Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Moneypak Virus on my computer


  • Please log in to reply

#1
Snoopy33

Snoopy33

    Member

  • Member
  • PipPip
  • 38 posts
A week ago, I was browsing the internet and the FBI Moneypak virus showed up on my computer and was frozen. I could not do anything mexcept shutdown the computer. I turned the computer on and tried to get online, but I got frozen again. I decided to do nothing, but researched on other computer for help. I found Geekstogo.com. I read the topics related to FBI Moneypak Virus, but some have different issues and I rather to start my thread. I am hoping one of you can help me remove the virus.

Here's the OTL.txt
OTL logfile created on: 10/3/2012 3:54:09 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Michael L Cross Jr\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 3.29 Gb Available Physical Memory | 82.57% Memory free
8.15 Gb Paging File | 7.57 Gb Available in Paging File | 92.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.12 Gb Total Space | 440.26 Gb Free Space | 75.24% Space Free | Partition Type: NTFS
Drive D: | 11.05 Gb Total Space | 1.47 Gb Free Space | 13.34% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael L Cross Jr | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 15:54:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael L Cross Jr\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 11:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/05/21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2012/05/16 16:13:16 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/29 02:28:38 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/03/29 02:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/11/03 18:10:08 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/08 13:27:00 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/08 13:25:12 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/05/08 13:24:08 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/03/25 05:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/02/14 10:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/10/18 11:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/05/31 13:39:32 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/05/01 03:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/06/19 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/10/01 20:03:02 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20121001.020\ex64.sys -- (NAVEX15)
DRV - [2012/10/01 20:03:02 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20121001.020\eng64.sys -- (NAVENG)
DRV - [2012/08/31 20:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120929.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/13 15:54:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 16:04:17 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{29D97083-A186-47BA-8E9C-68B1D3C9975C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{D6FDEB89-3252-453D-9724-BB3F8AB7469D}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{29D97083-A186-47BA-8E9C-68B1D3C9975C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D6FDEB89-3252-453D-9724-BB3F8AB7469D}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
IE - HKCU\..\SearchScopes,DefaultScope = {242D95C4-369B-4676-9150-A15C39EB586C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{242D95C4-369B-4676-9150-A15C39EB586C}: "URL" = http://www.google.co...1I7ADBF_enUS331
IE - HKCU\..\SearchScopes\{29D97083-A186-47BA-8E9C-68B1D3C9975C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D6FDEB89-3252-453D-9724-BB3F8AB7469D}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/21 22:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/17 22:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/10/01 19:43:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/21 22:49:45 | 000,000,000 | ---D | M]

[2009/10/21 18:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael L Cross Jr\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (D-Link Toolbar) - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Michael L Cross Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\Users\Michael L Cross Jr\Desktop\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29E4EBF2-D7CB-4FD6-B4A9-C3E4D44D618E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img12.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img12.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b6dccbff-fa1a-11dd-8b69-0022153443e6}\Shell - "" = AutoRun
O33 - MountPoints2\{b6dccbff-fa1a-11dd-8b69-0022153443e6}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/01 16:46:31 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Michael L Cross Jr\Desktop\OTL.exe
[2012/09/26 18:05:14 | 000,000,000 | ---D | C] -- C:\Users\Michael L Cross Jr\AppData\Roaming\HPAppData

========== Files - Modified Within 30 Days ==========

[2012/10/03 15:51:39 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/03 15:51:39 | 000,603,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/03 15:51:39 | 000,103,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/03 15:47:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/01 21:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/01 21:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/01 21:39:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/01 19:41:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/01 17:40:44 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/01 17:18:04 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Michael L Cross Jr\Desktop\OTL.exe
[2012/09/26 18:04:43 | 083,023,306 | ---- | M] () -- C:\Users\Michael L Cross Jr\Desktop\emorhc.pad
[2012/09/26 17:23:20 | 000,000,652 | ---- | M] () -- C:\Users\Michael L Cross Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/09/26 06:52:07 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\isolate.ini
[2012/09/25 16:02:39 | 000,008,888 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120921.034
[2012/09/22 23:12:37 | 002,565,787 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB

========== Files Created - No Company Name ==========

[2012/09/26 17:23:20 | 000,000,652 | ---- | C] () -- C:\Users\Michael L Cross Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/09/26 17:23:19 | 083,023,306 | ---- | C] () -- C:\Users\Michael L Cross Jr\Desktop\emorhc.pad
[2012/02/20 12:48:01 | 000,001,253 | ---- | C] () -- C:\Windows\hpomdl41.dat.temp
[2012/02/09 16:46:26 | 000,000,680 | ---- | C] () -- C:\Users\Michael L Cross Jr\AppData\Local\d3d9caps.dat
[2012/01/27 18:42:43 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/05/18 21:53:14 | 000,001,940 | ---- | C] () -- C:\Users\Michael L Cross Jr\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/02/09 23:20:38 | 000,006,144 | ---- | C] () -- C:\Users\Michael L Cross Jr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2008/12/15 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\acccore
[2009/11/28 11:00:00 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\Canon
[2012/08/21 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\Garmin
[2012/01/27 18:53:40 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\Nolo
[2012/04/02 17:38:14 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\Opera
[2008/09/24 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\Research In Motion
[2010/11/16 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\Tific
[2008/09/17 19:34:16 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\WildTangent
[2008/09/22 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\Michael L Cross Jr\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9D718DA3

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - Startup: C:\Users\Michael L Cross Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\Users\Michael L Cross Jr\Desktop\lsass.exe (Microsoft Corporation)

:files
C:\Users\Michael L Cross Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\Users\Michael L Cross Jr\Desktop\lsass.exe
C:\Users\Michael L Cross Jr\Desktop\emorhc.pad
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Public\AppData\Local\Temp\*.exe
C:\Users\Michael L Cross Jr\AppData\Local\Temp\*.exe
netstat -ano | find "16464" /c
netstat -ano | find "16465" /c
netstat -ano | find "16470" /c
netstat -ano | find "16471" /c
netstat -ano | find "21810" /c
netstat -ano | find "22292" /c
netstat -ano | find "34354" /c
netstat -ano | find "34355" /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10042012-some number.log so if you don't see it look there.

Did that get it?
  • 0

#3
Snoopy33

Snoopy33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I followed your instruction. However, after OTL rebooted my PC, I don't see the log. How can I find the log so I can save it and copy/paste it?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10042012-some number.log so if you don't see it look there.

Is the FBI warning gone?
  • 0

#5
Snoopy33

Snoopy33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I don't see FBI warning on my PC anymore. Is there another way to make sure FBI warning virus is not hiding somewhere in my PC.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#7
Snoopy33

Snoopy33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
ESET Scan here copied and pasted below...

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a49139dfec42324da5b6a075fa341ba6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-05 01:03:21
# local_time=2012-10-04 09:03:21 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3589 16777214 100 71 0 99970404 0 0
# compatibility_mode=5892 16776574 100 56 90469258 185993014 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=200345
# found=2
# cleaned=2
# scan_time=4692
C:\Users\Michael Cross\Downloads\PDFConverterSetup.exe a variant of Win32/InstallCore.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10042012_160624\C_Users\Michael Cross Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk Win32/Reveton.J trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C




Bitdefender quickscan copied and pasted below...


QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Thu Oct 04 21:14:16 2012
Machine ID: 9A601091



No infection found.
-------------------



Processes
---------
Windows® Internet Explorer 768 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 904 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 1240 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 1712 C:\Program Files (x86)\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.139
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.139
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.139
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.154
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.154
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.155
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.155
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.106
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.142.106
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 199.7.57.72



Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Adobe Photo Downloader C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
CEEment C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
CommonSDK C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
Garmin Lifetime Updater C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
GrooveMonitor Utility C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
HP Digital Imaging C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
hpsysdrv Application c:\hp\support\hpsysdrv.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
KbdStub.EXE C:\HP\KBD\KbdStub.EXE
Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe
Microsoft® Windows® Operating System C:\Windows\system32\browseui.dll
Microsoft® Windows® Operating System C:\Windows\system32\logon.scr
Microsoft® Windows® Operating System C:\Windows\system32\oobefldr.dll
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
AcroIEHelper Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelper.dll
Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx
Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\Manager.exe
AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
D-Link Toolbar for Internet Explorer c:\program files (x86)\d-link toolbar\dlinktb.dll
Facebook Photo Uploader 5 C:\Windows\Downloaded Program Files\PhotoUploader5.ocx
Facebook Photo Uploader 5 C:\Windows\Downloaded Program Files\PhotoUploader55.ocx
Family Feud C:\Windows\Downloaded Program Files\familyfeud.ocx
Games C:\Windows\Downloaded Program Files\wwlaunch.ocx
Garmin Communicator Plug-In C:\Windows\Downloaded Program Files\GarminAxControl.ocx
Garmin Communicator Plug-In C:\Windows\Downloaded Program Files\GarminAxControl_32.ocx
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
Java™ Platform SE 6 U26 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MetaStream 3 Plugin C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
Norton Confidential c:\program files (x86)\norton 360\engine\6.4.0.9\coieplg.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
Pogo Web Launcher C:\Windows\Downloaded Program Files\PogoWebLauncher.ocx
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
Software Manager C:\Windows\Downloaded Program Files\isusweb.dll
Symantec Intrusion Detection c:\program files (x86)\norton 360\engine\6.4.0.9\ips\ipsbho.dll
the Price is Right C:\Windows\Downloaded Program Files\tpir.ocx
unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
Yahoo! Toolbar c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: 7088b136bb58a5f95cf0de8386ca6c0f C:\HP\KBD\KbdStub.EXE
MD5: 9a4322ee420d6facd4d4b1ff6cb856b1 c:\hp\support\hpsysdrv.exe
MD5: fd5f202b1fc7801735c9743b6a38e515 C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
MD5: 2486c8e3f14496341e90cf2ab8bc82ed C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MD5: c69dbfa61fe3dea653a9b83c3a2b052b C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: f832f1505ad8b83474bd9a5b1b985e01 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 5aa788d5a2c6737bb9c45933985bc1b8 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: dfeff67508d3a9aeb1a85d7b0f513b24 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: b9ea6e59e526b10a2a09f5b9d729797d C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
MD5: 3daf385624abf3c3bbfb05cff2aca7d6 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
MD5: 8f366d03a7fda7527f76f01f695b0205 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
MD5: b1fb1c4396a9d0fb074d8e90369f5129 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MD5: 42fef84684d217870f3c8813b6f58276 C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
MD5: 4353ff94d47a0a9d52b89eccf0cdb013 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
MD5: c5bccb378d0a896304a3e71be7215983 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: e0ab785aeb76522bcec995c49a717d2e c:\program files (x86)\d-link toolbar\dlinktb.dll
MD5: a387d093b66727bf3edf517e2f4d87c5 C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
MD5: 5d4bc124faae6730ac002cdb67bf1a1c C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: a43d7a68d70f57e44352a1973c8196a8 c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
MD5: cb383ab0b8ba871d893b86d3c9a3ed9f c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
MD5: 89f9670b7e1e76313646ba8692cb62cb C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
