FBI Moneypak trouble

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

FBI Moneypak trouble13th October 2012, 9:33 am

Please Help!

I woke up this morning to get ready for work and found this FBI Moneypak message on my computer. I read the other posts concerning this threat and did the following...

1). Rebooted my computer and went into Safe Mode with Networking
2). Used TDSSKiller
3). I ran OTL and here is what I got (see below).

I use Windows XP version 2002 Service Pack 3, and windows internet explorer.

Thanks so much for all you do!

Last edited by Misteretc on 13th October 2012, 9:57 am; edited 2 times in total

Re: FBI Moneypak trouble13th October 2012, 9:34 am

OTL Extras logfile created on: 10/13/2012 5:31:13 AM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 6.92 Gb Free Space | 3.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.76 Gb Total Space | 54.38 Gb Free Space | 11.68% Space Free | Partition Type: NTFS

Computer Name: ANN-A26CF12946F
Current User Name: Ann
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57946:TCP" = 57946:TCP:*:Enabled:Pando Media Booster
"57946:UDP" = 57946:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
"57946:TCP" = 57946:TCP:*:Enabled:Pando Media Booster
"57946:UDP" = 57946:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE" = C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE:*:Enabled:ccSvcHst -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.524\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.954\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.954\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"I:\Diablo 3\Diablo III\Diablo III.exe" = I:\Diablo 3\Diablo III\Diablo III.exe:*:Enabled:Diablo III -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{083A7AA2-8871-42B0-8513-7428F44DFC38}" = MariusSoft Disk Scrubber
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{28A5BF3F-3EE3-4724-8AF5-4D008F7624A3}" = PC SpeedScan Pro
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{31FD9031-FA28-4F73-9FD1-D7E9997C41CE}" = Brother MFL-Pro Suite MFC-J410W
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{49501340-21F1-4EA3-82DF-E2D7F1B66472}" = Vz In Home Agent
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{82C96A65-AF5E-438B-900F-259869219BA0}" = ATI Catalyst Control Center
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C892C691-99DC-4B49-BEAA-65B96BB3460D}" = The Last Starfighter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D4}" = WinZip 16.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 3.5.5
"ATI Display Driver" = ATI Display Driver
"AVG Secure Search" = AVG Security Toolbar
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DiskRedactor_is1" = DiskRedactor
"DVD Audio Extractor_is1" = DVD Audio Extractor 7.0.1
"Elf Bowling Collection" = Elf Bowling Collection
"ESET Online Scanner" = ESET Online Scanner v3
"FrostWire 5" = FrostWire 5.4.0
"GoldWave v5.23" = GoldWave v5.23
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"I was an Atomic Mutant" = I was an Atomic Mutant
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"InstallShield_{C892C691-99DC-4B49-BEAA-65B96BB3460D}" = The Last Starfighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobiola Web Camera for BlackBerry_is1" = Mobiola Web Camera for BlackBerry 3.2.7.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Signature Creator_is1" = Signature Creator 1.12
"SP6" = Logitech SetPoint 6.32
"Trusted Software Assistant_is1" = File Type Assistant
"Verizon Help and Support" = Verizon Help and Support Tool
"vfd-ob" = VideoFileDownload
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinPcapInst" = WinPcap 3.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XBC 5.1" = XBC 5.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Stamp Pad - SHAREWARE" = Stamp Pad - SHAREWARE

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2012 7:51:11 PM | Computer Name = ANN-A26CF12946F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/9/2012 8:11:20 PM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11308
Description = Product: Google Earth Plug-in -- Error 1308.Source file not found:
C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\._msigeplugin61\program files\Google\Google
Earth\plugin\ge_expat.dll. Verify that the file exists and that you can access
it.

Error - 10/10/2012 7:03:10 AM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/10 07:03:10.375]: [00000136]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.1.3]

Error - 10/10/2012 12:10:39 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/10 12:10:39.906]: [00000136]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

Error - 10/11/2012 12:10:23 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/11 12:10:23.937]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

Error - 10/11/2012 3:10:23 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/11 15:10:23.296]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

Error - 10/11/2012 4:59:34 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/11 16:59:34.062]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.1.3]

Error - 10/12/2012 4:50:40 AM | Computer Name = ANN-A26CF12946F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2012 10:10:34 AM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/12 10:10:34.468]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

Error - 10/12/2012 1:10:29 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/12 13:10:29.953]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

[ Application Events ]
Error - 10/9/2012 7:51:11 PM | Computer Name = ANN-A26CF12946F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/9/2012 8:11:20 PM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11308
Description = Product: Google Earth Plug-in -- Error 1308.Source file not found:
C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\._msigeplugin61\program files\Google\Google
Earth\plugin\ge_expat.dll. Verify that the file exists and that you can access
it.

Error - 10/10/2012 7:03:10 AM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/10 07:03:10.375]: [00000136]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.1.3]

Error - 10/10/2012 12:10:39 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/10 12:10:39.906]: [00000136]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

Error - 10/11/2012 12:10:23 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/11 12:10:23.937]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

Error - 10/11/2012 3:10:23 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/11 15:10:23.296]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

Error - 10/11/2012 4:59:34 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/11 16:59:34.062]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.1.3]

Error - 10/12/2012 4:50:40 AM | Computer Name = ANN-A26CF12946F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2012 10:10:34 AM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/12 10:10:34.468]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

Error - 10/12/2012 1:10:29 PM | Computer Name = ANN-A26CF12946F | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/12 13:10:29.953]: [00000564]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.3]

[ System Events ]
Error - 10/10/2012 3:58:42 PM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 10/10/2012 3:58:45 PM | Computer Name = ANN-A26CF12946F | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BA76F912-936B-4CFC-B3FF-F208012F648F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 10/10/2012 4:03:26 PM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7034
Description = The NTI BackupNowEZSvr service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/10/2012 4:03:50 PM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 10/10/2012 4:04:00 PM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/11/2012 7:27:16 PM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater12.2.0 service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/13/2012 5:12:59 AM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 10/13/2012 5:13:30 AM | Computer Name = ANN-A26CF12946F | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BA76F912-936B-4CFC-B3FF-F208012F648F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 10/13/2012 5:17:20 AM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdPPM Fips pavboot SASDIFSV SASKUTIL TfFsMon TfSysMon

Error - 10/13/2012 5:17:23 AM | Computer Name = ANN-A26CF12946F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

Re: FBI Moneypak trouble13th October 2012, 9:37 am

and...

OTL logfile created on: 10/13/2012 5:31:13 AM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 6.92 Gb Free Space | 3.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.76 Gb Total Space | 54.38 Gb Free Space | 11.68% Space Free | Partition Type: NTFS

Computer Name: ANN-A26CF12946F
Current User Name: Ann
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2012/09/22 03:22:40 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/09/22 03:22:38 | 001,737,728 | ---- | M] (Lavasoft Limited ) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/06/15 22:11:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs\OTL.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ann\Desktop\iexplore.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/15 22:11:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WmiApSrv)
SRV - [2012/10/08 17:26:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/22 03:22:38 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/08/27 16:00:02 | 000,927,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/02/22 11:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/12/23 11:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/08/26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2012/09/03 19:55:34 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 02:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/11 16:53:40 | 000,016,512 | ---- | M] (SHAPE Services GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mobiolavs.sys -- (mobiolavs)
DRV - [2009/09/08 21:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/08 21:06:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/05 17:46:08 | 000,014,464 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/05/05 17:46:08 | 000,013,440 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/12/23 11:35:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/12/02 07:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/29 21:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 18:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 16:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 22:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=14196"

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 21:21:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.34\ [2012/09/30 21:31:14 | 000,000,000 | ---D | M]

[2010/07/23 13:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Extensions
[2012/09/30 21:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions
[2010/07/23 13:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/09/30 21:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\crossriderapp4352@crossrider.com
[2011/04/16 14:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\ffxtlbr@babylon.com
[2010/07/23 13:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\staged-xpis
[2011/02/20 15:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\toolbar@shopathome.com
[2011/07/24 19:50:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/12 23:40:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Documents and Settings\Ann\Application Data\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe File not found
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe File not found
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Ann\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Ann\Start Menu\Programs\Startup\ctfmon.lnk = C:\Documents and Settings\All Users\Application Data\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ann\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345627392015 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/29 22:05:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/07 06:16:52 | 000,000,000 | ---D | M] - I:\autorun -- [ NTFS ]
O32 - AutoRun File - [2010/03/03 01:48:02 | 000,000,117 | -H-- | M] () - I:\autorun.bak -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 03:44:48 | 000,000,134 | -H-- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 15:50:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\lsass.exe
[2012/10/10 14:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Desktop\New Folder (6)
[2012/10/01 15:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\dvdcss
[2012/10/01 15:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\dvdae
[2012/09/30 21:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\My Documents\Any Video Converter
[2012/09/30 21:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\AnvSoft
[2012/09/30 21:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2012/09/30 21:53:43 | 031,192,520 | ---- | C] (Any-Video-Converter.com ) -- C:\Documents and Settings\Ann\Desktop\avc-free.exe
[2012/09/30 21:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/09/30 21:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\FMZilla
[2012/09/30 21:30:54 | 000,000,000 | ---D | C] -- C:\downloads
[2012/09/30 21:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Free Music Zilla
[2012/09/30 21:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\Orbit
[2012/09/24 16:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Local Settings\Application Data\WinZip
[2012/09/24 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/13 05:17:24 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/10/13 05:17:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/13 05:16:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/13 05:15:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/10/13 05:15:41 | 013,369,344 | -H-- | M] () -- C:\Documents and Settings\Ann\NTUSER.DAT
[2012/10/13 05:15:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ann\ntuser.ini
[2012/10/13 05:15:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/10/13 05:15:29 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/10/13 05:15:11 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\redaertaborca.pad
[2012/10/13 05:12:57 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/13 05:12:55 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-436374069-515967899-1801674531-1003.job
[2012/10/13 05:03:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003UA.job
[2012/10/13 04:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/13 04:22:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/12 15:50:33 | 000,001,058 | ---- | M] () -- C:\Documents and Settings\Ann\Start Menu\Programs\Startup\ctfmon.lnk
[2012/10/12 15:50:05 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\lsass.exe
[2012/10/12 15:03:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003Core.job
[2012/10/11 15:55:11 | 000,089,641 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Red Guardian without star.PNG
[2012/10/11 15:52:56 | 000,093,683 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Ramses the Living Monolith-3.PNG
[2012/10/11 15:44:18 | 000,099,320 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\134998460480376 Quasar black.png
[2012/10/11 15:41:17 | 000,117,641 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Quasar-ClassicVariation.png
[2012/10/10 16:21:41 | 000,073,892 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\cv_fontaine.pdf
[2012/10/10 15:35:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/10 15:13:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/09 17:58:08 | 011,687,987 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Salem's Lot Theme - Piano Cover(AAC).mp4
[2012/10/09 17:58:08 | 001,934,463 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Salem's Lot Theme - Piano Cover(AAC).m4a
[2012/10/09 17:57:58 | 006,592,943 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Salems Lot Theme(AAC).mp4
[2012/10/08 17:26:05 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/08 17:26:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/08 14:57:05 | 000,196,099 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\13497226152599.png
[2012/10/08 14:57:05 | 000,196,099 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\13497226152599 Scarlet Spiders.png
[2012/10/08 14:56:10 | 000,244,413 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Scarlet Spiders PNG.PNG
[2012/10/08 10:20:24 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\FrostWire 5.4.0.lnk
[2012/10/07 21:26:35 | 002,209,409 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Avengers - Fight As One by Bad City FULL VERSION.mp3
[2012/10/07 16:10:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-515967899-1801674531-1003.job
[2012/10/04 11:38:17 | 000,152,741 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Kryptonite Man.PNG
[2012/10/04 11:37:59 | 000,081,012 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Red Hood - Original.PNG
[2012/10/03 15:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/02 07:05:38 | 001,418,271 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Stalker end theme.mp3
[2012/10/02 06:35:38 | 001,523,772 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Stalker end theme a.mp3
[2012/10/02 06:29:54 | 001,602,585 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Strangler end theme.mp3
[2012/10/01 20:06:44 | 000,079,043 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Mr. Magnetism.PNG
[2012/10/01 20:06:25 | 000,082,381 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Mr. Magnetism-1.PNG
[2012/10/01 17:30:07 | 000,012,904 | ---- | M] () -- C:\Documents and Settings\Ann\My Documents\Time Warner Job Description.docx
[2012/10/01 16:23:19 | 000,747,816 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Stalker beginning narration.mp3
[2012/10/01 16:17:21 | 001,672,722 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Stalker end narration.mp3
[2012/10/01 15:02:11 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\DVD Audio Extractor.lnk
[2012/09/30 21:54:06 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Any Video Converter.lnk
[2012/09/30 21:53:43 | 031,192,520 | ---- | M] (Any-Video-Converter.com ) -- C:\Documents and Settings\Ann\Desktop\avc-free.exe
[2012/09/25 19:33:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 16:15:18 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/09/24 16:15:18 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/09/24 08:02:29 | 000,033,712 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Fontaine_Resume_10-2012_without_references.docx
[2012/09/24 08:01:32 | 000,034,244 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Fontaine_Resume_10-2012_without_references (2).docx
[2012/09/24 07:56:21 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\TWC_FactSheet_.doc
[2012/09/24 07:54:58 | 000,028,620 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\MFontaine.docx
[2012/09/23 22:02:25 | 000,033,235 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\TimDrake-Robin-OYL-Revised.JPG
[2012/09/23 19:43:16 | 000,057,081 | ---- | M] () -- C:\Documents and Settings\Ann\My Documents\e06a2c47-8b99-48b8-a64f-3c46ac3a0ef3.jpg
[2012/09/22 03:48:59 | 000,034,244 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Fontaine_Resume_9-2012_without_references.docx
[2012/09/13 14:46:31 | 000,088,822 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Powersurge-1.PNG
[2012/09/13 14:46:05 | 000,142,143 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Power Surge-2.PNG
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\biwinemo
[2012/10/12 15:50:33 | 000,001,058 | ---- | C] () -- C:\Documents and Settings\Ann\Start Menu\Programs\Startup\ctfmon.lnk
[2012/10/12 15:50:31 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\redaertaborca.pad
[2012/10/11 15:55:11 | 000,089,641 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Red Guardian without star.PNG
[2012/10/11 15:52:55 | 000,093,683 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Ramses the Living Monolith-3.PNG
[2012/10/11 15:44:36 | 000,099,320 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\134998460480376 Quasar black.png
[2012/10/11 15:43:02 | 000,117,641 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Quasar-ClassicVariation.png
[2012/10/10 16:21:41 | 000,073,892 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\cv_fontaine.pdf
[2012/10/09 17:58:01 | 011,687,987 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Salem's Lot Theme - Piano Cover(AAC).mp4
[2012/10/09 17:58:01 | 001,934,463 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Salem's Lot Theme - Piano Cover(AAC).m4a
[2012/10/09 17:57:54 | 006,592,943 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Salems Lot Theme(AAC).mp4
[2012/10/08 14:58:24 | 000,196,099 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\13497226152599 Scarlet Spiders.png
[2012/10/08 14:57:10 | 000,196,099 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\13497226152599.png
[2012/10/08 14:56:10 | 000,244,413 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Scarlet Spiders PNG.PNG
[2012/10/08 10:20:24 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\FrostWire 5.4.0.lnk
[2012/10/04 11:38:17 | 000,152,741 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Kryptonite Man.PNG
[2012/10/04 11:37:59 | 000,081,012 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Red Hood - Original.PNG
[2012/10/02 06:35:32 | 001,418,271 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Stalker end theme.mp3
[2012/10/02 06:32:24 | 001,523,772 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Stalker end theme a.mp3
[2012/10/01 21:06:16 | 001,602,585 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Strangler end theme.mp3
[2012/10/01 20:06:25 | 000,082,381 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Mr. Magnetism-1.PNG
[2012/10/01 19:59:43 | 000,079,043 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Mr. Magnetism.PNG
[2012/10/01 17:30:07 | 000,012,904 | ---- | C] () -- C:\Documents and Settings\Ann\My Documents\Time Warner Job Description.docx
[2012/10/01 16:22:09 | 000,747,816 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Stalker beginning narration.mp3
[2012/10/01 16:17:18 | 001,672,722 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Kolchak the Night Stalker end narration.mp3
[2012/10/01 15:02:11 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\DVD Audio Extractor.lnk
[2012/09/30 21:56:01 | 002,209,409 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Avengers - Fight As One by Bad City FULL VERSION.mp3
[2012/09/30 21:54:06 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Any Video Converter.lnk
[2012/09/24 16:15:18 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/09/24 16:15:16 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/09/24 08:02:29 | 000,033,712 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Fontaine_Resume_10-2012_without_references.docx
[2012/09/24 08:01:34 | 000,034,244 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Fontaine_Resume_10-2012_without_references (2).docx
[2012/09/24 07:56:22 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\TWC_FactSheet_.doc
[2012/09/23 22:02:25 | 000,033,235 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\TimDrake-Robin-OYL-Revised.JPG
[2012/09/23 19:43:24 | 000,057,081 | ---- | C] () -- C:\Documents and Settings\Ann\My Documents\e06a2c47-8b99-48b8-a64f-3c46ac3a0ef3.jpg
[2012/09/22 03:49:00 | 000,034,244 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Fontaine_Resume_9-2012_without_references.docx
[2012/09/22 03:48:56 | 000,028,620 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\MFontaine.docx
[2012/09/13 14:46:31 | 000,088,822 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Powersurge-1.PNG
[2012/09/13 14:46:05 | 000,142,143 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Power Surge-2.PNG
[2012/02/15 03:14:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/29 21:29:39 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/12/29 21:29:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/12/29 21:29:33 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/03/14 11:26:22 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/22 21:33:47 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/03/22 21:33:35 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/03/22 21:29:56 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/03/22 19:38:16 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/22 19:37:26 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/03/22 19:22:32 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/03/14 09:08:17 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/03/14 09:08:15 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2008/12/30 22:37:54 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/29 23:02:42 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C918AC7F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Re: FBI Moneypak trouble13th October 2012, 7:11 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.
***************************************************
You only have 3.7% free space on your C drive. Windows requires 15% or more (28 Gb). You will need to free up some space on the drive. You can do this by transferring important data such as movies, music, pictures to your I drive or another external drive. You can also save them to DVD's to free up some space. You can also remove/uninstall programs you no longer use.

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

**************************************************
FBI Moneypak trouble Mbamicontw5

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Re: FBI Moneypak trouble13th October 2012, 7:56 pm

Results from MGADiag.ext...

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD93D-V29KM-M3G9W
Windows Product Key Hash: CIeMcM1LwSJzZhGUylEJFAmEe1Y=
Windows Product ID: 76487-640-2978835-23678
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {960691FF-C6D3-4F15-8553-754187EF1C4A}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: {960691FF-C6D3-4F15-8553-754187EF1C4A}1.9.0027.05.1.2600.2.00010100.3.0.prox32*****-*****-*****-*****-M3G9W76487-640-2978835-236781S-1-5-21-436374069-515967899-1801674531Compaq Presario 061ER917AA-ABA SR1817CL NA620Phoenix Technologies, LTD 3.1520070125000000.000000+000E244300F0184C07604090409Eastern Standard Time(GMT-05:00)03100100Microsoft Office Home and Student 2007129C0E0FCE03AB70EW3cnh9omcRXnYOFB50znSxTcPEE=81602-903-3006775-682041

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: E06B:Compaq Computer Corporation|1005F:Compaq Computer Corporation|1E0D3:Compaq Computer Corporation|1E0D3:Compaq Computer Corporation|1E0D3:Hewlett-Packard Company|1D3A1:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Re: FBI Moneypak trouble13th October 2012, 7:57 pm

Results from AdwCleaner...

