Jump to content

Infected with FBI Moneypak Virus-Please Help!

KAG

By KAG
in Resolved Malware Removal Logs

 Share

Recommended Posts

KAG

KAG

Posted
Posted

My computer is infected with the FBI Moneypak Virus..Below are the results of the Recovery Scan...I would really appreciate some help!!!! Thanks!!!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2013

Ran by SYSTEM on 16-05-2013 19:13:36

Running from E:\

Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)

HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1245032555\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)

HKLM\...\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [532808 2009-01-21] (Corel, Inc.)

HKLM\...\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-01-21] ()

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1318816 2012-03-21] (McAfee, Inc.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)

HKLM\...\Run: [selectRebates] C:\Program Files\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()

HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [] [x]

HKLM\...\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)

HKLM\...\Winlogon: [system]

HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-09-30] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-09-30] (Hewlett-Packard)

HKU\OWNER\...\Run: [sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [ 2009-04-10] (Microsoft Corporation)

HKU\OWNER\...\Run: [googletalk] C:\Users\OWNER\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [ 2007-01-01] (Google)

HKU\OWNER\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)

HKU\OWNER\...\Run: [TSWorkspace] C:\Users\OWNER\AppData\Local\AdvancedInstallers\TSWorkspace.exe [ 2013-05-14] (Softline Interacive, LLC)

HKU\OWNER\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-01-26] (Safer Networking Limited)

Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk

ShortcutTarget: AOL Desktop.lnk -> C:\Program Files\Common Files\aol\Launch\aollaunch.exe (AOL LLC)

========================== Services (Whitelisted) =================

S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)

S3 getPlus® Installer; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [59552 2009-03-16] (NOS Microsystems Ltd.)

S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)

S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [361976 2012-04-19] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [166288 2012-03-20] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [161632 2012-03-20] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [151880 2012-03-20] (McAfee, Inc.)

S2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()

S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()

S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S3 msiserver; %systemroot%\system32\msiexec /V [x]

S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]

==================== Drivers (Whitelisted) ====================

S3 ATWPKT2; C:\Windows\system32\drivers\ATWPKT2.SYS [24360 2008-07-30] (America Online)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)

S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)

S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)

S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)

S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.)

S3 usbkey; C:\Windows\System32\DRIVERS\USBKey.sys [30168 2007-01-19] ()

S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [x]

S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [x]

S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-16 19:13 - 2013-05-16 19:13 - 00000000 ____D C:\FRST

2013-05-15 21:55 - 2013-05-16 17:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-05-15 21:55 - 2013-05-16 17:26 - 00000000 ____D C:\ProgramData\Application Data\Spybot - Search & Destroy

2013-05-15 21:55 - 2013-05-15 21:55 - 00001055 ____A C:\Users\OWNER\Desktop\Spybot - Search & Destroy.lnk

2013-05-15 21:55 - 2013-05-15 21:55 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy

2013-05-15 20:27 - 2013-05-15 20:27 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-15 20:27 - 2013-05-15 20:27 - 00000906 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-15 18:59 - 2013-05-15 18:59 - 10690942 ____A C:\Users\OWNER\Downloads\KERRI + JIM WEDDING-370.JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 08427439 ____A C:\Users\OWNER\Downloads\FPTFY_Free_Etsy_Banners_SSFS.zip.html

2013-05-15 18:59 - 2013-05-15 18:59 - 06054794 ____A C:\Users\OWNER\Downloads\KERRI + JIM WEDDING-372.JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 01570867 ____A C:\Users\OWNER\My Documents\VIDEO0012.3gp.html