MD5: 6139ae70e943b2a57ad04b70a316c0a0 C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
MD5: 0a3c6aa4a9fc38c20ba4eac2c3351c05 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: f3f72a2a86c22610bca5439fa789dd52 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: d972f48d0ce396759b788693cd665926 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
MD5: 1117af8c53aa278a4c5b7ef1b00e08f4 C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
MD5: 5e4ff36923c37c80b537dce6caa755f9 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 2dad4b6b659f7e5dfbcb6d2c634fa6f3 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 22cc6cdba678790046693654c3b212e4 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: f3deaa1f2fcf70faf6de3757ca343fa5 C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: 2658ce01d183bc62e7c46a1c9969632e C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: e7d55e121ff1951cb86c7e0dc6a33877 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 123271bd5237ab991dc5c21fdf8835eb C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
MD5: 0e34b7bb1fcf22bcc1e394d16f9e992b C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
MD5: 30efebdc960a482e3e188b9960b286e2 C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.DLL
MD5: 30db64d316f502558db2380f7343c9fd C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
MD5: 207204af80505af51271fe164b56f662 C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.DLL
MD5: f2840dbfe9322f35557219ae82cc4597 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
MD5: 2a1c123964701339d93e8d5b3837db7d c:\program files (x86)\norton 360\engine\6.4.0.9\coieplg.dll
MD5: ff3e0c3dcce988eb391823f62f9397d0 c:\program files (x86)\norton 360\engine\6.4.0.9\ips\ipsbho.dll
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: f3395d205dec030dce54d4575774cfba C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
MD5: 95519cbef94773af7cd2b26029dceea7 C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
MD5: 5f974fde801c73952770736becde11e7 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
MD5: b7dc98f6f4e7611a9c0849945fb28fb9 C:\Program Files (x86)\Windows Defender\MpOav.dll
MD5: a6d643a5f5b416fcc1c8049bbaf763ba c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
MD5: c8a2fa2ee9241b8d66f9d7de9ae34aee C:\Program Files\Bonjour\mdnsNSP.dll
MD5: 3d62fe4fefe9c67dafec52b534dfa1fb C:\Program Files\iPod\bin\iPodService.exe
MD5: b6a7e7f43234bfa6a8e6cc4110cb9448 C:\Program Files\Windows Media Player\WMPNSCFG.exe
MD5: 9c5a0f070196b601d629f5ba9aa921f8 C:\Program Files\Windows Sidebar\sidebar.exe
MD5: a45be4e091636f6c86d6e4fc945d5a26 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
MD5: a48928d4cca6f8b731989db08cf2c0ab C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120929.001\IDSvia64.sys
MD5: c58d8a669d6551f616d90244bd2c2d4f C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20121001.020\ENG64.SYS
MD5: a3dbdb412adfa5882dd6843b11fe0828 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20121001.020\EX64.SYS
MD5: 006c83751b9f17934b58085d0b7bda2c C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll
MD5: 352ab6c3942e509332dec566aabcfd62 C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx
MD5: 01e2eca759056f23c73a035fdabb2d6d C:\Windows\Downloaded Program Files\dwusplay.exe
MD5: 103b2e2965ae207c0498709e8d9a07ce C:\Windows\Downloaded Program Files\familyfeud.ocx
MD5: 181e3faed04bb854e406d0972337c4fa C:\Windows\Downloaded Program Files\GarminAxControl.ocx
MD5: 8e854ea36f764e234b7df0e9d1682006 C:\Windows\Downloaded Program Files\GarminAxControl_32.ocx
MD5: 455ca248a92816766fad91b5ce258773 C:\Windows\Downloaded Program Files\Manager.exe
MD5: 05fc627b70bb6fe4d4c534de32f4eac7 C:\Windows\Downloaded Program Files\PogoWebLauncher.ocx
MD5: 56940b50ab0e5923822f47b0e4463885 C:\Windows\Downloaded Program Files\qsax.dll
MD5: 8df2a0aa3c283c43b1c83786290d45d2 C:\Windows\Downloaded Program Files\tpir.ocx
MD5: 6f678556a6fce04fc94f3435f6313705 C:\Windows\Downloaded Program Files\unagiuninst.exe
MD5: f2a3b1f73918946b5ecbc03212a53e29 C:\Windows\Downloaded Program Files\wwlaunch.ocx
MD5: 14ce384d2e27b64c256bda4dc39c312d C:\Windows\ehome\ehRecvr.exe
MD5: b93159c1313d66fdfbbe876f5189cd52 C:\Windows\ehome\ehsched.exe
MD5: f5ee2527d74449868e3c3227a59bcd28 C:\Windows\ehome\ehstart.dll
MD5: 65437dad4f238ea9549408a783002222 C:\Windows\ehome\ehTray.exe
MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: 74751dda198165947fd7454d83f49825 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe
MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\bcrypt.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: f180ede9cfc3ff218d4b45155119f4d9 C:\Windows\system32\CRYPT32.dll
MD5: f798a893c8c214f74889dbf9d3a412de C:\Windows\system32\cryptnet.dll
MD5: 75c6a297e364014840b48eccd7525e30 C:\Windows\system32\cryptsvc.dll
MD5: e9b39c81c87e5b790fce121da9e02701 C:\Windows\system32\d2d1.dll
MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll
MD5: 5256383d1d266a9eefcdb270340c0e5c C:\Windows\system32\d3d10_1.dll
MD5: a441f5b43eaf4bd4e3acfbe38841b46b C:\Windows\system32\d3d10_1core.dll
MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll
MD5: 4a4c71376eca305d6dea021f1a44816d C:\Windows\system32\D3D10Warp.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: cabd1b34bd05c986b4dbc18bc0e947ee C:\Windows\system32\DWrite.dll
MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 C:\Windows\system32\IEFRAME.dll
MD5: cc0713b192bf47a124168957acd75cc1 C:\Windows\system32\IEUI.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL
MD5: b17d18fd6594aaa25cbc95e799b1bf40 C:\Windows\system32\logon.scr
MD5: bf142d4f8c61ed3629a9cdd7ba867900 C:\Windows\system32\MFPlat.DLL
MD5: bb197f54a8f69eea8356b7f70e6d3a20 C:\Windows\system32\MSHTML.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll
MD5: 6abd253226770eae1292b4c945ed4b4b C:\Windows\System32\msxml3.dll
MD5: 024528e25bbe8768536861ea09be1672 C:\Windows\System32\msxml6.dll
MD5: 188cc19108b0ebd6332d6628d4ede469 C:\Windows\system32\ncrypt.dll
MD5: 98b656eaf128cd06f625b09c84d959e1 C:\Windows\system32\NETAPI32.dll
MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll
MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\SHDOCVW.dll
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\UxTheme.dll
MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\system32\WINHTTP.dll
MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV
MD5: e253e5da1249a471d913f7ea4c81faf6 C:\Windows\system32\WINTRUST.dll
MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 c:\windows\syswow64\ieframe.dll
MD5: eb8a00e8e9931a7ec04f920b09d880d8 C:\Windows\syswow64\iertutil.dll
MD5: eb49faa5ebbc06356fb12476438781b9 C:\Windows\syswow64\imagehlp.dll
MD5: 394373142655accf49d64aad466c86ff C:\Windows\SysWOW64\jscript9.dll
MD5: a5830f679b5b38ae9700a72087178745 C:\Windows\syswow64\kernel32.dll
MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL
MD5: fe8797f9dc9a6bbf18d6db12142ed7e2 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx
MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\syswow64\msvcrt.dll
MD5: 6aaf63a85181e39f94ec0641c55a4ef0 C:\Windows\SysWOW64\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll
MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\syswow64\OLEAUT32.dll
MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe
MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll
MD5: 50e3e76b0901bb4fc029bb88bfa5ce79 C:\Windows\SysWOW64\schannel.dll
MD5: 3d4dd2d3d59abe3ba902778c57d2e004 C:\Windows\syswow64\Secur32.dll
MD5: aaf101900a23d75ae1ae00840fa6f3b8 C:\Windows\syswow64\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll
MD5: 9fac0f6d5f3d922db294e30cd3f62369 C:\Windows\syswow64\urlmon.dll
MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll
MD5: dbbbe5b64e2fe1af8be76ccaa2b54dfc C:\Windows\SysWOW64\vbscript.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 5553611e2f9ea6f613079177f1233068 C:\Windows\syswow64\WININET.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: 76eaef4ddebbc7c38853f586c0e91dce C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.82 KB recvd
Scanned 284 files and modules - 25 seconds

==============================================================================
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Looks pretty good. Eset found one download that it thought was bad and it found the file we had OTL remove, BD didn't find anything except some old Java. 6 update 26 is still present.

I think you are probably clean.



We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.

To hide hidden files again (if needed):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
Snoopy33

Snoopy33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thank you for your time to help me guide on removing virus on my computer. I don't see any FBI warning on my computer. Thank you again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP