Jump to content

Internet Crime Complaint Center, Dept. of the F.B.I. (Greendot-MoneyPak) took over my pc....


Recommended Posts

Malwary Bytes picked up nothing, so here are the logs I'm able to produce! I have 2 HD'S,

HD //C'' has the infectionn but I'm NOT able to scan from that. I cannot accsess anything because this screen (the infection) is full blown, taking up the entire screen display. Can'y minimize/maximize...tried everything to rid of this screen. Can't shut down usind the Windows key, can't use ctl, alt, delete to close any windows out/browser! I am working from my ''D'' drive for these sacans, slecting C; when I'm able to! This is what I've got for now.......all should be drive C: scans, FROM D:, at least that's where I pointed the scans to go. Hope this will do!

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2

Run by DJ at 21:45:47 on 2013-01-17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1410 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ================

.

d:\Program Files\Microsoft Security Client\MsMpEng.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\CTsvcCDA.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Java\jre7\bin\jqs.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

D:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe

D:\Program Files\Microsoft\BingBar\SeaPort.EXE

D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

D:\WINDOWS\system32\MsPMSPSv.exe

D:\WINDOWS\System32\alg.exe

D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

D:\WINDOWS\system32\WDBtnMgr.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

D:\Program Files\Microsoft Security Client\msseces.exe

D:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

D:\WINDOWS\System32\svchost.exe -k netsvcs

D:\WINDOWS\system32\svchost.exe -k NetworkService

D:\WINDOWS\system32\svchost.exe -k LocalService

D:\WINDOWS\system32\svchost.exe -k LocalService

D:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - d:\windows\system32\dla\tfswshx.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - d:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - d:\program files\wot\WOT.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - d:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - d:\program files\windows live\toolbar\wltcore.dll

TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - d:\program files\wot\WOT.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - d:\program files\windows live\toolbar\wltcore.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - d:\program files\wot\WOT.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [CTSysVol] d:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe

mRun: [updReg] d:\windows\UpdReg.EXE

mRun: [hplampc] d:\windows\system32\hplampc.exe

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [iSUSScheduler] "d:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Microsoft Default Manager] "d:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [DVDLauncher] "d:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [iSUSPM Startup] d:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "d:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: d:\docume~1\dj\startm~1\programs\startup\cnette~1.lnk - d:\documents and settings\dj\application data\cbs interactive\cnet techtracker\TechTracker.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{AFDC486A-7CC8-4D38-8531-FBE2D2355BEA} : DHCPNameServer = 192.168.1.254

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - d:\program files\wot\WOT.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "d:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - d:\documents and settings\dj\application data\mozilla\firefox\profiles\bqnclpth.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157|http://www.facebook.com/|http://forums.malwarebytes.org/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: d:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: d:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: d:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: d:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: d:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: d:\windows\system32\npdeployJava1.dll

FF - plugin: d:\windows\system32\npptools.dll

FF - plugin: d:\windows\system32\npwmsdrm.dll

FF - ExtSQL: !HIDDEN! 2010-11-15 15:27; {20a82645-c095-46ed-80e3-08825760534b}; d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2010-10-2 64288]

R0 MpFilter;Microsoft Malware Protection Driver;d:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]

R1 OxFWLF;OxFWLF;d:\windows\system32\drivers\OxFWLF.sys [2010-11-26 12616]

R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-15 54760]

R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-15 399432]

R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2010-10-5 22856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-5 676936]

S3 BBSvc;Bing Bar Update Service;d:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 fsssvc;Windows Live Family Safety Service;d:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 hp4200c;%usbscan.SvcDesc%;d:\windows\system32\drivers\hp4200c.sys [2010-11-26 9312]

S3 mamotou;mamotou;d:\windows\system32\drivers\mamotou.sys [2010-9-10 49377]

S3 OXUDIDRV;OXUDIDRV;d:\windows\system32\drivers\OXUDIDRV_X32.sys [2010-11-26 17664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 AVGIDSDriver;AVGIDSDriver; [x]

S4 AVGIDSFilter;AVGIDSFilter; [x]

S4 avgwd;avgwd; [x]

.