2013-05-15 18:59 - 2013-05-15 18:59 - 01570867 ____A C:\Users\OWNER\Documents\VIDEO0012.3gp.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00961187 ____A C:\Users\OWNER\Downloads\photo.JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00755920 ____A C:\Users\OWNER\Downloads\photo (1).JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00751463 ____A C:\Users\OWNER\Downloads\photo (2).JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00513001 ____A C:\Users\OWNER\My Documents\TBI.AssessmentPacket.pdf.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00513001 ____A C:\Users\OWNER\Documents\TBI.AssessmentPacket.pdf.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00271580 ____A C:\Users\OWNER\My Documents\StaabWeddingProposal-2012.xls.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00271580 ____A C:\Users\OWNER\Documents\StaabWeddingProposal-2012.xls.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00148236 ____A C:\Users\OWNER\My Documents\Wedding guest tracker1.xlsx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00148236 ____A C:\Users\OWNER\Documents\Wedding guest tracker1.xlsx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00088792 ____A C:\Users\OWNER\My Documents\When Children Wont Eat.Toomey.pdf.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00088792 ____A C:\Users\OWNER\Documents\When Children Wont Eat.Toomey.pdf.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00032206 ____A C:\Users\OWNER\Downloads\Little_BabyStaab.jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00031452 ____A C:\Users\OWNER\My Documents\swallowingdisorders.doc.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00031452 ____A C:\Users\OWNER\Documents\swallowingdisorders.doc.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00030524 ____A C:\Users\OWNER\Downloads\Little_BabyStaab (1).jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00029404 ____A C:\Users\OWNER\My Documents\ToBIdata.xls.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00029404 ____A C:\Users\OWNER\Documents\ToBIdata.xls.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00028954 ____A C:\Users\OWNER\Downloads\Little_BabyG (1).jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00028685 ____A C:\Users\OWNER\Downloads\Little_BabyG.jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00027166 ____A C:\Users\OWNER\Downloads\Little_BabyG (3).jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00024624 ____A C:\Users\OWNER\Downloads\Little_BabyG (2).jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00000385 ____A C:\Users\OWNER\Downloads\~$How_to_observe_and_work_in_a_hospital_setting_PPP[1].pptx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00000382 ____A C:\Users\OWNER\My Documents\~$cipeCard.docx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00000382 ____A C:\Users\OWNER\Downloads\~$D Handbook.docx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00000382 ____A C:\Users\OWNER\Documents\~$cipeCard.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 09497209 ____A C:\Users\OWNER\My Documents\OralMotor_Feeding_BirthtoOneYear_PART1.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 09497209 ____A C:\Users\OWNER\Documents\OralMotor_Feeding_BirthtoOneYear_PART1.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 04045912 ____A C:\Users\OWNER\My Documents\PictureorVideo001.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 04045912 ____A C:\Users\OWNER\Documents\PictureorVideo001.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 02070420 ____A C:\Users\OWNER\My Documents\Scan_Pic0001.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 02070420 ____A C:\Users\OWNER\Documents\Scan_Pic0001.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00403572 ____A C:\Users\OWNER\My Documents\Scan_Pic0002.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00403572 ____A C:\Users\OWNER\Documents\Scan_Pic0002.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00387524 ____A C:\Users\OWNER\My Documents\Scan_Pic0003.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00387524 ____A C:\Users\OWNER\Documents\Scan_Pic0003.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00253660 ____A C:\Users\OWNER\My Documents\Letter.LongStudents.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00253660 ____A C:\Users\OWNER\Documents\Letter.LongStudents.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00196420 ____A C:\Users\OWNER\My Documents\RecipeCard.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00196420 ____A C:\Users\OWNER\Documents\RecipeCard.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00097916 ____A C:\Users\OWNER\My Documents\SOS APPROACH - explanation.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00097916 ____A C:\Users\OWNER\Documents\SOS APPROACH - explanation.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00046300 ____A C:\Users\OWNER\My Documents\Resume.KerriStaab.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00046300 ____A C:\Users\OWNER\Documents\Resume.KerriStaab.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00045788 ____A C:\Users\OWNER\My Documents\Resume.KerriGrimes.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00045788 ____A C:\Users\OWNER\Documents\Resume.KerriGrimes.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00038499 ____A C:\Users\OWNER\My Documents\MarriageLicenseInformation.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00038499 ____A C:\Users\OWNER\Documents\MarriageLicenseInformation.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00035548 ____A C:\Users\OWNER\My Documents\Natalie's Baby Shower.xls.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00035548 ____A C:\Users\OWNER\Documents\Natalie's Baby Shower.xls.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028958 ____A C:\Users\OWNER\My Documents\Kerri&JimmyTimeline.old.xlsx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028958 ____A C:\Users\OWNER\Documents\Kerri&JimmyTimeline.old.xlsx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028892 ____A C:\Users\OWNER\My Documents\letterofrec.joanna.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028892 ____A C:\Users\OWNER\Documents\letterofrec.joanna.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028851 ____A C:\Users\OWNER\My Documents\KGRGuidelines1-13-10.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028851 ____A C:\Users\OWNER\Documents\KGRGuidelines1-13-10.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00027356 ____A C:\Users\OWNER\My Documents\reflection paper.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00027356 ____A C:\Users\OWNER\Documents\reflection paper.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00026332 ____A C:\Users\OWNER\My Documents\SpeechFlareClientData.xls.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00026332 ____A C:\Users\OWNER\My Documents\socialstory.PMvalve.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00026332 ____A C:\Users\OWNER\Documents\SpeechFlareClientData.xls.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00026332 ____A C:\Users\OWNER\Documents\socialstory.PMvalve.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00022748 ____A C:\Users\OWNER\My Documents\SALTparagraph.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00022748 ____A C:\Users\OWNER\Documents\SALTparagraph.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00018437 ____A C:\Users\OWNER\My Documents\LoopWriterRegistrationInformation;Grimes,K.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00018437 ____A C:\Users\OWNER\Documents\LoopWriterRegistrationInformation;Grimes,K.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00013739 ____A C:\Users\OWNER\My Documents\practiceinterview.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00013739 ____A C:\Users\OWNER\Documents\practiceinterview.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00000590 ____A C:\Users\OWNER\My Documents\Pictures - Shortcut.lnk.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00000590 ____A C:\Users\OWNER\Documents\Pictures - Shortcut.lnk.html

2013-05-15 18:57 - 2013-05-15 18:57 - 07391710 ____A C:\Users\OWNER\My Documents\InfantFeedingAssessment.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 07391710 ____A C:\Users\OWNER\Documents\InfantFeedingAssessment.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 05222375 ____A C:\Users\OWNER\My Documents\IMG_0927.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 05222375 ____A C:\Users\OWNER\Documents\IMG_0927.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 02555481 ____A C:\Users\OWNER\My Documents\CHOCBenefitsBrochure-March2011.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 02555481 ____A C:\Users\OWNER\Documents\CHOCBenefitsBrochure-March2011.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 02253728 ____A C:\Users\OWNER\My Documents\IMG_0448.mov.html

