NEW TDL Rootkit - reports not running - by request of Broni

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
←
1
2
3

You cannot start a new topic
This topic is locked

NEW TDL Rootkit - reports not running - by request of Broni from thread: http://www.bleepingcomputer.com/forums/topic440614.html/p

#31 solomonte

Member

Group: Members
Posts: 26
Joined: 20-January 12

Posted 23 February 2012 - 03:43 AM

Hi Sweet Tech,

Alright MSE is installed now.

However, Windows Update is NOT running though - Can't seem to check for Updates at all - the Error Code is 80096001

The OTL Log is below.

Thanks,

Jess

OTL logfile created on: 23/02/2012 00:17:40 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\JCP\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.88% Memory free
4.00 Gb Paging File | 2.95 Gb Available in Paging File | 73.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 131.11 Gb Free Space | 28.16% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 465.65 Gb Total Space | 249.73 Gb Free Space | 53.63% Space Free | Partition Type: NTFS

Computer Name: JCP-PC | User Name: JCP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 21:37:03 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/14 21:36:49 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.) -- C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe
PRC - [2012/02/04 12:28:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 13:32:47 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/08 14:15:40 | 000,167,936 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2010/01/08 15:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/11/20 15:18:24 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
PRC - [2009/11/15 11:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/07/29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\MAFWTray.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/01/13 11:28:48 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/07 15:17:37 | 000,494,408 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.698\ppgooglenaclpluginchrome.dll
MOD - [2012/02/07 15:17:33 | 000,219,152 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.698\avformat-53.dll
MOD - [2012/02/07 15:17:33 | 000,142,328 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.698\avutil-51.dll
MOD - [2012/02/07 15:17:32 | 001,633,288 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.698\avcodec-53.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/20 15:18:24 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
MOD - [2009/06/22 00:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2009/04/27 12:55:12 | 000,678,400 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/03/11 13:41:42 | 000,049,152 | ---- | M] () -- C:\Program Files\OxelonMedia\menuext.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/02/14 21:37:03 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/02/14 21:36:49 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2010/02/24 19:16:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/08 16:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 15:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/13 11:28:48 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

========== Driver Services (SafeList) ==========

DRV - [2012/02/14 21:36:49 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/02/10 01:23:19 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/07 15:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/07/01 16:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/12 14:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/01/08 15:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/20 15:18:50 | 000,023,600 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\motubus.sys -- (motubus)
DRV - [2009/11/20 15:18:44 | 000,026,160 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MFWAMIDI.sys -- (mfwamidi)
DRV - [2009/11/20 15:18:38 | 000,464,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motufwa.sys -- (MotuFWA)
DRV - [2009/11/20 15:18:34 | 000,069,680 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfwawave.sys -- (mfwawave)
DRV - [2009/11/17 22:40:20 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/07/29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mafw.sys -- (MAFW)
DRV - [2009/07/13 14:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/05/13 14:47:44 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/05/13 14:47:44 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/01/13 11:27:36 | 000,306,812 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/11 02:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/21 16:04:16 | 000,029,696 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SeratoUsb.sys -- (SeratoUsb)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.logmeinrescue.com/CA-EN/TechConsole/Console.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 85 E2 AE F3 5B CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {22AA42EA-508C-4b90-9BDA-836A848B6492}:2.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.03
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.4
FF - prefs.js..extensions.enabledItems: {C3A8BC35-ADF4-46c9-B81E-69BF809BF681}:1.30
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.4
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: TechnicianConsole@logmeinrescue.com:6.1.0.617
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\JCP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\JCP\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JCP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JCP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 21:58:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 01:30:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/21 01:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/14 00:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/11/02 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Extensions
[2009/11/02 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Extensions\postbox@postbox-inc.com
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (BaseCode) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{22AA42EA-508C-4b90-9BDA-836A848B6492}
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (CLPicView) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{C3A8BC35-ADF4-46c9-B81E-69BF809BF681}
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(38)
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(36)
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (firefusk) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\gmailthis@lazyrussian(35).com
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\gmailthis@lazyrussian(88).com
[2009/11/02 12:11:05 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\LogMeInClient@logmein.com
[2009/11/02 12:11:02 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\TechnicianConsole@logmeinrescue.com
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\youtube2mp3@mondayx.de
[2012/02/21 01:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions
[2010/03/30 08:54:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2012/02/21 01:31:26 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/12/30 14:00:55 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/04/01 10:34:06 | 000,000,000 | ---D | M] (BaseCode) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{22AA42EA-508C-4b90-9BDA-836A848B6492}
[2011/04/08 15:54:10 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2012/02/21 01:31:48 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/22 11:38:39 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/11/13 18:16:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/02 12:11:31 | 000,000,000 | ---D | M] (CLPicView) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{C3A8BC35-ADF4-46c9-B81E-69BF809BF681}
[2009/11/02 12:11:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(38)
[2009/11/02 12:11:30 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(36)
[2011/06/15 17:49:32 | 000,000,000 | ---D | M] (firefusk) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2012/02/21 01:31:43 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\en-CA@dictionaries.addons.mozilla.org
[2011/08/11 09:45:42 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\firebug@software.joehewitt.com
[2009/11/02 12:11:32 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian(35).com
[2009/11/02 12:11:29 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian(88).com
[2010/09/03 12:42:47 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian.com
[2011/11/13 18:16:55 | 000,000,000 | ---D | M] (Hypem.com: The Hype Machine Track Downloader) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\hypem@downloader.com
[2011/03/28 08:59:10 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\LogMeInClient@logmein.com
[2011/06/16 20:15:46 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\TechnicianConsole@logmeinrescue.com
[2011/10/01 14:21:52 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\youtube2mp3@mondayx.de
[2009/03/20 23:18:14 | 000,000,853 | ---- | M] () -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\searchplugins\delicious-tag.xml
[2008/06/19 15:00:00 | 000,001,108 | ---- | M] () -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\searchplugins\wikipedia-en.xml
[2012/02/21 01:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{22AA42EA-508C-4B90-9BDA-836A848B6492}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{C3A8BC35-ADF4-46C9-B81E-69BF809BF681}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{FCE36C1E-58D8-498A-B2A5-66AD1CEDEBBB}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{FFFE0EAC-3819-4561-8AA9-178A68450D4F}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\EN-CA@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\LOGMEINCLIENT@LOGMEIN.COM
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\TECHNICIANCONSOLE@LOGMEINRESCUE.COM
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE
[2012/02/16 06:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 00:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/02/16 02:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 02:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

O1 HOSTS File: ([2012/02/17 01:10:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - Startup: C:\Users\JCP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB444EB-F81B-4F35-8579-18C2975F41EB}: NameServer = 10.97.72.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA9B515-890D-4F69-9A27-66DB8F109C85}: DhcpNameServer = 64.71.255.198 207.181.101.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AB4E4CD-F55D-433A-9BE0-10904D6441CD}: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC87EDB3-054B-41B0-B59D-3C2597542738}: DhcpNameServer = 64.71.255.198 207.181.101.5
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 00:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/23 00:14:34 | 008,068,864 | ---- | C] (Microsoft Corporation) -- C:\Users\JCP\Desktop\mseinstall.exe
[2012/02/21 01:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/21 01:40:30 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/02/21 01:40:30 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/02/21 01:40:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/02/21 01:40:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/02/19 17:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/19 17:24:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/19 17:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/17 01:16:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/17 01:08:41 | 000,000,000 | ---D | C] -- C:\Users\JCP\AppData\Local\temp
[2012/02/16 13:21:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/16 11:28:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/16 11:28:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/16 11:28:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/16 11:28:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/16 11:27:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/16 11:19:50 | 000,000,000 | ---D | C] -- C:\found.000
[2012/02/16 11:08:13 | 004,406,022 | R--- | C] (Swearware) -- C:\Users\JCP\Desktop\ComboFix.exe
[2012/02/05 14:13:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/04 12:28:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
[2012/02/01 00:38:32 | 000,000,000 | ---D | C] -- C:\Users\JCP\Desktop\bootkit_remover
[2012/01/30 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\JCP\AppData\Roaming\Malwarebytes
[2012/01/30 21:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2012/02/23 00:21:19 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
[2012/02/23 00:15:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/23 00:15:14 | 000,666,908 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/23 00:15:14 | 000,130,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/23 00:14:40 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Users\JCP\Desktop\mseinstall.exe
[2012/02/23 00:12:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 00:12:17 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
[2012/02/23 00:12:16 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
[2012/02/23 00:12:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/22 17:22:20 | 000,017,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 17:22:20 | 000,017,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 17:15:11 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 17:14:46 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/22 17:10:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
[2012/02/21 01:40:12 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/02/21 01:40:12 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/02/21 01:40:12 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/02/21 01:40:11 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/02/21 01:40:11 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/02/21 01:30:34 | 000,001,990 | ---- | M] () -- C:\Users\JCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/21 01:30:34 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/19 21:58:37 | 000,000,499 | ---- | M] () -- C:\Users\JCP\Desktop\aswMBR3.lnk
[2012/02/19 17:24:56 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 01:10:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/16 11:08:29 | 004,406,022 | R--- | M] (Swearware) -- C:\Users\JCP\Desktop\ComboFix.exe
[2012/02/14 21:36:49 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/02/14 21:36:49 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/02/14 21:36:49 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/02/05 14:09:53 | 243,559,124 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/04 12:28:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
[2012/01/31 04:59:04 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2012/02/23 00:15:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/02/23 00:15:07 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/21 01:30:34 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/19 17:24:56 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 17:17:00 | 000,000,499 | ---- | C] () -- C:\Users\JCP\Desktop\aswMBR3.lnk
[2012/02/16 11:28:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/16 11:28:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/16 11:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/16 11:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/16 11:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/29 11:58:58 | 000,000,000 | ---- | C] () -- C:\Users\JCP\AppData\Local\{33F0A466-CC6F-431B-B10A-7CEAF8815BF0}
[2010/10/19 11:31:43 | 000,031,802 | ---- | C] () -- C:\Users\JCP\AppData\Roaming\UserTile.png
[2010/09/23 22:48:30 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/08/11 13:31:20 | 000,008,704 | ---- | C] () -- C:\Users\JCP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 22:31:10 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/17 22:31:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/08 14:51:10 | 000,322,720 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/12/25 13:51:05 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/12/19 22:32:27 | 000,000,056 | ---- | C] () -- C:\Users\JCP\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2009/12/07 15:58:14 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009/12/07 15:53:18 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/12/07 11:48:44 | 000,510,976 | ---- | C] () -- C:\Windows\System32\synsoacc.dll
[2009/11/09 17:08:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/03 09:42:56 | 000,172,032 | ---- | C] () -- C:\Windows\System32\secsnmp.dll
[2009/11/03 09:42:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssh1ml3.dll
[2009/11/02 23:10:00 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 002,252,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,666,908 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,130,602 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/01/13 11:28:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1998/10/10 23:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." >
[2012/02/16 12:01:03 | 000,000,000 | -HSD | M] -- C:\Windows\$NtUninstallKB8591$