# AdwCleaner v2.004 - Logfile created 10/13/2012 at 15:57:04
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ann - ANN-A26CF12946F
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Ann\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Viewpoint Manager Service

***** [Files / Folders] *****

File Found : C:\DOCUME~1\Ann\LOCALS~1\Temp\Uninstall.exe
Folder Found : C:\DOCUME~1\Ann\LOCALS~1\Temp\AskSearch
Folder Found : C:\DOCUME~1\Ann\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
Folder Found : C:\Documents and Settings\Ann\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Ann\Application Data\BabylonToolbar
Folder Found : C:\Documents and Settings\Ann\Application Data\Media Finder
Folder Found : C:\Documents and Settings\Ann\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Documents and Settings\Ann\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\Ann\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\OApps
Folder Found : C:\Program Files\Object
Folder Found : C:\Program Files\Smartdl
Folder Found : C:\Program Files\Trymedia
Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2769720
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-436374069-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-436374069-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-436374069-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-436374069-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-436374069-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14196");
Found : user_pref("extensions.crossriderapp4352.adsOldValue", -1);

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.1] : search_url ={"backup":{"_version":1,"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={75D36C93-F77E-4871-8394-982DCA2DA57F}&mid=ec2b3ae8cfa847ce896705c47e32562e-17eeed0b43c491dac7d4b7e1cfef0296cdabaf56&lang=en&ds=pp011&pr=sa&d=2012-09-30 21:31:07&v=12.2.5.34&sap=hp"]}},"browser":{"check_default_browser":false,"homepage":"hxxp://www.ask.com/?l=dis&o=14196cr","ntp":{"promo_image_remaining":4,"promo_line_remaining":4},"show_home_button":true},"countryid_at_install":21843,"default_search_provider":{"id":"2","name":"Google","prepopulate_id":"1","{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"skip_first_run_ui":true},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"last_check":"12933978998971111","next_check":"12934315345654000"},"blacklistupdate":{"lastpingday":"12933936004513111"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}},"homepage":"hxxps://isearch.avg.com/?cid={75D36C93-F77E-4871-8394-982DCA2DA57F}&mid=ec2b3ae8cfa847ce896705c47e32562e-17eeed0b43c491dac7d4b7e1cfef0296cdabaf56&lang=en&ds=pp011&pr=sa&d=2012-09-30 21:31:07&v=12.2.5.34&sap=hp","homepage_is_newtabpage":false,"ntp":{"alt_logo_end":1255017600.0,"alt_logo_resource_server":"hxxps://www.google.com/support/chrome/bin/topic/30248/inproduct","alt_logo_start":1255017600.0,"pref_version":3,"shown_sections":1,"tips_cache":{"current_tip":1,"tips":["Click and hold down the back button to see your browsing history.","Customize Google Chrome with themes! Check out designs at the Themes Gallery.","Customize Google Chrome with themes! Check out special artist themes at the Themes Gallery.\n","Get the latest Google Chrome news at the Google Chrome blog.","Press Ctrl+Shift+B to open the bookmark manager. Learn more keyboard shortcuts.","Whenever you use the find bar, yellow markings on the scrollbar help you quickly locate matches on the page. Learn more about using the find bar.","Search your bookmarks and browsing history from the address bar. Learn more","To rearrange the order of your tabs, simply click a tab and drag it to different position along the top of the browser window. Learn more about using tabs.","Quickly resize a tab by dragging it to a docking position on your monitor or browser window. Learn more","Drag a link to the tab strip at the top of your browser window to open it in a new tab.","Press Ctrl+T to open a new tab. Learn more keyboard shortcuts.","Press Ctrl+N to open a new browser window. Learn more keyboard shortcuts.","To search a site from the address bar, start typing the site's web address and press Tab when prompted. Then type your search term and press Enter. Learn more search tips.\n","Create address bar keywords for search engines you frequently use. Learn how","Press Ctrl and + to enlarge a page; Ctrl and - to make the page smaller; and Ctrl and 0 to return the page to its normal size. Learn more keyboard shortcuts.","Want to quickly search the page you're viewing? Press Ctrl+F to open the find bar. Learn more about using the find bar.\n","Press Ctrl+S to save your current webpage. Learn more keyboard shortcuts.","Press Ctrl+P to print your current webpage. Learn more keyboard shortcuts.","Press Ctrl+J to see a list of files you've downloaded. Learn more keyboard shortcuts.","Press Ctrl+H to see your browsing history. Learn more keyboard shortcuts.","You can click a tab and drag it out of the tab strip to open it in a new window. Learn more about using tabs. \n","Press Ctrl+Shift+N to open a new window in incognito mode. Pages you visit while in incognito mode aren't stored in your browsing history. Learn more","Press Ctrl+O to open a file in the browser. Learn more keyboard shortcuts.","Press F11 to go full screen. Learn more keyboard shortcuts.","Click the star next to the address bar to bookmark the page you're viewing. Learn more bookmarking tricks.\n","Place shortcuts for your favorite sites on your computer desktop. Learn more","Want to hide the thumbnails on the New Tab page? Click the thumbnails icon at the top of the page. Learn more about customizing the display of the page.","Did you know you can drag the star to the bookmarks bar to create a bookmark for the page? Learn more bookmarking tricks.","Did you know you can drag a link to the bookmarks bar to create an instant bookmark? Learn more bookmarking tricks.","Press Ctrl+Shift+T to reopen the last tab you closed. Use this shortcut repeatedly to reopen even more closed tabs. Learn more keyboard shortcuts.","Don't want to leave traces of your browsing history? Browse in incognito mode. Learn more","Accidentally closed a window full of tabs? Find it again in the Recently closed section of the New Tab page.","Don't see a home button next to the address bar? Learn how to add one to get easy access to your home page.","Search directly from the address bar. Type in a search term and press Enter to see immediate search results. Learn more search tips.\n","Press Ctrl+B to dock (or undock) your bookmarks bar under the address bar. Learn more keyboard shortcuts.","Press F6 to quickly place your cursor in the address bar. Learn more keyboard shortcuts."],"topic_id":"24013"},"tips_cache_update":"1255118616.45175","tips_server":"hxxps://clients2.google.com/tools/service/npredir?r=chrometips_win&hl=en-US","web_resource_cache_update":"1289839542.050625"},"profile":{"content_settings":{"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"id":"not-signed-in","name":"","nickname":""},"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={75D36C93-F77E-4871-8394-982DCA2DA57F}&mid=ec2b3ae8cfa847ce896705c47e32562e-17eeed0b43c491dac7d4b7e1cfef0296cdabaf56&lang=en&ds=pp011&pr=sa&d=2012-09-30 21:31:07&v=12.2.5.34&sap=hp"]},"tabs":{"use_vertical_tabs":false}}

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\Ann\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [25373 octets] - [13/10/2012 15:57:04]

########## EOF - C:\AdwCleaner[R1].txt - [25434 octets] ##########

Re: FBI Moneypak trouble13th October 2012, 9:21 pm

MBAM results...

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.13.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Ann :: ANN-A26CF12946F [administrator]

10/13/2012 3:58:09 PM
mbam-log-2012-10-13 (17-21-01).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359218
Time elapsed: 54 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> No action taken.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: e32b30d0d8f894e8252b904baadfe164 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Ann\Local Settings\temp\acrobatreader.dll (Trojan.FakeMS) -> No action taken.
C:\Documents and Settings\Ann\Local Settings\temp\CouponDropDown.exe (Adware.GamePlayLabs) -> No action taken.
C:\Documents and Settings\All Users\Application Data\lsass.exe (Trojan.Delf) -> No action taken.
C:\Documents and Settings\Ann\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> No action taken.

(end)

Re: FBI Moneypak trouble13th October 2012, 9:22 pm

More MBAM results...