2013-05-15 18:57 - 2013-05-15 18:57 - 02253728 ____A C:\Users\OWNER\Documents\IMG_0448.mov.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01821826 ____A C:\Users\OWNER\My Documents\IMG00114-20100818-1041.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01821826 ____A C:\Users\OWNER\Documents\IMG00114-20100818-1041.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01298932 ____A C:\Users\OWNER\My Documents\image003.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01298932 ____A C:\Users\OWNER\Documents\image003.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01265112 ____A C:\Users\OWNER\My Documents\GER in Infants.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01265112 ____A C:\Users\OWNER\Documents\GER in Infants.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00882764 ____A C:\Users\OWNER\My Documents\Esophageal Dysphagia.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00882764 ____A C:\Users\OWNER\Documents\Esophageal Dysphagia.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00483759 ____A C:\Users\OWNER\My Documents\corpuscallosotomy.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00483759 ____A C:\Users\OWNER\Documents\corpuscallosotomy.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00193756 ____A C:\Users\OWNER\My Documents\DOLsheet.xls.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00193756 ____A C:\Users\OWNER\Documents\DOLsheet.xls.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00141282 ____A C:\Users\OWNER\My Documents\cransalad.jpg.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00141282 ____A C:\Users\OWNER\Documents\cransalad.jpg.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00091905 ____A C:\Users\OWNER\My Documents\FeedingSkills.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00091905 ____A C:\Users\OWNER\Documents\FeedingSkills.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00063708 ____A C:\Users\OWNER\My Documents\glossary.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00063708 ____A C:\Users\OWNER\Documents\glossary.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00049096 ____A C:\Users\OWNER\My Documents\ElectronicGlossary.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00049096 ____A C:\Users\OWNER\Documents\ElectronicGlossary.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00036572 ____A C:\Users\OWNER\My Documents\howsweetgame.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00036572 ____A C:\Users\OWNER\Documents\howsweetgame.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00027868 ____A C:\Users\OWNER\My Documents\ChristmasInvites.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00027868 ____A C:\Users\OWNER\Documents\ChristmasInvites.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00026844 ____A C:\Users\OWNER\My Documents\halloween invite.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00026844 ____A C:\Users\OWNER\Documents\halloween invite.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00026332 ____A C:\Users\OWNER\My Documents\Fettuccine Alfredo.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00026332 ____A C:\Users\OWNER\Documents\Fettuccine Alfredo.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00024868 ____A C:\Users\OWNER\My Documents\inviteinserts.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00024868 ____A C:\Users\OWNER\Documents\inviteinserts.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00014981 ____A C:\Users\OWNER\My Documents\halloweeninvite.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00014981 ____A C:\Users\OWNER\Documents\halloweeninvite.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00014953 ____A C:\Users\OWNER\My Documents\FluencyLessonPlans.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00014953 ____A C:\Users\OWNER\Documents\FluencyLessonPlans.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00013481 ____A C:\Users\OWNER\My Documents\feedrecs.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00013481 ____A C:\Users\OWNER\Documents\feedrecs.docx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 06400220 ____A C:\Users\OWNER\My Documents\2011PosterSession.ppt.html

2013-05-15 18:47 - 2013-05-15 18:47 - 06400220 ____A C:\Users\OWNER\Documents\2011PosterSession.ppt.html

2013-05-15 18:47 - 2013-05-15 18:47 - 01878057 ____A C:\Users\OWNER\My Documents\07.21.12Grimes0942Proposal.pdf.html

2013-05-15 18:47 - 2013-05-15 18:47 - 01878057 ____A C:\Users\OWNER\Documents\07.21.12Grimes0942Proposal.pdf.html

2013-05-15 18:47 - 2013-05-15 18:47 - 01799797 ____A C:\Users\OWNER\My Documents\ABA_presentationupdated3.20.pptx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 01799797 ____A C:\Users\OWNER\Documents\ABA_presentationupdated3.20.pptx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00313388 ____A C:\Users\OWNER\My Documents\2012Services.zip.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00313388 ____A C:\Users\OWNER\Documents\2012Services.zip.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00126016 ____A C:\Users\OWNER\My Documents\2918385.pdf.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00126016 ____A C:\Users\OWNER\Documents\2918385.pdf.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00121564 ____A C:\Users\OWNER\My Documents\ASHA.CallforPapers.doc.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00121564 ____A C:\Users\OWNER\Documents\ASHA.CallforPapers.doc.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00084188 ____A C:\Users\OWNER\My Documents\assessment_comps.doc.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00084188 ____A C:\Users\OWNER\Documents\assessment_comps.doc.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00012421 ____A C:\Users\OWNER\My Documents\BabyShowerAddresses.xlsx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00012421 ____A C:\Users\OWNER\Documents\BabyShowerAddresses.xlsx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00010190 ____A C:\Users\OWNER\My Documents\antispyware.docx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00010190 ____A C:\Users\OWNER\Documents\antispyware.docx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00003330 ____A C:\Users\OWNER\My Documents\BmSdp Log.txt.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00003330 ____A C:\Users\OWNER\Documents\BmSdp Log.txt.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00047836 ____A C:\Users\OWNER\Desktop\Resume.doc.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00045788 ____A C:\Users\OWNER\Desktop\Resume.Update.04.2013.doc.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00002067 ____A C:\Users\OWNER\Desktop\SynthWorks.lnk.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00002067 ____A C:\Users\OWNER\Desktop\PitchWorks.lnk.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00002051 ____A C:\Users\OWNER\Desktop\PCquirerX.lnk.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00000324 ____A C:\Users\OWNER\Desktop\Recycle Bin - Shortcut.lnk.html

2013-05-14 21:29 - 2013-05-14 21:29 - 00002847 ____A C:\Users\OWNER\Desktop\Microsoft Office Word 2007.lnk.html

2013-05-14 21:29 - 2013-05-14 21:29 - 00001163 ____A C:\Users\OWNER\Desktop\Launch Internet Explorer Browser.lnk.html

2013-05-14 21:29 - 2013-05-14 21:29 - 00001048 ____A C:\Users\OWNER\Desktop\LoopWriter - Shortcut.lnk.html

2013-05-14 21:14 - 2013-05-14 21:14 - 00000241 ____A C:\ProgramData\hpqp.txt.html

2013-05-14 21:14 - 2013-05-14 21:14 - 00000241 ____A C:\ProgramData\Application Data\hpqp.txt.html

2013-05-14 21:11 - 2013-05-14 21:11 - 00000000 ____D C:\Users\OWNER\Local Settings\Application Data\AdvancedInstallers

2013-05-14 21:11 - 2013-05-14 21:11 - 00000000 ____D C:\Users\OWNER\Local Settings\AdvancedInstallers

2013-05-14 21:11 - 2013-05-14 21:11 - 00000000 ____D C:\Users\OWNER\AppData\Local\AdvancedInstallers

2013-04-23 20:39 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders ========

2013-05-16 19:13 - 2013-05-16 19:13 - 00000000 ____D C:\FRST

2013-05-16 17:26 - 2013-05-15 21:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-05-16 17:26 - 2013-05-15 21:55 - 00000000 ____D C:\ProgramData\Application Data\Spybot - Search & Destroy

2013-05-16 16:59 - 2006-11-02 05:01 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-16 16:59 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-16 16:59 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-16 16:59 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-15 21:55 - 2013-05-15 21:55 - 00001055 ____A C:\Users\OWNER\Desktop\Spybot - Search & Destroy.lnk

2013-05-15 21:55 - 2013-05-15 21:55 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy

2013-05-15 20:27 - 2013-05-15 20:27 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-15 20:27 - 2013-05-15 20:27 - 00000906 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-15 20:27 - 2011-12-08 20:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-05-15 20:20 - 2006-11-02 02:23 - 00000359 ____A C:\Windows\win.ini

2013-05-15 19:56 - 2009-02-19 02:51 - 01313348 ____A C:\Windows\WindowsUpdate.log

2013-05-15 18:59 - 2013-05-15 18:59 - 10690942 ____A C:\Users\OWNER\Downloads\KERRI + JIM WEDDING-370.JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 08427439 ____A C:\Users\OWNER\Downloads\FPTFY_Free_Etsy_Banners_SSFS.zip.html

2013-05-15 18:59 - 2013-05-15 18:59 - 06054794 ____A C:\Users\OWNER\Downloads\KERRI + JIM WEDDING-372.JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 01570867 ____A C:\Users\OWNER\My Documents\VIDEO0012.3gp.html

2013-05-15 18:59 - 2013-05-15 18:59 - 01570867 ____A C:\Users\OWNER\Documents\VIDEO0012.3gp.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00961187 ____A C:\Users\OWNER\Downloads\photo.JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00755920 ____A C:\Users\OWNER\Downloads\photo (1).JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00751463 ____A C:\Users\OWNER\Downloads\photo (2).JPG.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00513001 ____A C:\Users\OWNER\My Documents\TBI.AssessmentPacket.pdf.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00513001 ____A C:\Users\OWNER\Documents\TBI.AssessmentPacket.pdf.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00271580 ____A C:\Users\OWNER\My Documents\StaabWeddingProposal-2012.xls.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00271580 ____A C:\Users\OWNER\Documents\StaabWeddingProposal-2012.xls.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00148236 ____A C:\Users\OWNER\My Documents\Wedding guest tracker1.xlsx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00148236 ____A C:\Users\OWNER\Documents\Wedding guest tracker1.xlsx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00088792 ____A C:\Users\OWNER\My Documents\When Children Wont Eat.Toomey.pdf.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00088792 ____A C:\Users\OWNER\Documents\When Children Wont Eat.Toomey.pdf.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00032206 ____A C:\Users\OWNER\Downloads\Little_BabyStaab.jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00031452 ____A C:\Users\OWNER\My Documents\swallowingdisorders.doc.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00031452 ____A C:\Users\OWNER\Documents\swallowingdisorders.doc.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00030524 ____A C:\Users\OWNER\Downloads\Little_BabyStaab (1).jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00029404 ____A C:\Users\OWNER\My Documents\ToBIdata.xls.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00029404 ____A C:\Users\OWNER\Documents\ToBIdata.xls.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00028954 ____A C:\Users\OWNER\Downloads\Little_BabyG (1).jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00028685 ____A C:\Users\OWNER\Downloads\Little_BabyG.jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00027166 ____A C:\Users\OWNER\Downloads\Little_BabyG (3).jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00024624 ____A C:\Users\OWNER\Downloads\Little_BabyG (2).jpg.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00000385 ____A C:\Users\OWNER\Downloads\~$How_to_observe_and_work_in_a_hospital_setting_PPP[1].pptx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00000382 ____A C:\Users\OWNER\My Documents\~$cipeCard.docx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00000382 ____A C:\Users\OWNER\Downloads\~$D Handbook.docx.html

2013-05-15 18:59 - 2013-05-15 18:59 - 00000382 ____A C:\Users\OWNER\Documents\~$cipeCard.docx.html

2013-05-15 18:59 - 2012-12-13 21:36 - 00000000 ____D C:\Users\OWNER\My Documents\SpeechPathology

2013-05-15 18:59 - 2012-12-13 21:36 - 00000000 ____D C:\Users\OWNER\Documents\SpeechPathology

2013-05-15 18:59 - 2012-04-14 22:45 - 00000000 ____D C:\Users\OWNER\My Documents\WEDDING

2013-05-15 18:59 - 2012-04-14 22:45 - 00000000 ____D C:\Users\OWNER\Documents\WEDDING