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/02/14 21:27:59 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbt.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 17:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 04:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 04:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 04:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 21:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 17:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/06 09:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/06 09:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\ShowIconsCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --show-icons [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\HideIconsCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --hide-icons [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\ReinstallCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --make-default-browser [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\shell\open\command\\: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/06 09:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/06 09:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\ShowIconsCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --show-icons [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\HideIconsCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --hide-icons [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\ReinstallCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --make-default-browser [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\shell\open\command\\: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

#32 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 23 February 2012 - 03:52 AM

Hi Jess!

hmm.. It looks like we may still have something hiding here.

I'd like to have you delete the current copy of ComboFix from your desktop, and download a fresh copy from the link provided below.

The latest OTL log showed me that this folder appears to still be there:

[2012/02/16 12:01:03 | 000,000,000 | -HSD | M] -- C:\Windows\$NtUninstallKB8591$

This folder was related to the ZeroAccess infection, so I'm curious to see what ComboFix finds when you run it again.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

Please post the C:\ComboFix.txt for further review.
If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#33 solomonte

Member

Group: Members
Posts: 26
Joined: 20-January 12

Posted 24 February 2012 - 12:59 AM

Hi Sweet Tech,

Alright. Thanks,

Please see new CF log below.

Thanks,

Jess

ComboFix 12-02-23.02 - JCP 23/02/2012 21:43:39.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2047.1062 [GMT -8:00]
Running from: c:\users\JCP\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 05:53 . 2012-02-24 05:53 -------- d-----w- c:\users\JCP\AppData\Local\temp
2012-02-24 05:53 . 2012-02-24 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-23 08:16 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7992C10A-CCF3-4C21-90E4-1D13CE829A2B}\gapaengine.dll
2012-02-23 08:16 . 2012-02-20 09:05 6552120 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{809708A0-28C5-4109-9851-6E8374A162AF}\mpengine.dll
2012-02-23 08:15 . 2012-02-23 08:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-21 09:41 . 2012-02-21 09:41 -------- d-----w- c:\program files\Common Files\Java
2012-02-21 09:40 . 2012-02-21 09:40 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-21 09:30 . 2012-02-16 14:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-21 09:30 . 2012-02-16 14:40 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-21 09:30 . 2012-02-16 14:40 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-21 09:30 . 2012-02-16 14:40 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-21 09:30 . 2012-02-16 14:40 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-21 09:30 . 2012-02-16 14:40 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-21 09:30 . 2012-02-16 14:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-21 09:30 . 2012-02-16 10:42 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-21 09:30 . 2012-02-16 10:42 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-21 09:30 . 2012-02-16 10:42 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-21 09:30 . 2012-02-16 10:42 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-21 09:30 . 2012-02-16 10:42 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-20 01:24 . 2012-02-20 01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-20 01:24 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 19:19 . 2012-02-16 19:19 -------- d-----w- C:\found.000
2012-02-15 05:28 . 2012-02-15 05:27 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-05 22:13 . 2012-02-05 22:13 -------- d-----w- C:\_OTL
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\users\JCP\AppData\Roaming\Malwarebytes