=============== Created Last 30 ================

.

2013-01-17 20:15:58 94112 ----a-w- d:\windows\system32\WindowsAccessBridge.dll

2013-01-17 20:10:48 6991832 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef7c5294-bc9d-406e-b841-761cab219fb9}\mpengine.dll

2012-12-21 23:36:59 6812136 ------w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- d:\windows\system32\atmfd.dll

2012-11-13 01:25:12 1866368 ----a-w- d:\windows\system32\win32k.sys

2012-11-02 02:02:42 375296 ----a-w- d:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- d:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- d:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- d:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- d:\windows\system32\html.iec

.

============= FINISH: 21:46:21.21 ===============

.............................................................................................................................................................

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 9/4/2010 8:21:21 PM

System Uptime: 1/17/2013 9:19:11 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0U7084

Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 67.251 GiB free.

D: is FIXED (NTFS) - 233 GiB total, 201.102 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Video Controller (VGA Compatible)

Device ID: PCI\VEN_1002&DEV_5D4D&SUBSYS_03021002&REV_00\4&16EC1A1&0&0008

Manufacturer:

Name: Video Controller (VGA Compatible)

PNP Device ID: PCI\VEN_1002&DEV_5D4D&SUBSYS_03021002&REV_00\4&16EC1A1&0&0008

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Video Controller

Device ID: PCI\VEN_1002&DEV_5D6D&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108

Manufacturer:

Name: Video Controller

PNP Device ID: PCI\VEN_1002&DEV_5D6D&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108

Service:

.

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Description: Mass Storage Controller

Device ID: PCI\VEN_1283&DEV_8212&SUBSYS_00000000&REV_13\4&10416D21&0&18F0

Manufacturer:

Name: Mass Storage Controller

PNP Device ID: PCI\VEN_1283&DEV_8212&SUBSYS_00000000&REV_13\4&10416D21&0&18F0

Service:

.

==== System Restore Points ===================

.

