\EC6ujA5hP4gOrIe

[2012/07/11 15:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ElevatedDiagnostics

[2012/10/30 11:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Epson

[2011/11/20 11:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\NQAX5hmZtnZtOrI

[2012/11/10 13:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\OSByPetzl

[2011/11/20 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\t6ujQX5hP4gOrIe

[2009/11/18 13:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Windows Desktop Search

[2009/12/04 23:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Windows Search

[2011/11/20 11:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ZFB8oEF8lD7k

[2012/09/14 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2010/10/19 20:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/01/18 21:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2012/07/27 10:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2009/12/17 12:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Haestad

[2011/03/07 11:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kLeGgHn01804

[2010/10/27 20:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/07/16 17:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/18 16:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2013/01/13 07:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2013/01/13 08:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2013/01/04 09:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2012/12/24 10:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2013/01/14 11:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2013/01/10 03:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2013/01/14 12:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2013/01/14 13:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2013/01/13 14:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2013/01/13 15:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job

[2013/01/13 16:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job

[2013/01/13 17:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job

[2013/01/13 18:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job

[2013/01/13 19:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job

[2013/01/13 20:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job

[2013/01/13 21:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job

[2013/01/10 04:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2013/01/13 22:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job

[2013/01/12 23:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job

[2013/01/03 00:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job

[2013/01/03 01:12:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job

[2013/01/03 02:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job

[2013/01/10 05:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2013/01/10 06:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/11/18 11:47:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2012/12/06 12:09:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/12/08 11:50:59 | 000,011,639 | ---- | M] () -- C:\ComboFix.txt

[2009/11/18 11:47:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2012/09/28 07:28:36 | 000,008,872 | ---- | M] () -- C:\eula.1028.txt

[2012/09/28 07:28:36 | 000,008,872 | ---- | M] () -- C:\eula.1031.txt

[2012/09/28 07:28:36 | 000,005,038 | ---- | M] () -- C:\eula.1033.txt

[2012/09/28 07:28:36 | 000,008,872 | ---- | M] () -- C:\eula.1036.txt

[2012/09/28 07:28:36 | 000,008,872 | ---- | M] () -- C:\eula.1040.txt

[2012/09/28 07:28:36 | 000,000,090 | ---- | M] () -- C:\eula.1041.txt

[2012/09/28 07:28:36 | 000,008,872 | ---- | M] () -- C:\eula.1042.txt

[2012/09/28 07:28:36 | 000,008,872 | ---- | M] () -- C:\eula.2052.txt

[2012/09/28 07:28:36 | 000,008,872 | ---- | M] () -- C:\eula.3082.txt

[2012/09/28 07:28:36 | 000,000,545 | ---- | M] () -- C:\globdata.ini

[2012/09/28 07:28:36 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2012/09/28 07:28:36 | 000,000,806 | ---- | M] () -- C:\install.ini

[2012/09/28 07:28:36 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2012/09/28 07:28:36 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2012/09/28 07:28:36 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2012/09/28 07:28:36 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2012/09/28 07:28:36 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2012/09/28 07:28:36 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2012/09/28 07:28:36 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2012/09/28 07:28:36 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2012/09/28 07:28:36 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2009/11/18 11:47:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/09/18 18:24:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2009/11/18 11:47:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/14 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 02:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2013/01/14 15:43:01 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

[2012/11/29 18:28:52 | 000,000,031 | ---- | M] () -- C:\report.txt

[2011/01/15 20:49:21 | 000,036,594 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_15.01.2011_18.48.50_log.txt

[2012/06/11 09:38:37 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2012/09/28 07:28:36 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2012/09/28 07:28:36 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< MD5 for: EXPLORER.EXE >

[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Documents and Settings\owner\Desktop\Back Up\Surplus Pwdr\WINDOWS\explorer.exe

[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Documents and Settings\owner\Desktop\Back Up\Surplus Pwdr\WINDOWS\ServicePackFiles\i386\explorer.exe

[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/14 04:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\Documents and Settings\owner\Desktop\Back Up\Surplus Pwdr\WINDOWS\ServicePackFiles\i386\services.exe

[2008/04/14 02:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Documents and Settings\owner\Desktop\Back Up\Surplus Pwdr\WINDOWS\system32\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: USERINIT.EXE >

[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Documents and Settings\owner\Desktop\Back Up\Surplus Pwdr\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Documents and Settings\owner\Desktop\Back Up\Surplus Pwdr\WINDOWS\system32\userinit.exe