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.13.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Ann :: ANN-A26CF12946F [administrator]

10/13/2012 3:58:09 PM
mbam-log-2012-10-13 (15-58-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359218
Time elapsed: 54 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: e32b30d0d8f894e8252b904baadfe164 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Ann\Local Settings\temp\acrobatreader.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ann\Local Settings\temp\CouponDropDown.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ann\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

(end)

Re: FBI Moneypak trouble13th October 2012, 10:35 pm

Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

**************************************************
Were you able to free up some space on your harddrive? I'm afraid to have you run anymore scans without making your computer crash.

Re: FBI Moneypak trouble13th October 2012, 11:33 pm

Thanks SuperDave, I did that and here are the results...

# AdwCleaner v2.004 - Logfile created 10/13/2012 at 19:19:59
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ann - ANN-A26CF12946F
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Ann\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Ann\LOCALS~1\Temp\Uninstall.exe
Folder Deleted : C:\DOCUME~1\Ann\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\Ann\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
Folder Deleted : C:\Documents and Settings\Ann\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Ann\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Ann\Application Data\Media Finder
Folder Deleted : C:\Documents and Settings\Ann\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Documents and Settings\Ann\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Ann\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Object
Folder Deleted : C:\Program Files\Smartdl
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769720
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14196");
Deleted : user_pref("extensions.crossriderapp4352.adsOldValue", -1);

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : search_url ={"backup":{"_version":1,"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={75D36C93-F77E-4871-8394-982DCA2DA57F}&mid=ec2b3ae8cfa847ce896705c47e32562e-17eeed0b43c491dac7d4b7e1cfef0296cdabaf56&lang=en&ds=pp011&pr=sa&d=2012-09-30 21:31:07&v=12.2.5.34&sap=hp"]}},"browser":{"check_default_browser":false,"homepage":"hxxp://www.ask.com/?l=dis&o=14196cr","ntp":{"promo_image_remaining":4,"promo_line_remaining":4},"show_home_button":true},"countryid_at_install":21843,"default_search_provider":{"id":"2","name":"Google","prepopulate_id":"1","{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"skip_first_run_ui":true},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"last_check":"12933978998971111","next_check":"12934315345654000"},"blacklistupdate":{"lastpingday":"12933936004513111"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}},"homepage":"hxxps://isearch.avg.com/?cid={75D36C93-F77E-4871-8394-982DCA2DA57F}&mid=ec2b3ae8cfa847ce896705c47e32562e-17eeed0b43c491dac7d4b7e1cfef0296cdabaf56&lang=en&ds=pp011&pr=sa&d=2012-09-30 21:31:07&v=12.2.5.34&sap=hp","homepage_is_newtabpage":false,"ntp":{"alt_logo_end":1255017600.0,"alt_logo_resource_server":"hxxps://www.google.com/support/chrome/bin/topic/30248/inproduct","alt_logo_start":1255017600.0,"pref_version":3,"shown_sections":1,"tips_cache":{"current_tip":1,"tips":["Click and hold down the back button to see your browsing history.","Customize Google Chrome with themes! Check out designs at the Themes Gallery.","Customize Google Chrome with themes! Check out special artist themes at the Themes Gallery.\n","Get the latest Google Chrome news at the Google Chrome blog.","Press Ctrl+Shift+B to open the bookmark manager. Learn more keyboard shortcuts.","Whenever you use the find bar, yellow markings on the scrollbar help you quickly locate matches on the page. Learn more about using the find bar.","Search your bookmarks and browsing history from the address bar. Learn more","To rearrange the order of your tabs, simply click a tab and drag it to different position along the top of the browser window. Learn more about using tabs.","Quickly resize a tab by dragging it to a docking position on your monitor or browser window. Learn more","Drag a link to the tab strip at the top of your browser window to open it in a new tab.","Press Ctrl+T to open a new tab. Learn more keyboard shortcuts.","Press Ctrl+N to open a new browser window. Learn more keyboard shortcuts.","To search a site from the address bar, start typing the site's web address and press Tab when prompted. Then type your search term and press Enter. Learn more search tips.\n","Create address bar keywords for search engines you frequently use. Learn how","Press Ctrl and + to enlarge a page; Ctrl and - to make the page smaller; and Ctrl and 0 to return the page to its normal size. Learn more keyboard shortcuts.","Want to quickly search the page you're viewing? Press Ctrl+F to open the find bar. Learn more about using the find bar.\n","Press Ctrl+S to save your current webpage. Learn more keyboard shortcuts.","Press Ctrl+P to print your current webpage. Learn more keyboard shortcuts.","Press Ctrl+J to see a list of files you've downloaded. Learn more keyboard shortcuts.","Press Ctrl+H to see your browsing history. Learn more keyboard shortcuts.","You can click a tab and drag it out of the tab strip to open it in a new window. Learn more about using tabs. \n","Press Ctrl+Shift+N to open a new window in incognito mode. Pages you visit while in incognito mode aren't stored in your browsing history. Learn more","Press Ctrl+O to open a file in the browser. Learn more keyboard shortcuts.","Press F11 to go full screen. Learn more keyboard shortcuts.","Click the star next to the address bar to bookmark the page you're viewing. Learn more bookmarking tricks.\n","Place shortcuts for your favorite sites on your computer desktop. Learn more","Want to hide the thumbnails on the New Tab page? Click the thumbnails icon at the top of the page. Learn more about customizing the display of the page.","Did you know you can drag the star to the bookmarks bar to create a bookmark for the page? Learn more bookmarking tricks.","Did you know you can drag a link to the bookmarks bar to create an instant bookmark? Learn more bookmarking tricks.","Press Ctrl+Shift+T to reopen the last tab you closed. Use this shortcut repeatedly to reopen even more closed tabs. Learn more keyboard shortcuts.","Don't want to leave traces of your browsing history? Browse in incognito mode. Learn more","Accidentally closed a window full of tabs? Find it again in the Recently closed section of the New Tab page.","Don't see a home button next to the address bar? Learn how to add one to get easy access to your home page.","Search directly from the address bar. Type in a search term and press Enter to see immediate search results. Learn more search tips.\n","Press Ctrl+B to dock (or undock) your bookmarks bar under the address bar. Learn more keyboard shortcuts.","Press F6 to quickly place your cursor in the address bar. Learn more keyboard shortcuts."],"topic_id":"24013"},"tips_cache_update":"1255118616.45175","tips_server":"hxxps://clients2.google.com/tools/service/npredir?r=chrometips_win&hl=en-US","web_resource_cache_update":"1289839542.050625"},"profile":{"content_settings":{"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"id":"not-signed-in","name":"","nickname":""},"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={75D36C93-F77E-4871-8394-982DCA2DA57F}&mid=ec2b3ae8cfa847ce896705c47e32562e-17eeed0b43c491dac7d4b7e1cfef0296cdabaf56&lang=en&ds=pp011&pr=sa&d=2012-09-30 21:31:07&v=12.2.5.34&sap=hp"]},"tabs":{"use_vertical_tabs":false}}

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\Ann\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [25504 octets] - [13/10/2012 15:57:04]
AdwCleaner[S1].txt - [24991 octets] - [13/10/2012 19:19:59]

########## EOF - C:\AdwCleaner[S1].txt - [25052 octets] ##########

Re: FBI Moneypak trouble14th October 2012, 1:51 am

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

FBI Moneypak trouble NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

FBI Moneypak trouble NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

FBI Moneypak trouble RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

FBI Moneypak trouble Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Re: FBI Moneypak trouble14th October 2012, 9:02 am

Thanks SuperDave, I ran ComboFix and here's what I got...

ComboFix 12-10-14.03 - Ann 10/14/2012 4:51.18.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.1733 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\redaertaborca.pad
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Ann\Application Data\dvdae
c:\documents and settings\Ann\Application Data\dvdae\dvdae.config
c:\documents and settings\Ann\Application Data\dvdae\dvdae.lic
c:\documents and settings\Ann\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\Ann\WINDOWS
c:\program files\CouponAlert_2pEI
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\52f8e2e6ac6c8607.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
I:\Autorun.inf
I:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-01 19:02 . 2012-10-02 00:52 -------- d-----w- c:\documents and settings\Ann\Application Data\dvdcss
2012-10-01 01:54 . 2012-10-01 01:54 -------- d-----w- c:\documents and settings\Ann\Application Data\AnvSoft
2012-10-01 01:53 . 2012-10-01 01:53 -------- d-----w- c:\program files\AnvSoft
2012-10-01 01:30 . 2012-10-01 01:58 -------- d-----w- c:\documents and settings\Ann\Application Data\FMZilla
2012-10-01 01:30 . 2012-10-01 01:30 -------- d-----w- C:\downloads
2012-10-01 01:30 . 2012-10-01 01:58 -------- d-----w- c:\program files\Free Music Zilla
2012-10-01 01:30 . 2012-10-01 01:30 -------- d-----w- c:\documents and settings\Ann\Application Data\Orbit
2012-09-24 20:15 . 2012-09-24 20:15 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\WinZip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 21:26 . 2012-05-10 08:58 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 21:26 . 2011-05-17 18:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2010-03-31 02:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 23:55 . 2012-08-27 20:00 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2008-04-14 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2069632 ------w- c:\windows\system32\ntkrnlpa.exe
.

Code:

<pre>
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Norton 360\oscheck .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-22 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2012-09-22 1191768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SelectRebates"="c:\program files\SelectRebates\SelectRebates.exe" [N/A]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-02-22 577792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [N/A]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [N/A]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [N/A]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [N/A]
.
c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-7-20 603536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.524\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
"57946:TCP"= 57946:TCP:Pando Media Booster
"57946:UDP"= 57946:UDP:Pando Media Booster
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/20/2009 6:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/20/2009 5:17 PM 28544]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/27/2012 4:00 PM 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/29/2010 9:01 PM 12184]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/29/2010 9:29 PM 245760]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 5:01 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 5:01 AM 12184]
R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [8/28/2010 5:51 PM 16512]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2009 9:54 AM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 5:05 AM 1737728]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2/22/2010 11:44 AM 45312]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/10/2012 4:58 AM 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2009 9:54 AM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 11:35 AM 50704]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 07:40]
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 21:26]
.
2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003Core.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 17:08]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003UA.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 17:08]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
SafeBoot-qydqluj
AddRemove-Verizon Help and Support - c:\program files\Verizon\Uninstall.exe
AddRemove-vfd-ob - c:\program files\OApps\vfd-ob_uninstall.exe
AddRemove-Stamp Pad - SHAREWARE - c:\program files\DatawareGames\Stamp Pad Demo\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 04:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@DACL=(02 0000)
@="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx 0"=""
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-1"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@DACL=(02 0000)
@="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-2"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@DACL=(02 0000)
@="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-3"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@DACL=(02 0000)
@="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-4"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@DACL=(02 0000)
@="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-5"
"PerUserLocalSettings"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@DACL=(02 0000)
@="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-6"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@DACL=(02 0000)
@="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-7"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@DACL=(02 0000)
@="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-8"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@DACL=(02 0000)
@="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-9"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@DACL=(02 0000)
@="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-10"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@DACL=(02 0000)
@="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-11"
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@DACL=(02 0000)
@="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-12"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@DACL=(02 0000)
@="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-13"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@DACL=(02 0000)
@="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-14"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@DACL=(02 0000)
@="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-16"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@DACL=(02 0000)
@="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-17"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@DACL=(02 0000)
@="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-18"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@DACL=(02 0000)
@="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-19"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@DACL=(02 0000)
@="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-20"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@DACL=(02 0000)
@="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-21"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@DACL=(02 0000)
@="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-15"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\NTMARTA.DLL
.
Completion time: 2012-10-14 04:58:31
ComboFix-quarantined-files.txt 2012-10-14 08:58
ComboFix2.txt 2010-12-13 03:47
.
Pre-Run: 10,777,833,472 bytes free
Post-Run: 11,559,653,376 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D7593568E38E5933544E9270641D222B

Re: FBI Moneypak trouble14th October 2012, 6:34 pm

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

RenV::
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Norton 360\oscheck .exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

****************************************************
P2P - I see you have P2P software installed on your machine. (FrostWire 5)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*********************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

FBI Moneypak trouble AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

FBI Moneypak trouble AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply
********************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Re: FBI Moneypak trouble14th October 2012, 7:35 pm

Thanks SuperDave, here is the log from the Combofix run...

ComboFix 12-10-14.03 - Ann 10/14/2012 15:03:39.19.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.1883 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ann\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-01 19:02 . 2012-10-02 00:52 -------- d-----w- c:\documents and settings\Ann\Application Data\dvdcss
2012-10-01 01:54 . 2012-10-01 01:54 -------- d-----w- c:\documents and settings\Ann\Application Data\AnvSoft
2012-10-01 01:53 . 2012-10-01 01:53 -------- d-----w- c:\program files\AnvSoft
2012-10-01 01:30 . 2012-10-01 01:58 -------- d-----w- c:\documents and settings\Ann\Application Data\FMZilla
2012-10-01 01:30 . 2012-10-01 01:30 -------- d-----w- C:\downloads
2012-10-01 01:30 . 2012-10-01 01:58 -------- d-----w- c:\program files\Free Music Zilla
2012-10-01 01:30 . 2012-10-01 01:30 -------- d-----w- c:\documents and settings\Ann\Application Data\Orbit
2012-09-24 20:15 . 2012-09-24 20:15 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\WinZip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 21:26 . 2012-05-10 08:58 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 21:26 . 2011-05-17 18:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2010-03-31 02:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 23:55 . 2012-08-27 20:00 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2008-04-14 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2069632 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-22 3905408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2012-09-22 1191768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-02-22 577792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-7-20 603536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.524\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
"57946:TCP"= 57946:TCP:Pando Media Booster
"57946:UDP"= 57946:UDP:Pando Media Booster
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/20/2009 6:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/20/2009 5:17 PM 28544]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/27/2012 4:00 PM 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 5:05 AM 1737728]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/29/2010 9:01 PM 12184]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2/22/2010 11:44 AM 45312]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/29/2010 9:29 PM 245760]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 5:01 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 5:01 AM 12184]
R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [8/28/2010 5:51 PM 16512]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2009 9:54 AM 133104]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/10/2012 4:58 AM 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2009 9:54 AM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 11:35 AM 50704]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 07:40]
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 21:26]
.
2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003Core.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 17:08]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003UA.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 17:08]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 15:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@DACL=(02 0000)
@="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx 0"=""
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-1"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@DACL=(02 0000)
@="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-2"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@DACL=(02 0000)
@="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-3"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@DACL=(02 0000)
@="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-4"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@DACL=(02 0000)
@="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-5"
"PerUserLocalSettings"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@DACL=(02 0000)
@="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-6"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@DACL=(02 0000)
@="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-7"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@DACL=(02 0000)
@="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-8"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@DACL=(02 0000)
@="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-9"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@DACL=(02 0000)
@="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-10"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@DACL=(02 0000)
@="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-11"
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@DACL=(02 0000)
@="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-12"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@DACL=(02 0000)
@="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-13"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@DACL=(02 0000)
@="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-14"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@DACL=(02 0000)
@="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-16"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@DACL=(02 0000)
@="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-17"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@DACL=(02 0000)
@="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-18"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@DACL=(02 0000)
@="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-19"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@DACL=(02 0000)
@="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-20"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@DACL=(02 0000)
@="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-21"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@DACL=(02 0000)
@="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-15"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\NewTech Infosystems\Backup Now EZ\Pehook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-10-14 15:29:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-14 19:29
ComboFix2.txt 2012-10-14 08:58
ComboFix3.txt 2010-12-13 03:47
.
Pre-Run: 11,536,351,232 bytes free
Post-Run: 11,521,814,528 bytes free
.
- - End Of File - - A3F619C1B1CE5FC3EADA32DCFB000DC1