RP21: 4/15/2011 3:38:31 PM - Software Distribution Service 3.0

RP22: 4/15/2011 4:03:46 PM - Software Distribution Service 3.0

RP23: 5/3/2011 3:28:29 PM - Software Distribution Service 3.0

RP24: 5/3/2011 3:56:35 PM - Software Distribution Service 3.0

RP25: 6/14/2011 10:13:52 PM - Software Distribution Service 3.0

RP26: 7/13/2011 5:25:22 PM - Software Distribution Service 3.0

RP27: 7/13/2011 5:29:37 PM - Software Distribution Service 3.0

RP28: 7/13/2011 6:02:08 PM - Software Distribution Service 3.0

RP29: 7/14/2011 6:55:39 PM - Software Distribution Service 3.0

RP30: 9/3/2011 3:17:56 PM - Software Distribution Service 3.0

RP31: 9/3/2011 3:25:45 PM - Software Distribution Service 3.0

RP32: 9/22/2011 8:15:57 PM - Software Distribution Service 3.0

RP33: 9/22/2011 8:21:22 PM - Software Distribution Service 3.0

RP34: 9/22/2011 8:27:30 PM - Software Distribution Service 3.0

RP35: 11/1/2011 6:23:05 PM - Software Distribution Service 3.0

RP36: 11/1/2011 6:34:19 PM - Software Distribution Service 3.0

RP37: 11/7/2011 2:05:01 PM - Software Distribution Service 3.0

RP38: 12/5/2011 6:15:27 PM - Software Distribution Service 3.0

RP39: 12/5/2011 6:17:26 PM - Software Distribution Service 3.0

RP40: 12/5/2011 6:31:40 PM - Installed Java™ 6 Update 29

RP41: 12/31/2011 10:30:35 PM - Software Distribution Service 3.0

RP42: 12/31/2011 10:51:08 PM - Software Distribution Service 3.0

RP43: 1/12/2012 3:32:58 PM - Software Distribution Service 3.0

RP44: 2/24/2012 9:25:53 PM - Software Distribution Service 3.0

RP45: 2/24/2012 9:27:09 PM - Removed Java™ 6 Update 14

RP46: 2/24/2012 9:27:30 PM - Installed Java™ 6 Update 31

RP47: 3/4/2012 5:11:49 PM - Software Distribution Service 3.0

RP48: 3/4/2012 5:22:53 PM - Software Distribution Service 3.0

RP49: 3/4/2012 5:41:41 PM - Software Distribution Service 3.0

RP50: 4/3/2012 1:28:55 PM - Software Distribution Service 3.0

RP51: 4/3/2012 1:40:17 PM - Software Distribution Service 3.0

RP52: 5/2/2012 4:32:09 PM - Software Distribution Service 3.0

RP53: 5/2/2012 4:59:47 PM - Software Distribution Service 3.0

RP54: 6/23/2012 9:40:52 PM - Software Distribution Service 3.0

RP55: 8/9/2012 3:42:54 PM - Software Distribution Service 3.0

RP56: 8/9/2012 3:49:46 PM - Software Distribution Service 3.0

RP57: 8/16/2012 6:10:51 PM - Software Distribution Service 3.0

RP58: 8/16/2012 6:14:08 PM - Software Distribution Service 3.0

RP59: 10/15/2012 4:04:56 PM - Software Distribution Service 3.0

RP60: 10/15/2012 4:07:15 PM - Installed Java™ 6 Update 35

RP61: 10/15/2012 4:09:38 PM - Software Distribution Service 3.0

RP62: 10/15/2012 4:36:15 PM - Removed WOT for Internet Explorer

RP63: 10/15/2012 4:36:19 PM - Installed WOT for Internet Explorer

RP64: 10/15/2012 5:16:48 PM - Removed Java™ 6 Update 34

RP65: 10/15/2012 5:17:05 PM - Installed Java 7 Update 7

RP66: 12/21/2012 6:36:46 PM - Software Distribution Service 3.0

RP67: 12/21/2012 7:00:40 PM - Software Distribution Service 3.0

RP68: 1/17/2013 3:10:08 PM - Software Distribution Service 3.0

RP69: 1/17/2013 3:14:55 PM - Installed Java 7 Update 11

RP70: 1/17/2013 6:09:34 PM - Microsoft Antimalware Checkpoint

.

==== Installed Programs ======================

.

Acronis True Image

Active@ UNDELETE

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 2.0

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

Bing Bar

Broadcom Gigabit Integrated Controller

CCleaner

CNET TechTracker

Creative Audio Console

Creative MediaSource

Dell ResourceCD

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP PrecisionScan LT Software

Java 7 Update 11

Java Auto Updater

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Motorola RAZR V3xx USB - Handset Manager V9.5

Mozilla Firefox 16.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Multimedia Samples

PowerDVD 5.9

Retrospect 7.5

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Sonic Audio module

Sonic DLA

Sonic MyDVD LE

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sound Blaster Audigy 2

Speccy

SpywareBlaster 4.6

swMSM

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WD Diagnostics

WD Firewire HID Driver

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 12

WOT for Internet Explorer

XP Codec Pack

.

==== Event Viewer Messages From Past Week ========

.

1/17/2013 9:06:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

1/17/2013 9:06:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

1/17/2013 3:11:27 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.184.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: HOME-F2BDD63F24\DJ Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070003 Error description: The system cannot find the path specified.

1/17/2013 3:11:27 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.184.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: HOME-F2BDD63F24\DJ Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070003 Error description: The system cannot find the path specified.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum. That scan looks OK.....you may have scanned the wrong drive.