[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2012/12/14 19:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Documents and Settings\owner\Desktop\Back Up\Surplus Pwdr\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Documents and Settings\owner\Desktop\Back Up\Surplus Pwdr\WINDOWS\system32\winlogon.exe

[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

Link to post
Share on other sites

OK, basically what we want to do is copy the text that's in BOLD into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in BOLD into notepad and save it:

:OTL

SRV - File not found [Auto] -- -- (avg9wd)

SRV - File not found [Auto] -- -- (avg9emc)

SRV - File not found [On_Demand] -- -- (AVG Security Toolbar Service)

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | Boot] -- -- (cerc6)

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found

IE - HKU\owner_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found

O3 - HKU\owner_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found

O4 - HKLM..\Run: [AVG9_TRAY] File not found

O4 - HKLM..\Run: [sbupese] File not found

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found

O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\owner\Application Data\unzhaza) - C:\Documents and Settings\owner\Application Data\unzhaza.exe (Juvarif)

O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - File not found

O30 - LSA: Authentication Packages - (opoopq.dll) - File not found

[2013/01/14 12:37:09 | 000,114,688 | ---- | C] (Juvarif) -- C:\Documents and Settings\owner\Application Data\unzhaza.exe

[2013/01/14 12:32:01 | 000,114,688 | ---- | C] (Juvarif) -- C:\Documents and Settings\owner\Local Settings\Application Data\unzhaza.exe

[2013/01/14 12:31:54 | 000,114,688 | ---- | C] (Juvarif) -- C:\Documents and Settings\All Users\Application Data\unzhaza.exe

[2013/01/14 14:15:38 | 000,114,688 | ---- | M] (Juvarif) -- C:\Documents and Settings\owner\Local Settings\Application Data\unzhaza.exe

[2013/01/14 14:15:35 | 000,114,688 | ---- | M] (Juvarif) -- C:\Documents and Settings\owner\Application Data\unzhaza.exe

[2013/01/14 13:38:27 | 000,114,688 | ---- | M] (Juvarif) -- C:\Documents and Settings\All Users\Application Data\unzhaza.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2011/12/02 19:32:44 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Lf3XHRai0.dat

[2011/11/20 11:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\a3rfbK2dU1sYqT9

[2011/11/20 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\dUJ1wcY0aTNp

[2011/11/20 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\EC6ujA5hP4gOrIe

[2011/11/20 11:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\NQAX5hmZtnZtOrI

[2012/11/10 13:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\OSByPetzl

[2011/11/20 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\t6ujQX5hP4gOrIe

[2011/11/20 11:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ZFB8oEF8lD7k

[2011/03/07 11:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kLeGgHn01804

[2013/01/13 07:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2013/01/13 08:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2013/01/04 09:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2012/12/24 10:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2013/01/14 11:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2013/01/10 03:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2013/01/14 12:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2013/01/14 13:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2013/01/13 14:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2013/01/13 15:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job

[2013/01/13 16:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job

[2013/01/13 17:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job

[2013/01/13 18:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job

[2013/01/13 19:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job

[2013/01/13 20:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job

[2013/01/13 21:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job

[2013/01/10 04:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2013/01/13 22:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job

[2013/01/12 23:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job

[2013/01/03 00:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job

[2013/01/03 01:12:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job

[2013/01/03 02:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job

[2013/01/10 05:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2013/01/10 06:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

Link to post
Share on other sites

Ok. Ran the Fix and the Log follows:

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avg9wd deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avg9emc deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVG Security Toolbar Service deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WDICA deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PDRFRAME deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PDRELI deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PDFRAME deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PDCOMP deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCIDump deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lbrtfdc deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i2omgmt deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Changer deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cerc6 deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.

Registry value HKEY_USERS\owner_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.

Registry value HKEY_USERS\owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG9_TRAY deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sbupese deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.

File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.

File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\owner\Application Data\unzhaza deleted successfully.

C:\Documents and Settings\owner\Application Data\unzhaza.exe moved successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\NetworkService\Application Data\hotfix.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\\Authentication Packages:opoopq.dll deleted successfully.

File C:\Documents and Settings\owner\Application Data\unzhaza.exe not found.

C:\Documents and Settings\owner\Local Settings\Application Data\unzhaza.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\unzhaza.exe moved successfully.