2013-05-15 18:58 - 2013-05-15 18:58 - 09497209 ____A C:\Users\OWNER\My Documents\OralMotor_Feeding_BirthtoOneYear_PART1.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 09497209 ____A C:\Users\OWNER\Documents\OralMotor_Feeding_BirthtoOneYear_PART1.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 04045912 ____A C:\Users\OWNER\My Documents\PictureorVideo001.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 04045912 ____A C:\Users\OWNER\Documents\PictureorVideo001.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 02070420 ____A C:\Users\OWNER\My Documents\Scan_Pic0001.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 02070420 ____A C:\Users\OWNER\Documents\Scan_Pic0001.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00403572 ____A C:\Users\OWNER\My Documents\Scan_Pic0002.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00403572 ____A C:\Users\OWNER\Documents\Scan_Pic0002.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00387524 ____A C:\Users\OWNER\My Documents\Scan_Pic0003.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00387524 ____A C:\Users\OWNER\Documents\Scan_Pic0003.jpg.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00253660 ____A C:\Users\OWNER\My Documents\Letter.LongStudents.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00253660 ____A C:\Users\OWNER\Documents\Letter.LongStudents.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00196420 ____A C:\Users\OWNER\My Documents\RecipeCard.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00196420 ____A C:\Users\OWNER\Documents\RecipeCard.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00097916 ____A C:\Users\OWNER\My Documents\SOS APPROACH - explanation.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00097916 ____A C:\Users\OWNER\Documents\SOS APPROACH - explanation.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00046300 ____A C:\Users\OWNER\My Documents\Resume.KerriStaab.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00046300 ____A C:\Users\OWNER\Documents\Resume.KerriStaab.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00045788 ____A C:\Users\OWNER\My Documents\Resume.KerriGrimes.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00045788 ____A C:\Users\OWNER\Documents\Resume.KerriGrimes.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00038499 ____A C:\Users\OWNER\My Documents\MarriageLicenseInformation.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00038499 ____A C:\Users\OWNER\Documents\MarriageLicenseInformation.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00035548 ____A C:\Users\OWNER\My Documents\Natalie's Baby Shower.xls.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00035548 ____A C:\Users\OWNER\Documents\Natalie's Baby Shower.xls.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028958 ____A C:\Users\OWNER\My Documents\Kerri&JimmyTimeline.old.xlsx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028958 ____A C:\Users\OWNER\Documents\Kerri&JimmyTimeline.old.xlsx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028892 ____A C:\Users\OWNER\My Documents\letterofrec.joanna.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028892 ____A C:\Users\OWNER\Documents\letterofrec.joanna.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028851 ____A C:\Users\OWNER\My Documents\KGRGuidelines1-13-10.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00028851 ____A C:\Users\OWNER\Documents\KGRGuidelines1-13-10.zip.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00027356 ____A C:\Users\OWNER\My Documents\reflection paper.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00027356 ____A C:\Users\OWNER\Documents\reflection paper.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00026332 ____A C:\Users\OWNER\My Documents\SpeechFlareClientData.xls.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00026332 ____A C:\Users\OWNER\My Documents\socialstory.PMvalve.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00026332 ____A C:\Users\OWNER\Documents\SpeechFlareClientData.xls.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00026332 ____A C:\Users\OWNER\Documents\socialstory.PMvalve.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00022748 ____A C:\Users\OWNER\My Documents\SALTparagraph.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00022748 ____A C:\Users\OWNER\Documents\SALTparagraph.doc.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00018437 ____A C:\Users\OWNER\My Documents\LoopWriterRegistrationInformation;Grimes,K.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00018437 ____A C:\Users\OWNER\Documents\LoopWriterRegistrationInformation;Grimes,K.pdf.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00013739 ____A C:\Users\OWNER\My Documents\practiceinterview.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00013739 ____A C:\Users\OWNER\Documents\practiceinterview.docx.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00000590 ____A C:\Users\OWNER\My Documents\Pictures - Shortcut.lnk.html

2013-05-15 18:58 - 2013-05-15 18:58 - 00000590 ____A C:\Users\OWNER\Documents\Pictures - Shortcut.lnk.html

2013-05-15 18:58 - 2012-12-02 11:51 - 00000000 ____D C:\Users\OWNER\My Documents\Reports

2013-05-15 18:58 - 2012-12-02 11:51 - 00000000 ____D C:\Users\OWNER\Documents\Reports

2013-05-15 18:58 - 2010-02-04 16:14 - 00000000 ____D C:\Users\OWNER\My Documents\JimsFolder

2013-05-15 18:58 - 2010-02-04 16:14 - 00000000 ____D C:\Users\OWNER\Documents\JimsFolder

2013-05-15 18:58 - 2009-10-12 11:24 - 00000000 ____D C:\Users\OWNER\My Documents\My Scans

2013-05-15 18:58 - 2009-10-12 11:24 - 00000000 ____D C:\Users\OWNER\Documents\My Scans

2013-05-15 18:57 - 2013-05-15 18:57 - 07391710 ____A C:\Users\OWNER\My Documents\InfantFeedingAssessment.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 07391710 ____A C:\Users\OWNER\Documents\InfantFeedingAssessment.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 05222375 ____A C:\Users\OWNER\My Documents\IMG_0927.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 05222375 ____A C:\Users\OWNER\Documents\IMG_0927.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 02555481 ____A C:\Users\OWNER\My Documents\CHOCBenefitsBrochure-March2011.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 02555481 ____A C:\Users\OWNER\Documents\CHOCBenefitsBrochure-March2011.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 02253728 ____A C:\Users\OWNER\My Documents\IMG_0448.mov.html

2013-05-15 18:57 - 2013-05-15 18:57 - 02253728 ____A C:\Users\OWNER\Documents\IMG_0448.mov.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01821826 ____A C:\Users\OWNER\My Documents\IMG00114-20100818-1041.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01821826 ____A C:\Users\OWNER\Documents\IMG00114-20100818-1041.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01298932 ____A C:\Users\OWNER\My Documents\image003.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01298932 ____A C:\Users\OWNER\Documents\image003.zip.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01265112 ____A C:\Users\OWNER\My Documents\GER in Infants.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 01265112 ____A C:\Users\OWNER\Documents\GER in Infants.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00882764 ____A C:\Users\OWNER\My Documents\Esophageal Dysphagia.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00882764 ____A C:\Users\OWNER\Documents\Esophageal Dysphagia.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00483759 ____A C:\Users\OWNER\My Documents\corpuscallosotomy.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00483759 ____A C:\Users\OWNER\Documents\corpuscallosotomy.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00193756 ____A C:\Users\OWNER\My Documents\DOLsheet.xls.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00193756 ____A C:\Users\OWNER\Documents\DOLsheet.xls.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00141282 ____A C:\Users\OWNER\My Documents\cransalad.jpg.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00141282 ____A C:\Users\OWNER\Documents\cransalad.jpg.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00091905 ____A C:\Users\OWNER\My Documents\FeedingSkills.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00091905 ____A C:\Users\OWNER\Documents\FeedingSkills.pdf.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00063708 ____A C:\Users\OWNER\My Documents\glossary.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00063708 ____A C:\Users\OWNER\Documents\glossary.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00049096 ____A C:\Users\OWNER\My Documents\ElectronicGlossary.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00049096 ____A C:\Users\OWNER\Documents\ElectronicGlossary.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00036572 ____A C:\Users\OWNER\My Documents\howsweetgame.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00036572 ____A C:\Users\OWNER\Documents\howsweetgame.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00027868 ____A C:\Users\OWNER\My Documents\ChristmasInvites.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00027868 ____A C:\Users\OWNER\Documents\ChristmasInvites.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00026844 ____A C:\Users\OWNER\My Documents\halloween invite.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00026844 ____A C:\Users\OWNER\Documents\halloween invite.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00026332 ____A C:\Users\OWNER\My Documents\Fettuccine Alfredo.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00026332 ____A C:\Users\OWNER\Documents\Fettuccine Alfredo.doc.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00024868 ____A C:\Users\OWNER\My Documents\inviteinserts.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00024868 ____A C:\Users\OWNER\Documents\inviteinserts.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00014981 ____A C:\Users\OWNER\My Documents\halloweeninvite.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00014981 ____A C:\Users\OWNER\Documents\halloweeninvite.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00014953 ____A C:\Users\OWNER\My Documents\FluencyLessonPlans.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00014953 ____A C:\Users\OWNER\Documents\FluencyLessonPlans.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00013481 ____A C:\Users\OWNER\My Documents\feedrecs.docx.html