This is a XP system, your last computer was W7.

If it's the XP computer...

Can you burn a cd on another computer??

If so...follow the directions in the link below to create and scan the system with an OTLPE cd:

http://forums.malwar...ndpost&p=627789

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Ok Mr. C. and yes it is Win XP home. My last was Win 7. I'm able to scan XP in Safe Mode ''on the affected drive'', which is C: Let me read over the notes so I can understand what to do here. I did set MWB and HJT to scan C:, and verified C: was actually being scanned, yet my logs show D: was scanned. Don't understand this one. Let me retry the scans in Safe Mode for you. Will this be ok? ''May save us some time.'' I will get back with you and Thanks!

I burned OTLPEStd.exe to cd and will follow instrucions.

Link to post
Share on other sites

Ok, I'm on the REATGO-X-PE Desktop. After clicking on OTLPE icon, I'm asked to ''Choose Windows Directory''. What next? Drive C: doesn't show, so I ''ASSUME'' ReatogoPE(X:), but not selecting it as of yet. Also, how do I copy/paste into the ''Custom Scan Box'' if I can't get on the internet? I'm following directions from another PC... my laptop.

Under the Custom Scan box paste this in:

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

/md5start

explorer.exe

services.exe

winlogon.exe

userinit.exe

/md5stop

Link to post
Share on other sites

You should have copied the text for the custom scans on your usb drive.

Here's how it should go............

It's going to go something like this when OTLPE loads:

  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    /md5start
    explorer.exe
    services.exe
    winlogon.exe
    userinit.exe
    /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.

MrC

Link to post
Share on other sites

Ok, have it on usb now, but I'm prompted to BROWSE FOR FOLDER... ''Choose Windows Directory'' BEFORE anything else, so what do I choose, My Computer or Reatogo PE (X:)

I'm stuck and have no clue as of what to do next. I do not get;

''When asked "Do you wish to load the remote registry", select Yes'

I'm prompted to Browse For Folder, and Choose Windows Directory. My hard drive don't even show up here.

I selected one at a time and got this...''No windows installation found'' OR I get this, ''Target is not windows 2000 or later''

Something isn't going as expected here, AFTER clicking on the OTLPE icon.

The directions seem simple, but can't get past this point.

Ok, rebooted, tried it again and none of my hd's are to be found. I have to point this OTLPE scanner to something, but what? Why are my Windows installations not found? You would think they would show up, then I could select C: ! Maybe someone will have a solution for this.......

Link to post
Share on other sites

I'm at the REATOGO desktop, clicked OTLPE icon and get the same as mentioned by me earlier. I'm always prompted to Browse for folder, then choose windows directory. How can I point this scanner towards a windows directory if my HD's are not found? I have re-read all and am not getting to the FIRST step you noted.

Now, at the time I click on OTLPE icon, I see a black dos like screen pop up only for a nano second. I then get the ''browse for folder and directory interface! Normally I'm good at workarounds, but this one has me stumped. Any other suggestions? Thanks~

Browse folder options are;

My Computer

Floppy (A:)

RAMDisk (B:)

98 se (D:)

ReatogoPE (X:)

Shared Documents

These are my only options for pointing the scanner towards and NONE work!

Other than everything I've tried, I'm getting nowhere with this scanner. Do you have another scanner we could try, perhaps? Been at this for 2 hours so far....Thanks!

Link to post
Share on other sites

Ok, but poking around on the REATOGO desktop, I found an icon (two keys) that says '' MSKeyViewer Plus. Normally, I won't play with things, but I clicked on it and asks ''Do you wish to load the remote registry? Sounds like this is what we need and the scanner at start up bypassed this? What do ya' think, or should we go with VIPRE Rescue? Just pointing this out, that's all!

Got the Vipre on my flash at any rate....