File C:\Documents and Settings\owner\Local Settings\Application Data\unzhaza.exe not found.

File C:\Documents and Settings\owner\Application Data\unzhaza.exe not found.

File C:\Documents and Settings\All Users\Application Data\unzhaza.exe not found.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\Documents and Settings\All Users\Application Data\Lf3XHRai0.dat moved successfully.

C:\Documents and Settings\owner\Application Data\a3rfbK2dU1sYqT9 folder moved successfully.

C:\Documents and Settings\owner\Application Data\dUJ1wcY0aTNp folder moved successfully.

C:\Documents and Settings\owner\Application Data\EC6ujA5hP4gOrIe folder moved successfully.

C:\Documents and Settings\owner\Application Data\NQAX5hmZtnZtOrI folder moved successfully.

C:\Documents and Settings\owner\Application Data\OSByPetzl\Local Store folder moved successfully.

C:\Documents and Settings\owner\Application Data\OSByPetzl folder moved successfully.

C:\Documents and Settings\owner\Application Data\t6ujQX5hP4gOrIe folder moved successfully.

C:\Documents and Settings\owner\Application Data\ZFB8oEF8lD7k folder moved successfully.

Folder C:\Documents and Settings\All Users\Application Data\kLeGgHn01804\ not found.

C:\WINDOWS\Tasks\At10.job moved successfully.

C:\WINDOWS\Tasks\At12.job moved successfully.

C:\WINDOWS\Tasks\At14.job moved successfully.

C:\WINDOWS\Tasks\At16.job moved successfully.

C:\WINDOWS\Tasks\At18.job moved successfully.

C:\WINDOWS\Tasks\At2.job moved successfully.

C:\WINDOWS\Tasks\At20.job moved successfully.

C:\WINDOWS\Tasks\At22.job moved successfully.

C:\WINDOWS\Tasks\At24.job moved successfully.

C:\WINDOWS\Tasks\At26.job moved successfully.

C:\WINDOWS\Tasks\At28.job moved successfully.

C:\WINDOWS\Tasks\At30.job moved successfully.

C:\WINDOWS\Tasks\At32.job moved successfully.

C:\WINDOWS\Tasks\At34.job moved successfully.

C:\WINDOWS\Tasks\At36.job moved successfully.

C:\WINDOWS\Tasks\At38.job moved successfully.

C:\WINDOWS\Tasks\At4.job moved successfully.

C:\WINDOWS\Tasks\At40.job moved successfully.

C:\WINDOWS\Tasks\At42.job moved successfully.

C:\WINDOWS\Tasks\At44.job moved successfully.

C:\WINDOWS\Tasks\At46.job moved successfully.

C:\WINDOWS\Tasks\At48.job moved successfully.

C:\WINDOWS\Tasks\At6.job moved successfully.

C:\WINDOWS\Tasks\At8.job moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 01142013_182501

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC (be back in the am)

Link to post
Share on other sites

Ok. Combofix is in the process of downloading and I got an error message because it thinks MSE and AVG Free 9.0 are running. I checked MSE and it is disables per the link. When I attempted to find and disable AVG 9.0, using uninstall in programs, the files could not be found. I went into add remove programs in the control panel and cound not find the porogram either. I was sure I deleted it at some earlier time. So, I told Combofix to proceed. CF just got done installing Microsoft recovery console. CF is now ready to continue scanning.

Link to post
Share on other sites

Here is the Combofix Log

ComboFix 13-01-14.01 - owner 01/14/2013 19:29:19.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.429 [GMT -8:00]

Running from: c:\documents and settings\owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\0.pad

c:\documents and settings\All Users\Application Data\Adobe\gccheck.exe

c:\documents and settings\All Users\Application Data\ras_0oed.pad

c:\documents and settings\owner\Application Data\Adobe\adb.cer

c:\documents and settings\owner\Application Data\Adobe\plugs

c:\documents and settings\owner\Application Data\Adobe\shed

c:\documents and settings\owner\Application Data\uid_pal

c:\documents and settings\owner\Desktop\AV Protection 2011.lnk

c:\documents and settings\owner\Start Menu\Programs\AV Protection 2011

c:\documents and settings\owner\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk

c:\documents and settings\owner\WINDOWS

C:\Install.exe

C:\RECYCLER(2)

c:\recycler(2)\S-1-5-21-1085031214-1606980848-839522115-1003(2)\Dc3.url

c:\recycler(2)\S-1-5-21-1085031214-1606980848-839522115-1003(2)\INFO2

c:\windows\$NtUninstallKB39423$

c:\windows\$NtUninstallKB39423$\317033242\@

c:\windows\$NtUninstallKB39423$\317033242\bckfg.tmp

c:\windows\$NtUninstallKB39423$\317033242\cfg.ini

c:\windows\$NtUninstallKB39423$\317033242\Desktop.ini

c:\windows\$NtUninstallKB39423$\317033242\keywords

c:\windows\$NtUninstallKB39423$\317033242\kwrd.dll

c:\windows\$NtUninstallKB39423$\317033242\L\tanbxotm

c:\windows\$NtUninstallKB39423$\317033242\lsflt7.ver

c:\windows\$NtUninstallKB39423$\317033242\U\00000001.@

c:\windows\$NtUninstallKB39423$\317033242\U\00000002.@

c:\windows\$NtUninstallKB39423$\317033242\U\00000004.@

c:\windows\$NtUninstallKB39423$\317033242\U\80000000.@

c:\windows\$NtUninstallKB39423$\317033242\U\80000004.@

c:\windows\$NtUninstallKB39423$\317033242\U\80000032.@

c:\windows\$NtUninstallKB39423$\3523153252

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))

.

.

2013-01-15 02:49 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FDD269EB-4152-47CF-9C1F-D0A60CE8DBE6}\mpengine.dll

2013-01-15 02:40 . 2013-01-15 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\APN

2013-01-15 02:31 . 2013-01-15 02:31 -------- d-----w- c:\documents and settings\owner\Application Data\OSByPetzl

2013-01-14 23:25 . 2013-01-14 23:25 -------- d-----w- C:\_OTL

2013-01-13 18:26 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-29 04:54 . 2012-12-29 04:54 -------- d-----w- c:\program files\Petzl

2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 12:23 . 2008-04-14 07:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-15 00:49 . 2012-12-06 18:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-13 01:25 . 2008-04-14 07:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2008-04-14 07:00 1371648 ----a-w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2008-04-14 07:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2008-04-14 07:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-13 39408]

"Run-OSByPetzl"="c:\program files\Petzl\OSByPetzl\WinPetzlController.exe" [2012-12-29 679936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2002-08-23 143360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-09-20 03:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/19/2010 7:10 PM 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/19/2010 7:10 PM 243024]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/6/2012 10:37 AM 398184]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/6/2012 10:34 AM 682344]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/6/2012 10:34 AM 21104]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [11/18/2009 9:48 AM 92550]

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 14:28]

.

2012-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]

.

2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 19:00]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 19:00]

.

2013-01-15 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-14 19:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2824)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\Apoint\Apntex.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2013-01-14 19:55:19 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-15 03:55

ComboFix2.txt 2010-12-08 16:50

.

Pre-Run: 32,668,303,360 bytes free

Post-Run: 34,948,132,864 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - CD91E50513AEFB3E2ABE93FAFF48AB9F

Link to post
Share on other sites

From your ComboFix log I see this..........

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please keep an eye on any sensitive accounts!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lets check the system for any adware...............

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

Ok. Here is the log.

# AdwCleaner v2.105 - Logfile created 01/15/2013 at 10:38:17

# Updated 08/01/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : owner - OWNER-6F2431579

# Boot Mode : Normal

# Running from : C:\Documents and Settings\owner\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\APN

Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AVG Security Toolbar

Key Found : HKLM\Software\AVG Security Toolbar

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

File : C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4g2s9s4n.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1166 octets] - [15/01/2013 10:38:17]

########## EOF - C:\AdwCleaner[R1].txt - [1226 octets] ##########

Link to post
Share on other sites

The computer is working fine, and the scan went well. Here is the log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.15.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

owner :: OWNER-6F2431579 [administrator]

1/15/2013 10:51:38 AM

mbam-log-2013-01-15 (10-51-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 265602

Time elapsed: 16 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OK, we can stop here then since you're going to reinstall.

-------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

All that's left to do is.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Here is the log from Security Check:

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 17

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader XI

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java™ 6 Update 17 <----------uninstall from add/remove programs

Java version out of Date! <-------Download and install the latest version from Here

Adobe Flash Player 10 Flash Player out of Date! <----please check for an update

Make sure you visit Windows Update, they've released several important security updates.

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.