2013-05-15 18:57 - 2013-05-15 18:57 - 00013481 ____A C:\Users\OWNER\Documents\feedrecs.docx.html

2013-05-15 18:57 - 2013-01-30 22:02 - 00000000 ____D C:\Users\OWNER\My Documents\IMG00114-20100818-1041

2013-05-15 18:57 - 2013-01-30 22:02 - 00000000 ____D C:\Users\OWNER\Documents\IMG00114-20100818-1041

2013-05-15 18:57 - 2011-12-28 11:27 - 00000000 ____D C:\Users\OWNER\My Documents\GrimesWeddingEstimate2

2013-05-15 18:57 - 2011-12-28 11:27 - 00000000 ____D C:\Users\OWNER\Documents\GrimesWeddingEstimate2

2013-05-15 18:57 - 2010-02-04 16:32 - 00000000 ____D C:\Users\OWNER\My Documents\Chapman

2013-05-15 18:57 - 2010-02-04 16:32 - 00000000 ____D C:\Users\OWNER\Documents\Chapman

2013-05-15 18:47 - 2013-05-15 18:47 - 06400220 ____A C:\Users\OWNER\My Documents\2011PosterSession.ppt.html

2013-05-15 18:47 - 2013-05-15 18:47 - 06400220 ____A C:\Users\OWNER\Documents\2011PosterSession.ppt.html

2013-05-15 18:47 - 2013-05-15 18:47 - 01878057 ____A C:\Users\OWNER\My Documents\07.21.12Grimes0942Proposal.pdf.html

2013-05-15 18:47 - 2013-05-15 18:47 - 01878057 ____A C:\Users\OWNER\Documents\07.21.12Grimes0942Proposal.pdf.html

2013-05-15 18:47 - 2013-05-15 18:47 - 01799797 ____A C:\Users\OWNER\My Documents\ABA_presentationupdated3.20.pptx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 01799797 ____A C:\Users\OWNER\Documents\ABA_presentationupdated3.20.pptx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00313388 ____A C:\Users\OWNER\My Documents\2012Services.zip.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00313388 ____A C:\Users\OWNER\Documents\2012Services.zip.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00126016 ____A C:\Users\OWNER\My Documents\2918385.pdf.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00126016 ____A C:\Users\OWNER\Documents\2918385.pdf.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00121564 ____A C:\Users\OWNER\My Documents\ASHA.CallforPapers.doc.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00121564 ____A C:\Users\OWNER\Documents\ASHA.CallforPapers.doc.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00084188 ____A C:\Users\OWNER\My Documents\assessment_comps.doc.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00084188 ____A C:\Users\OWNER\Documents\assessment_comps.doc.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00012421 ____A C:\Users\OWNER\My Documents\BabyShowerAddresses.xlsx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00012421 ____A C:\Users\OWNER\Documents\BabyShowerAddresses.xlsx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00010190 ____A C:\Users\OWNER\My Documents\antispyware.docx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00010190 ____A C:\Users\OWNER\Documents\antispyware.docx.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00003330 ____A C:\Users\OWNER\My Documents\BmSdp Log.txt.html

2013-05-15 18:47 - 2013-05-15 18:47 - 00003330 ____A C:\Users\OWNER\Documents\BmSdp Log.txt.html

2013-05-15 18:47 - 2012-08-05 12:12 - 00000000 ____D C:\Users\OWNER\Desktop\WeddingPics.UncleMark

2013-05-15 18:47 - 2012-04-17 20:51 - 00000000 ____D C:\Users\OWNER\My Documents\2012Services

2013-05-15 18:47 - 2012-04-17 20:51 - 00000000 ____D C:\Users\OWNER\Documents\2012Services

2013-05-14 21:34 - 2012-05-21 18:57 - 00000000 ____D C:\Users\OWNER\Desktop\WEDDING

2013-05-14 21:30 - 2013-05-14 21:30 - 00047836 ____A C:\Users\OWNER\Desktop\Resume.doc.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00045788 ____A C:\Users\OWNER\Desktop\Resume.Update.04.2013.doc.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00002067 ____A C:\Users\OWNER\Desktop\SynthWorks.lnk.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00002067 ____A C:\Users\OWNER\Desktop\PitchWorks.lnk.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00002051 ____A C:\Users\OWNER\Desktop\PCquirerX.lnk.html

2013-05-14 21:30 - 2013-05-14 21:30 - 00000324 ____A C:\Users\OWNER\Desktop\Recycle Bin - Shortcut.lnk.html

2013-05-14 21:29 - 2013-05-14 21:29 - 00002847 ____A C:\Users\OWNER\Desktop\Microsoft Office Word 2007.lnk.html