Link to post
Share on other sites

I started running the VIPRE AV while I got some chow, about 45 min.'s ago. Have a 250gb drive and it's still getting scanned. I'll post what I can, then at your discretion, I can run that OTLPE, if needed. Most importantly, I was waiting for you to tell me, that I wouldn't screw anything up! LOL

Thanks! I'll keep ya' posted~

Link to post
Share on other sites

The scan is going on --over 4 hours--. May have to let the pc run overnight, but I do NOT like doing this. Why such a long scan? Had this problem with another AV years ago getting support. Woke up in the AM and ''There was No log'' produced........SMH at this! We'll see!

Link to post
Share on other sites

Ok, scan completed and a folder was created in C:\VIPRERESCUE and I think I need to locate the log? I shut down the pc, so I'll locate it later. I did see 6 infections were Quarantine'd. I'll get with you in the pm to figure out what I'm supposed to do next......

Link to post
Share on other sites

If you can find a log and post it...that would be good.

If you can.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Forgot to ask you, can I run Combofix from a Flash drive or drag/drop from flash to desktop in Safe Mode? Can't seem to find a Log from my last scan...VIPRES Quarantine folder? I see 3 CSV files outside of the Quarantine folder. Sorry, nothing spelling out LOG!

Running Combofix now......I'll get a log for ya'! Will it clean up the VIPRES scanner Folder and Quarantined items, too? That's my main concern.....

Link to post
Share on other sites

ComboFix 13-01-21.04 - DAVE 01/22/2013 15:06:55.9.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1693 [GMT -5:00]

Running from: c:\documents and settings\DAVE\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\DAVE\Application Data\PriceGong

c:\documents and settings\DAVE\Application Data\PriceGong\Data\1.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\a.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\b.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\c.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\d.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\e.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\f.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\g.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\h.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\i.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\j.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\k.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\l.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\m.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\DAVE\Application Data\PriceGong\Data\n.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\o.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\p.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\q.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\r.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\s.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\t.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\u.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\v.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\w.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\x.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\y.txt

c:\documents and settings\DAVE\Application Data\PriceGong\Data\z.txt

c:\documents and settings\DAVE\Recent\Thumbs.db

c:\documents and settings\DAVE\WINDOWS

c:\progra~1\AIRCAN~1\TRAVel~1.exe

c:\windows\system32\sqlite3.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\msvcr71.dll.int

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))

.

.

2013-01-21 23:33 . 2012-05-25 17:14 42864 ----a-w- c:\windows\system32\sbbd.exe

2013-01-21 23:33 . 2012-05-25 17:14 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2013-01-21 23:32 . 2013-01-22 09:27 -------- d-----w- C:\VIPRERESCUE

2013-01-16 06:14 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F921FC6-F611-4BCD-B143-9103683D1C32}\mpengine.dll

2013-01-15 03:08 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-13 01:11 . 2012-04-03 17:59 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-13 01:11 . 2011-05-22 17:10 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2011-02-09 05:36 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2009-08-19 22:07 1371648 ----a-w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2011-02-09 05:36 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-09-11 21:11 . 2012-09-11 21:11 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]

.

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

[HKEY_CLASSES_ROOT\agihelper.AGUtils]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]

"hplampc"="c:\windows\System32\hplampc.exe" [2002-01-17 40448]

"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]

"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]

"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 39408]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Yahoo! Autosync.lnk - c:\program files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe [2007-8-21 391680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

[bU]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Alaska Airlines Update Conduit.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Alaska Airlines Update Conduit.lnk

backup=c:\windows\pss\Alaska Airlines Update Conduit.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^CNET TechTracker.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\CNET TechTracker.lnk

backup=c:\windows\pss\CNET TechTracker.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Smile Desktop.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Smile Desktop.lnk

backup=c:\windows\pss\Smile Desktop.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^United Airlines Timetable Update Application.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\United Airlines Timetable Update Application.lnk

backup=c:\windows\pss\United Airlines Timetable Update Application.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^DAVE^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\DAVE\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoBAUP_FilesBackup_2]

