FBI Moneypak / White Screen Virus

[jeremymojo2013]

Looks like I am also special and have contracted the FBI Money Pak/ White Screen Virus. I first got an "FBI looking page" said I needed to pay the ransom. Immediately pulled power and ethernet connection. Upon restart I get the white screeen only showing "Please connect to internet" in upper left. Trying to boot to safemode also brings up the white screen. I'm guessing I need to downlaod the farbar tool and run that from the commnad prompt. Please assist with a winning strategy to clean my PC! Running Win XP (and stupidly hadn't updated it for last few months). Any help would be most appreciated!

Jeremymojo

[MrCharlie]

Welcome to the forum.

The best way to deal with this infection on XP is by creating an OTLPE disk, scan the system with it and post the log as outlined in the link below:

http://forums.malwarebytes.org/index.php?showtopic=120037&view=findpost&p=627789

Let me know....... MrC

[jeremymojo2013]

Thanks, got the OTL.txt file. Really appreciate the help.

Here we go:

OTL logfile created on: 5/4/2013 1:35:46 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 372.61 Gb Total Space | 221.88 Gb Free Space | 59.55% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 104.38 Gb Free Space | 44.82% Space Free | Partition Type: NTFS

Drive E: | 1397.25 Gb Total Space | 650.82 Gb Free Space | 46.58% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2013/04/12 16:42:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/03/15 23:42:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/28 22:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/11/11 17:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV - [2010/11/11 17:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2010/11/11 17:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2010/11/11 17:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)

SRV - [2010/01/21 21:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- D:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (SetupNTGLM7X)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- -- (NTACCESS)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/07/28 21:27:36 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/07/06 07:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2010/01/28 10:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2009/11/18 10:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 10:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/08/15 23:49:14 | 000,155,792 | R--- | M] (Promise Technology, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\FTT3.sys -- (FTT3)

DRV - [2007/03/16 13:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- D:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2007/03/16 13:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2005/01/15 03:25:20 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)

DRV - [2005/01/15 03:24:36 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)

DRV - [2005/01/15 03:24:30 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)

DRV - [2005/01/15 03:24:30 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

DRV - [2005/01/14 20:24:14 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\an983.sys -- (AN983)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: D:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: D:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/09/14 10:40:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/14 10:40:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 16:42:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 16:42:32 | 000,000,000 | ---D | M]

[2010/09/13 19:09:23 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2012/11/11 19:03:35 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9sacqu6.default\extensions

[2010/09/14 23:25:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9sacqu6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/14 13:53:04 | 000,001,832 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9sacqu6.default\searchplugins\bing.xml

[2013/04/12 16:42:29 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions

[2013/04/12 16:42:29 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/04/12 16:42:30 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013/04/28 00:23:17 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\updated\extensions

[2013/04/28 00:23:25 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/04/28 00:23:17 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/04/28 00:23:18 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

File not found (No name found) --

[2013/04/12 16:42:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/03 14:12:20 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- D:\Program Files\mozilla firefox\plugins\NPcol400.dll

[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012/11/29 04:27:12 | 000,002,465 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/02/20 05:32:14 | 000,002,086 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/12 13:45:34 | 000,438,353 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15079 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\Administrator_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [EEventManager] D:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [KB3729275] D:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe (Skin)

O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [Recordpad] D:\Program Files\NCH Software\Recordpad\recordpad.exe (NCH Software)

O4 - HKLM..\Run: [RemoteControl] D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKLM..\Run: [Zune Launcher] D:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_D..\Run: [KB3729275] D:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe (Skin)

O4 - HKU\Administrator_ON_D..\Run: [NBJ] D:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - HKU\Administrator_ON_D..\Run: [sansaDispatch] D:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)

O4 - HKU\Administrator_ON_D..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\Administrator_ON_D..\Run: [TBPanel] D:\Program Files\Vtune\TBPanel.exe ()

O4 - Startup: D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB3729275 = "C:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe" (Skin)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB3729275 = "C:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe" (Skin)

O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Convert link target to Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - ("C:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe") - D:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe (Skin)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/07/04 14:30:47 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Sharedaccess - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: aux1 - D:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)

Drivers32: aux2 - D:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - D:\WINDOWS\System32\VCT3216.acm (Voxware, Inc.)

Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/28 20:57:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275

[2013/04/26 19:26:54 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Skype

[2013/04/13 14:22:40 | 000,159,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ptpusd.dll

[2013/04/13 14:22:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ptpusb.dll

[2013/04/12 16:42:28 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox

[2010/09/14 13:48:43 | 000,047,360 | ---- | C] (VSO Software) -- D:\Documents and Settings\Administrator\Application Data\pcouffin.sys

[8 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/04 15:06:17 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

[2013/05/04 15:06:06 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

[2013/04/28 21:05:53 | 000,000,300 | ---- | M] () -- D:\WINDOWS\tasks\recordpadShakeIcon.job

[2013/04/28 21:05:15 | 000,002,335 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

[2013/04/28 21:04:53 | 000,278,041 | ---- | M] () -- D:\WINDOWS\System32\NvApps.xml

[2013/04/28 20:42:00 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/04/13 18:13:43 | 000,298,848 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT

[2013/04/13 17:56:57 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK

[2013/04/10 21:53:01 | 000,435,688 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat

[2013/04/10 21:53:01 | 000,068,584 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat

[8 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/25 21:57:37 | 000,000,300 | ---- | C] () -- D:\WINDOWS\tasks\recordpadShakeIcon.job

[2012/02/15 18:24:33 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll

[2011/08/01 12:16:33 | 000,000,297 | ---- | C] () -- D:\WINDOWS\EReg072.dat

[2011/05/07 13:54:21 | 000,000,557 | ---- | C] () -- D:\WINDOWS\cdplayer.ini

[2011/05/07 13:43:05 | 000,001,492 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\ss.ini

[2010/10/15 15:06:12 | 000,000,128 | ---- | C] () -- D:\WINDOWS\LIBENMP3.INI

[2010/10/15 15:06:12 | 000,000,075 | ---- | C] () -- D:\WINDOWS\LIBENACM.INI

[2010/10/15 15:06:12 | 000,000,048 | ---- | C] () -- D:\WINDOWS\LIBENVRS.INI

[2010/10/15 15:06:12 | 000,000,029 | ---- | C] () -- D:\WINDOWS\LIBENWMA.INI

[2010/10/15 13:37:34 | 000,002,102 | ---- | C] () -- D:\WINDOWS\smp3m45v.ini

[2010/09/20 14:38:30 | 000,010,240 | ---- | C] () -- D:\WINDOWS\System32\vidx16.dll

[2010/09/18 18:01:43 | 000,037,376 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/14 17:55:30 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini

[2010/09/14 13:56:27 | 000,000,032 | ---- | C] () -- D:\WINDOWS\CD_Start.INI

[2010/09/14 13:52:21 | 000,002,126 | ---- | C] () -- D:\WINDOWS\AutostarSuite.ini

[2010/09/14 13:48:43 | 000,087,608 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\ezpinst.exe

[2010/09/14 13:48:43 | 000,007,824 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\pcouffin.cat

[2010/09/14 13:48:43 | 000,001,144 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\pcouffin.inf

[2010/09/14 13:44:52 | 000,040,960 | ---- | C] () -- D:\Program Files\Uninstall_CDS.exe

[2010/09/14 11:01:43 | 000,000,000 | ---- | C] () -- D:\WINDOWS\EEventManager.INI

[2010/09/14 10:45:06 | 000,073,220 | ---- | C] () -- D:\WINDOWS\System32\EPPICPrinterDB.dat

[2010/09/14 10:45:06 | 000,031,053 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern131.dat

[2010/09/14 10:45:06 | 000,029,114 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern1.dat

[2010/09/14 10:45:06 | 000,027,417 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern121.dat

[2010/09/14 10:45:06 | 000,021,021 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern3.dat

[2010/09/14 10:45:06 | 000,015,670 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern5.dat

[2010/09/14 10:45:06 | 000,013,280 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern2.dat

[2010/09/14 10:45:06 | 000,010,673 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern4.dat

[2010/09/14 10:45:06 | 000,004,943 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern6.dat

[2010/09/14 10:45:06 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_PT.dat

[2010/09/14 10:45:06 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_BP.dat

[2010/09/14 10:45:06 | 000,001,137 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_ES.dat

[2010/09/14 10:45:06 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_FR.dat