2013-05-14 21:29 - 2013-05-14 21:29 - 00001163 ____A C:\Users\OWNER\Desktop\Launch Internet Explorer Browser.lnk.html

2013-05-14 21:29 - 2013-05-14 21:29 - 00001048 ____A C:\Users\OWNER\Desktop\LoopWriter - Shortcut.lnk.html

2013-05-14 21:29 - 2012-08-05 15:40 - 00000000 ____D C:\Users\OWNER\Desktop\HONEYMOON

2013-05-14 21:29 - 2012-06-18 20:56 - 00000000 ____D C:\Users\OWNER\Desktop\Kitchens

2013-05-14 21:29 - 2012-05-10 19:50 - 00000000 ____D C:\Users\OWNER\Desktop\KitchenCabinets

2013-05-14 21:29 - 2009-07-30 10:56 - 00000000 ____D C:\Users\OWNER\Desktop\jimswork.newport

2013-05-14 21:24 - 2009-04-30 05:10 - 00000000 ___RD C:\Users\OWNER\Desktop\Desktop Icons

2013-05-14 21:14 - 2013-05-14 21:14 - 00000241 ____A C:\ProgramData\hpqp.txt.html

2013-05-14 21:14 - 2013-05-14 21:14 - 00000241 ____A C:\ProgramData\Application Data\hpqp.txt.html

2013-05-14 21:14 - 2009-06-14 18:13 - 00000000 ____D C:\ProgramData\SiteAdvisor

2013-05-14 21:14 - 2009-06-14 18:13 - 00000000 ____D C:\ProgramData\Application Data\SiteAdvisor

2013-05-14 21:14 - 2008-10-23 01:57 - 00000000 ____D C:\ProgramData\WildTangent

2013-05-14 21:14 - 2008-10-23 01:57 - 00000000 ____D C:\ProgramData\Application Data\WildTangent

2013-05-14 21:11 - 2013-05-14 21:11 - 00000000 ____D C:\Users\OWNER\Local Settings\Application Data\AdvancedInstallers

2013-05-14 21:11 - 2013-05-14 21:11 - 00000000 ____D C:\Users\OWNER\Local Settings\AdvancedInstallers

2013-05-14 21:11 - 2013-05-14 21:11 - 00000000 ____D C:\Users\OWNER\AppData\Local\AdvancedInstallers

2013-05-05 15:38 - 2006-11-02 02:33 - 00707520 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-04 20:12 - 2009-05-27 00:27 - 00000000 ____D C:\Users\OWNER\Application Data\Macromedia

2013-05-04 20:12 - 2009-05-27 00:27 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Macromedia

2013-04-24 02:01 - 2009-04-30 04:23 - 00000322 ____A C:\Windows\Tasks\HPCeeScheduleForOWNER.job

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-26 15:28:13

Restore point made on: 2013-01-11 03:02:03

Restore point made on: 2013-02-22 03:01:37

Restore point made on: 2013-03-25 02:01:49

Restore point made on: 2013-04-07 13:23:39

Restore point made on: 2013-04-11 02:00:50

Restore point made on: 2013-04-24 02:01:32

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 3002.45 MB

Available physical RAM: 2480.36 MB

Total Pagefile: 2725.07 MB

Available Pagefile: 2551.75 MB

Total Virtual: 2047.88 MB

Available Virtual: 1966.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.21 GB) (Free:164 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (Dec 24 2012) (CDROM) (Total:0.69 GB) (Free:0.63 GB) UDF

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: 678B1560)

Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

Last Boot: 2013-05-16 17:18

==================== End Of Log ============================My computer is infected with the FBI Moneypak Virus..Here are the results of the Recovery Scan..I would really appreciate some help!!!

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello KAG and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKLM\...\Run: [] [x]

HKLM\...\Winlogon: [system]

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites
KAG

KAG

Posted
  • Author
Posted

Thank you so much for your help! Here are the results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-05-2013

Ran by OWNER at 2013-05-17 18:33:09 Run:1

Running from E:\

Boot Mode: Safe Mode (with Networking)

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\System => Value deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites
KAG

KAG

Posted
  • Author
Posted

Sorry I didn't run the first one through command prompt-maybe this is what you need instead?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-05-2013

Ran by OWNER at 2013-05-17 19:08:42 Run:2

Running from e:\

Boot Mode: Safe Mode (minimal)

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\System => Value not found.

==== End of Fixlog ====

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

No, I need your first log file. Do you have access to Normal mode? If not proceed in Safe mode with Networking:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
KAG

KAG

Posted
  • Author
Posted

Here is the report from ComboFix

ComboFix 13-05-18.03 - OWNER 05/18/2013 10:51:38.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.2447 [GMT -7:00]

Running from: c:\users\OWNER\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files\SelectRebates