Re: FBI Moneypak trouble14th October 2012, 7:37 pm

and the log from aswMBR...

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-14 15:35:30
-----------------------------
15:35:30.875 OS Version: Windows 5.1.2600 Service Pack 3
15:35:30.875 Number of processors: 1 586 0x2F02
15:35:30.875 ComputerName: ANN-A26CF12946F UserName: Ann
15:35:31.906 Initialize success
15:35:58.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:35:58.484 Disk 0 Vendor: SAMSUNG_SP2004C VM100-38 Size: 190782MB BusType: 3
15:35:58.484 Disk 0 MBR read successfully
15:35:58.484 Disk 0 MBR scan
15:35:58.484 Disk 0 Windows XP default MBR code
15:35:58.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset 63
15:35:58.500 Disk 0 scanning sectors +390700800
15:35:58.578 Disk 0 scanning C:\WINDOWS\system32\drivers
15:36:03.593 Service scanning
15:36:13.046 Modules scanning
15:36:18.656 Disk 0 trace - called modules:
15:36:18.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:36:18.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ace2ab8]
15:36:18.671 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8ace7138]
15:36:19.187 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad02d98]
15:36:19.187 Scan finished successfully
15:36:27.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ann\Desktop\MBR.dat"
15:36:27.671 The log file has been saved successfully to "C:\Documents and Settings\Ann\Desktop\aswMBR.txt"

Re: FBI Moneypak trouble14th October 2012, 7:45 pm

and the log from SysProt...

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: BA138000
Module End: BA147000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B3798000
Module End: B37B0000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5FA000
Module End: BA5FC000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: B3A64000
Module End: B3A6C000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: BA616000
Module End: BA618000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\Ann\LOCALS~1\Temp\aswMBR.sys
Service Name: aswMBR
Module Base: B0277000
Module End: B0283000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: BA11887E
Driver Base: BA118000
Driver End: BA127000
Driver Name: Lbd.sys

Function Name: ZwQueryValueKey
Address: BA2E9258
Driver Base: BA2E8000
Driver End: BA2F3000
Driver Name: \??\C:\WINDOWS\system32\drivers\avgtpx86.sys

Function Name: ZwSetValueKey
Address: BA118BFE
Driver Base: BA118000
Driver End: BA127000
Driver Name: Lbd.sys

Function Name: ZwTerminateProcess
Address: B49C7640
Driver Base: B49BD000
Driver End: B49DF000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Ann\Desktop\My Art\In Progress\Yaoguài with helmet Final Final.PNG
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Art\In Progress\Yaoguài with helmet Final.PNG
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Art\In Progress\Yaoguài with helmet.PNG
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Art\In Progress\Yaoguài.PNG
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Downloaded Music\John Carpenter - The End (Nuri Alço Flim Muzigi).mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Downloads\SPT Layzner BGM COLLECTION Vol.1~4.part1.rar
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Downloads\??????????SPT????? BGM COLLECTION Vol.1~4.rar
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Macross, Vol. 2\05 ?·????????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Macross, Vol. 2\11 ????·?·???.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Macross, Vol. 2\18 ??·???????·????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Macross, Vol. 2\25 ?·????????(???·?????).wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Original Broadway Cast Recording\Ultraman Tiga the Final Odyssey\01 ???-F??~?????-.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Original Broadway Cast Recording\Ultraman Tiga the Final Odyssey\10 ???···????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Original Broadway Cast Recording\Ultraman Tiga the Final Odyssey\11 GUTS??!.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Original Broadway Cast Recording\Ultraman Tiga the Final Odyssey\12 ?????~??????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Original Broadway Cast Recording\Ultraman Tiga the Final Odyssey\20 ”????”??~??????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\Vol I\22 Run Through! ~WANDABA ?CREW GUYS?~.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\01 ô·üXé¦ûóùê.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\02 âEâïâgâëâ}âôâüârâEâXüiTVâTâCâYÑë¦Äì2ö+üj.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\03 û+ô·é+é¦ö=p-.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\04 â~âTâLé¦Å+èt.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\05 âTâRâ~âYé¦ïxô·.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\06 Ä+ê½é¦É+ï¯.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\07 Æçè+ÆBé¦æzéó.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\08 ùEÄ-é¦òaé¦.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\09 ïÄéFé¦ô·é¦î).mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\10 ò-éOé¦ù_è¦.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\11 â~âëâCé¦òsê+.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\12 öjû+é¦ù_Æ¢.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\13 ÉNù¬Ä-é¦Éµò¦.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\14 ò-éOé¦ô·.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\15 ùúò-é¦ö¯é¦é¦.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\16 âEâïâgâëâ}âôâüârâEâXü`É+é+é¡ü`.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\17 âèâàâEé¦ùJéó.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\18 ëpùYé¦ò£èê.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\20 Åƒùÿé¦ÄP.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\21 GUYSé¦ùFÅe.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\22 âRâmâ~é¦ò=ò¿.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\23 âeâbâyâCé¦ô·Åf.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\24 Åëé¯é-é¦é¿Ägéó.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\25 Ä+òùé¦âWâçü[âW.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\26 âEâïâgâëâ}âôé¦Ådê¦.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\27 ë÷ÅbÄgéóé¦êGÄY.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\28 êúé¦é¦é¦ô¼æê.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\29 è=û]é¦ô¦.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\30 òùé¦â}âèâi.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\31 ê+ê+é¬été¦É¦.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\32 öeÄ+ì~ù+.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\33 ÉGû]é¦ê+ë_.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\34 ÄE¥Cé¦ìrû8.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\36 âEâïâgâëé¦ùEÄ-ÆB.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\37 Åhû+é¦ô·.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\38 ùFÅeé¦pJ.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\39 âEâïâgâëâ}âôâüârâEâXü`ùDé¦é¡ü`.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Mebius OST\âEâïâgâëâ}âôâüârâEâX ORIGINAL SOUNDTRACK VOL_2\40 ë¦ÆBé¦ùâ.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Ultraman Nexus\47 Fight The Futureü`âEâïâgâëâ}âôâlâNâTâXé¦âeü[â}ü`.mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Unknown Artist\Gaia album III\10 ?????????·????!.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Unknown Artist\Gaia album III\13 ???·?????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Unknown Artist\Gaia album III\18 ?????(???·?????????).wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Unknown Artist\Gaia album III\21 XIG??!-.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Unknown Artist\Gaia album III\22 ??!?????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Unknown Artist\Gaia album III\26 ?????·?????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Unknown Artist\Gaia album III\29 ????????(???&???).wma
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\Xmas Pt I\L'Arc~en~Ciel ?Hurry Xmas? (2007.11.14) .mp3
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\My Tunes\TV????
Status: Hidden