AUTOBAUP2 [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]

/L:ENG [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2008-09-22 23:42 90112 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2006-02-10 01:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]

2002-09-30 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2006-08-11 18:56 17920 ----a-w- c:\windows\CTHELPER.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

2006-08-11 18:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2005-03-16 10:33 127037 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2006-04-06 14:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

2012-12-03 19:46 366576 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2004-04-12 00:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-01-21 16:17 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-09-24 22:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2012-09-12 20:17 896912 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Spindown Utility]

2004-08-09 19:15 278528 ----a-w- c:\program files\Western Digital Technologies\Spindown\ExSpinDn.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Name of App"=c:\program files\Samsung\FW LiveUpdate\LiveUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\msconfig.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12345:TCP"= 12345:TCP:Motorola Helper

.

R1 MpKslf7e754ad;MpKslf7e754ad;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F921FC6-F611-4BCD-B143-9103683D1C32}\MpKslf7e754ad.sys [1/22/2013 3:20 PM 29904]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/21/2013 6:33 PM 101112]

R2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [12/3/2012 2:49 PM 188760]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 Auto File Backup Service;AutoBAUP Service;c:\program files\AutoBAUP\AutoBAUP.exe --> c:\program files\AutoBAUP\AutoBAUP.exe [?]

S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]

S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]

S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]

S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [9/22/2008 12:38 AM 9312]

S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [9/9/2010 10:47 PM 49377]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2010 6:09 PM 22344]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [4/9/2010 2:39 PM 42752]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2010 6:09 PM 654408]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLF7E754AD

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-16 06:46 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2008-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2012-11-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 19:38]

.

2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 03:27]

.

2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 03:27]

.

2013-01-22 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]

.

2013-01-22 c:\windows\Tasks\User_Feed_Synchronization-{3917B950-7D37-43A7-A444-D3158FE290D4}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.254

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\DAVE\Application Data\Mozilla\Firefox\Profiles\tpgzersa.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/|http://att.my.yahoo.com/

FF - ExtSQL: 2012-12-03 14:49; {336D0C35-8A85-403a-B9D2-65C292C39087}; c:\program files\IB Updater\Firefox

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file)

Toolbar-{2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{2462D2D8-B36E-44AB-84BF-C5A9383D2429} - (no file)

SafeBoot-MCODS

MSConfigStartUp-Acronis True Image Monitor - c:\program files\Acronis\TrueImage\TrueImageMonitor.exe

MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe

MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

MSConfigStartUp-WsdtReplacer - c:\documents and settings\DAVE\Local Settings\Temp\WebshotSupplantLauncher.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-22 15:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]

"ImagePath"="\"\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a9,60,07,25,40,6d,44,bd,3f,88,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,7f,87,e3,d3,82,7b,4d,a9,21,da,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,9c,eb,28,da,a1,9f,4a,a0,88,eb,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(784)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(8104)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\program files\Iomega\DriveIcons\IMGHOOK.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\windows\system32\CTsvcCDA.exe

c:\progra~1\Iomega\System32\AppServices.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Retrospect\Retrospect 7.5\retrorun.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\MsPMSPSv.exe

c:\program files\Skyhook Wireless\Wi-Fi Driver\WPSScannerSvc.exe

c:\program files\Iomega\AutoDisk\ADService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\Intellisync\PushSyncService\PushSyncService.exe

.

**************************************************************************

.

Completion time: 2013-01-22 15:27:08 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-22 20:27

ComboFix2.txt 2010-10-08 19:24

.

Pre-Run: 74,048,622,592 bytes free

Post-Run: 72,308,334,592 bytes free

.

- - End Of File - - F4AD0BBA3564CD15179EF4ACAB59F81B

...............................................................................................................

System seems ok on normal boot ...not in safe mode anymore. What next?

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.