c:\program files\SelectRebates\FFToolbar\chrome.manifest

c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar

c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js

c:\program files\SelectRebates\FFToolbar\install.rdf

c:\program files\SelectRebates\SahImages\alert.png

c:\program files\SelectRebates\SahImages\check.png

c:\program files\SelectRebates\SahImages\close.png

c:\program files\SelectRebates\SelectAlerts.dat

c:\program files\SelectRebates\SelectRebates.exe

c:\program files\SelectRebates\SelectRebates.ini

c:\program files\SelectRebates\SelectRebatesA.dat

c:\program files\SelectRebates\SelectRebatesApi.exe

c:\program files\SelectRebates\SelectRebatesB.dat

c:\program files\SelectRebates\SelectRebatesBT.dat

c:\program files\SelectRebates\SelectRebatesDownload.exe

c:\program files\SelectRebates\SelectRebatesH.dat

c:\program files\SelectRebates\SelectRebatesUninstall.exe

c:\program files\SelectRebates\SRebates.dll

c:\program files\SelectRebates\SRFF3.dll

c:\program files\SelectRebates\Toolbar\AddtoList.bmp

c:\program files\SelectRebates\Toolbar\basis.xml

c:\program files\SelectRebates\Toolbar\Basis.xml.dym

c:\program files\SelectRebates\Toolbar\Blank.bmp

c:\program files\SelectRebates\Toolbar\CashBack.bmp

c:\program files\SelectRebates\Toolbar\Coupons.bmp

c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp

c:\program files\SelectRebates\Toolbar\i_magnifying.bmp

c:\program files\SelectRebates\Toolbar\icons.bmp

c:\program files\SelectRebates\Toolbar\logo.bmp

c:\program files\SelectRebates\Toolbar\logo_24.bmp

c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp

c:\program files\SelectRebates\Toolbar\ReviewSite.bmp

c:\program files\SelectRebates\Toolbar\RightControls.dym

c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp

c:\program files\SelectRebates\Toolbar\sahtb-go.bmp

c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp

c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp

c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp

c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp

c:\program files\SelectRebates\Toolbar\Scissors.bmp

c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

c:\programdata\5E8821351D.sys

.

.

((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))

.

.

2013-05-18 18:01 . 2013-05-18 18:06 -------- d-----w- c:\users\OWNER\AppData\Local\temp

2013-05-18 18:01 . 2013-05-18 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-17 03:13 . 2013-05-17 03:13 -------- d-----w- C:\FRST

2013-05-17 03:02 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-16 05:55 . 2013-05-17 01:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-05-16 05:55 . 2013-05-16 05:55 -------- d-----w- c:\program files\Spybot - Search & Destroy

2013-05-16 02:54 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-16 02:54 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll

2013-05-16 02:53 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 05:11 . 2013-05-15 05:11 -------- d-----w- c:\users\OWNER\AppData\Local\AdvancedInstallers

2013-04-24 04:39 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-12 16:13 . 2009-07-07 05:07 2828 --sha-w- c:\programdata\KGyGaAvL.sys

2013-04-07 21:23 . 2013-04-07 21:23 45056 ----a-r- c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe

2013-04-07 21:23 . 2013-04-07 21:23 45056 ----a-r- c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe

2013-04-04 21:50 . 2011-12-09 04:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-11 13:25 . 2013-04-11 03:22 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-11 13:25 . 2013-04-11 03:22 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-09 03:45 . 2013-04-11 03:22 49152 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-09 01:28 . 2013-04-11 03:22 64000 ----a-w- c:\windows\system32\smss.exe

2013-03-08 03:53 . 2013-04-11 03:21 376320 ----a-w- c:\windows\system32\winsrv.dll

2013-03-08 03:52 . 2013-04-11 03:22 2067968 ----a-w- c:\windows\system32\mstscax.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]

"googletalk"="c:\users\OWNER\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"TSWorkspace"="c:\users\OWNER\AppData\Local\AdvancedInstallers\TSWorkspace.exe" [2013-05-15 122880]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"HostManager"="c:\program files\Common Files\AOL\1245032555\ee\AOLSoftware.exe" [2008-06-24 41824]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-01-22 532808]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-01-22 16712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

.

c:\users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

AOL Desktop.lnk - c:\program files\Common Files\aol\Launch\aollaunch.exe [2008-6-24 41824]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 12:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 10:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-12-24 23:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPService REG_MULTI_SZ HPSLPSVC

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-24 c:\windows\Tasks\HPCeeScheduleForOWNER.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-18 11:06

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4020)

c:\windows\system32\igfxsrvc.dll

.

Completion time: 2013-05-18 11:08:48

ComboFix-quarantined-files.txt 2013-05-18 18:08

.

Pre-Run: 183,135,440,896 bytes free

Post-Run: 183,062,241,280 bytes free

.

- - End Of File - - B81D70C12D6AB484032DC8CB8A9A41D5

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 3

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • RogueKiller log

Link to post
Share on other sites
KAG

KAG

Posted
  • Author
Posted

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista Home Premium x86

Ran by OWNER on Mon 05/20/2013 at 18:59:28.49

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3027459

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D5A86D54-9065-49EB-A1D5-9DF882DE0DCC}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"

Successfully deleted: [Folder] "C:\Users\OWNER\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\OWNER\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\OWNER\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files\aol toolbar"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\coupons"

Successfully deleted: [Folder] "C:\Program Files\viewpoint"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 05/20/2013 at 19:00:58.38

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner Log:

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 19:07:10

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : OWNER - OWNER-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\OWNER\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\MetaStream

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Found : HKLM\Software\Viewpoint

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2538 octets] - [20/05/2013 19:07:10]

########## EOF - C:\AdwCleaner[R1].txt - [2598 octets] ##########

RogueKiller Log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Safe mode with network support

User : OWNER [Admin rights]

Mode : Scan -- Date : 05/20/2013 19:16:11

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS ATA Device +++++

--- User ---

[MBR] 6e8fa847bb97525c5e29a2c7f3a50bf5

[bSP] d70ba7ca57d24e7090480f3d24fce7fb : Toshiba MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294097 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 602312704 | Size: 11144 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05202013_02d1916.txt >>

RKreport[1]_S_05202013_02d1916.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

How are things now?

Link to post
Share on other sites
KAG

KAG

Posted
  • Author
Posted

Well now I can log in to my computer without the moneypak webpage popping up..but pretty much all of my files have been converted to internet explorer links..For example, if I try to retrieve a word document it redirects me to internet explorer and my virus protection pops up saying it's an unsafe website. Is there any way I can get my files back?!

# AdwCleaner v2.301 - Logfile created 05/21/2013 at 09:01:59

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : OWNER - OWNER-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\OWNER\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\Viewpoint

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2667 octets] - [20/05/2013 19:07:10]

AdwCleaner[s1].txt - [2642 octets] - [21/05/2013 09:01:59]

########## EOF - C:\AdwCleaner[s1].txt - [2702 octets] ##########

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.