Object: C:\Documents and Settings\Ann\Desktop\tdsskiller\Downloaded Soundtracks 7-4-2011\Superman. The Music (1978-1988) - JW, KT, AC, RJ & GM\CD 4. Superman III\10 - Lana and Clark on telephone - Kryptonite sting - Superman affected by kryptonite - Superman too
Status: Hidden

Object: C:\Documents and Settings\Ann\Favorites\The Good, the Bad, and Godzilla ?·?????? Monster of the Month Giant Fire Monster ARON.url
Status: Hidden

Object: C:\Documents and Settings\Ann\Favorites\YouTube - Choju Kishin Dancouga - GOD BLESS DANCOUGA - Combination.url
Status: Hidden

Object: C:\Documents and Settings\Ann\Favorites\YouTube - ?????????(godzilla suit fitting-2).url
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\FrostWire\Torrent Data\Underworld Trilogy (2003 - 2009) - Original Scores (EAC-MP3-320kbps)\Underworld ''Evolution'' Original Score (2006) - Marco Beltrami (EAC-MP3-320kbps)\14 - Marco Beltrami - Marcus Hits Snoo
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\FrostWire\Torrent Data\Underworld Trilogy (2003 - 2009) - Original Scores (EAC-MP3-320kbps)\Underworld ''Evolution'' Original Score (2006) - Marco Beltrami (EAC-MP3-320kbps)\18 - Marco Beltrami - Marcus Taps Tann
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\FrostWire\Torrent Data\Underworld Trilogy (2003 - 2009) - Original Scores (EAC-MP3-320kbps)\Underworld ''Evolution'' Original Score (2006) - Marco Beltrami (EAC-MP3-320kbps)\21 - Marco Beltrami - He Is My Sonshin
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\My Music\Keith Emerson\Godzilla Final Wars\04 MANDA vs GOTENGO (???vs???).wma
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\My Music\SYNERGY SYSTEM\Record of the Lodoss Wars II\05 ??·???.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\My Music\SYNERGY SYSTEM\Record of the Lodoss Wars II\11 ???????? ~????????.wma
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\My Music\?? ?
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\My Music\10
Status: Hidden

Object: C:\Documents and Settings\Ann\My Documents\My Music\THE ROYAL PHILHARMONIC ORCHESTRA
Status: Hidden

Object: C:\Documents and Settings\Ann\Recent\Yaoguài.lnk
Status: Hidden

Object: C:\Documents and Settings\Ann\Recent\??????????SPT????? BGM COLLECTION Vol.1~4 (2).lnk
Status: Hidden

Object: C:\Documents and Settings\Ann\Recent\??????????SPT????? BGM COLLECTION Vol.1~4.lnk
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Re: FBI Moneypak trouble15th October 2012, 1:04 am

How's your computer running now? Any other issues?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the FBI Moneypak trouble EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the FBI Moneypak trouble EsetStart

button.
•Accept any security warnings from your browser.
•Check FBI Moneypak trouble EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push FBI Moneypak trouble EsetListThreats

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the FBI Moneypak trouble EsetBack

button.
•Push FBI Moneypak trouble EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: FBI Moneypak trouble15th October 2012, 2:07 pm

And here is the Eset Scan Log...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f36567a16cc78148b486ee3eb746938b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-15 01:36:31
# local_time=2012-10-15 09:36:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1026 16777214 0 2 57430780 57430780 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 57046661 57046661 0 0
# scanned=262546
# found=4
# cleaned=4
# scan_time=12184
C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs\ChuzzleDeluxe_EN-dm[1].exe a variant of Win32/Adware.Trymedia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\My Documents\Downloads\WinZip165(79).exe a variant of Win32/OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\My Documents\Downloads\WinZip165.exe a variant of Win32/OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{9086F958-1A28-44F2-A305-A43F75EAD5E1}\RP1\A0000268.exe a variant of Win32/Adware.Trymedia.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: FBI Moneypak trouble15th October 2012, 7:33 pm

Ok, if there are no other issues, we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

FBI Moneypak trouble Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*******************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

FBI Moneypak trouble Diskcleanup2

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

FBI Moneypak trouble Diskcleanup

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
******************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

FBI Moneypak trouble

descriptionFBI Moneypak trouble13th October 2012, 9:33 am

descriptionRe: FBI Moneypak trouble13th October 2012, 9:34 am

descriptionRe: FBI Moneypak trouble13th October 2012, 9:37 am

descriptionRe: FBI Moneypak trouble13th October 2012, 7:11 pm

descriptionRe: FBI Moneypak trouble13th October 2012, 7:56 pm

descriptionRe: FBI Moneypak trouble13th October 2012, 7:57 pm

descriptionRe: FBI Moneypak trouble13th October 2012, 9:21 pm

descriptionRe: FBI Moneypak trouble13th October 2012, 9:22 pm

descriptionRe: FBI Moneypak trouble13th October 2012, 10:35 pm

descriptionRe: FBI Moneypak trouble13th October 2012, 11:33 pm

descriptionRe: FBI Moneypak trouble14th October 2012, 1:51 am

descriptionRe: FBI Moneypak trouble14th October 2012, 9:02 am

descriptionRe: FBI Moneypak trouble14th October 2012, 6:34 pm

descriptionRe: FBI Moneypak trouble14th October 2012, 7:35 pm

descriptionRe: FBI Moneypak trouble14th October 2012, 7:37 pm

descriptionRe: FBI Moneypak trouble14th October 2012, 7:45 pm

descriptionRe: FBI Moneypak trouble15th October 2012, 1:04 am

descriptionRe: FBI Moneypak trouble15th October 2012, 2:07 pm

descriptionRe: FBI Moneypak trouble15th October 2012, 7:33 pm

descriptionRe: FBI Moneypak trouble