[2010/09/14 10:45:06 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_CF.dat

[2010/09/14 10:45:06 | 000,001,104 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_EN.dat

[2010/09/14 10:45:06 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\PICSDK.ini

[2010/09/13 19:09:14 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat

[2010/07/04 14:31:46 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat

[2010/07/04 14:26:32 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat

[2010/07/04 07:18:36 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI

[2010/07/04 07:17:35 | 000,298,848 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/06 06:25:58 | 002,185,518 | ---- | C] () -- D:\WINDOWS\System32\nvdata.bin

[2010/01/12 09:35:44 | 000,080,416 | ---- | C] () -- D:\WINDOWS\System32\RtNicProp32.dll

[2008/01/09 05:53:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll

[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin

[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat

[2002/08/29 12:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin

[2002/08/29 12:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat

[2002/08/29 12:00:00 | 000,435,688 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat

[2002/08/29 12:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat

[2002/08/29 12:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat

[2002/08/29 12:00:00 | 000,068,584 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat

[2002/08/29 12:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin

[2002/08/29 12:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat

[2002/08/29 12:00:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat

[2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/09/14 14:14:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software

[2012/12/01 14:20:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Battle.net

[2010/09/14 10:44:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\EPSON

[2011/05/07 13:40:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\FreeRIP

[2011/07/11 19:10:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/07/04 17:21:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2012/02/12 19:23:01 | 000,000,304 | ---- | M] () -- D:\WINDOWS\Tasks\expresszipShakeIcon.job

[2013/04/28 21:05:53 | 000,000,300 | ---- | M] () -- D:\WINDOWS\Tasks\recordpadShakeIcon.job

[2011/10/25 17:28:02 | 000,000,292 | ---- | M] () -- D:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/07/04 14:30:47 | 000,000,000 | ---- | M] () -- D:\AUTOEXEC.BAT

[2012/04/28 23:37:44 | 000,000,245 | -HS- | M] () -- D:\boot.ini

[2010/07/04 14:30:47 | 000,000,000 | ---- | M] () -- D:\CONFIG.SYS

[2011/07/13 01:05:24 | 000,038,354 | ---- | M] () -- D:\dracula.acd

[2012/06/16 21:14:31 | 000,091,382 | ---- | M] () -- D:\dracula1.acd

[2012/05/28 20:07:00 | 004,502,047 | ---- | M] () -- D:\dracula99.mp3

[2011/01/15 22:53:20 | 002,519,257 | ---- | M] (MGShareware ) -- D:\freeripmp3-setup.exe

[2010/07/04 14:30:47 | 000,000,000 | RHS- | M] () -- D:\IO.SYS

[2010/07/04 14:30:47 | 000,000,000 | RHS- | M] () -- D:\MSDOS.SYS

[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- D:\NTDETECT.COM

[2010/07/04 18:03:19 | 000,250,048 | RHS- | M] () -- D:\ntldr

[2013/05/04 15:05:27 | 2145,386,496 | -HS- | M] () -- D:\pagefile.sys

[2010/11/12 16:03:05 | 000,000,181 | ---- | M] () -- D:\settings-router.txt

[2010/11/12 15:57:10 | 000,000,000 | ---- | M] () -- D:\wizard.txt

< MD5 for: EXPLORER.EXE >

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- D:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- D:\WINDOWS\$NtUninstallKB956572$\services.exe

[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- D:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- D:\WINDOWS\$NtServicePackUninstall$\services.exe

[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- D:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\system32\DllCache\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\system32\services.exe

[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- D:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012/04/04 18:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- D:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

< End of report >

[MrCharlie]

OK, basically what we want to do is copy the text that's in BOLD into the Custom Scans/Fixes box of OTLPE:

Here's how to do that:

Copy the text in BOLD into notepad and save it:

:OTL

O4 - HKLM..\Run: [KB3729275] D:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe (Skin)

O4 - HKU\Administrator_ON_D..\Run: [KB3729275] D:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe (Skin)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB3729275 = "C:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe" (Skin)

O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB3729275 = "C:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe" (Skin)

O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O20 - HKLM Winlogon: Shell - ("C:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe") - D:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275\KB3729275.exe (Skin)

[2013/04/28 20:57:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\KB3729275

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here.

See if the computer boots up normally now.......MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!