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 09:40 . 2010-06-15 16:03 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 05:36 . 2009-11-03 06:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-15 05:36 . 2009-11-03 06:36 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-15 05:36 . 2009-11-03 06:36 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-15 05:36 . 2009-11-03 06:36 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-31 12:59 . 2009-11-02 19:19 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-16 05:44 . 2011-06-16 19:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 06:27 . 2009-11-03 06:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-16 14:40 . 2012-02-21 09:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-10 01:38 2331672 ----a-w- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"RockMelt Update"="c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-02-23 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 130560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\JCP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-11-2 25214]
MOTU Pedal Handler.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2009-11-20 188712]
VPN Client.lnk - c:\windows\Installer\{5EF5F1C4-DA0C-406C-A0DE-70A5216B773C}\Icon3E5562ED7.ico [2009-11-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 44432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [2009-11-20 26160]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [2009-11-20 69680]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2009-11-20 464944]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-29 17408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 57800]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2009-11-18 38976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-02-15 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 131584]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [2009-11-20 23600]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-24 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
2012-02-24 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmeinrescue.com/CA-EN/TechConsole/Console.aspx
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: logmeinrescue.com\secure
TCP: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
TCP: Interfaces\{2EB444EB-F81B-4F35-8579-18C2975F41EB}: NameServer = 10.97.72.1
FF - ProfilePath - c:\users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-23 21:55:36
ComboFix-quarantined-files.txt 2012-02-24 05:55
ComboFix2.txt 2012-02-17 09:17
ComboFix3.txt 2012-02-16 21:21
.
Pre-Run: 140,425,252,864 bytes free
Post-Run: 140,383,588,352 bytes free
.
- - End Of File - - 2C1D2DCC0ED748D0424F293ADB24A7DA

#34 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 24 February 2012 - 02:43 AM

Hi Jess,

Please run this script with ComboFix:

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
DirLook::
C:\Windows\$NtUninstallKB8591$
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

#35 solomonte

Member

Group: Members
Posts: 26
Joined: 20-January 12

Posted 24 February 2012 - 04:36 AM

Hi Sweet Tech,

Alright. Windows Update still not running (same error code)

CF log below.

Thanks,

Jess

ComboFix 12-02-23.02 - JCP 24/02/2012 1:09.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2047.982 [GMT -8:00]
Running from: c:\users\JCP\Desktop\ComboFix.exe
Command switches used :: c:\users\JCP\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 09:18 . 2012-02-24 09:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 05:57 . 2012-02-20 09:05 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{189BD7BF-DEBE-4E11-A990-8944864521BE}\mpengine.dll
2012-02-24 05:55 . 2012-02-24 09:20 -------- d-----w- c:\users\JCP\AppData\Local\temp
2012-02-23 08:16 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7992C10A-CCF3-4C21-90E4-1D13CE829A2B}\gapaengine.dll
2012-02-23 08:15 . 2012-02-23 08:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-21 09:41 . 2012-02-21 09:41 -------- d-----w- c:\program files\Common Files\Java
2012-02-21 09:40 . 2012-02-21 09:40 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-21 09:30 . 2012-02-16 14:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-21 09:30 . 2012-02-16 14:40 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-21 09:30 . 2012-02-16 14:40 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-21 09:30 . 2012-02-16 14:40 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-21 09:30 . 2012-02-16 14:40 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-21 09:30 . 2012-02-16 14:40 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-21 09:30 . 2012-02-16 14:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-21 09:30 . 2012-02-16 10:42 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-21 09:30 . 2012-02-16 10:42 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-21 09:30 . 2012-02-16 10:42 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-21 09:30 . 2012-02-16 10:42 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-21 09:30 . 2012-02-16 10:42 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-20 01:24 . 2012-02-20 01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-20 01:24 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 19:19 . 2012-02-16 19:19 -------- d-----w- C:\found.000
2012-02-15 05:28 . 2012-02-15 05:27 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-05 22:13 . 2012-02-05 22:13 -------- d-----w- C:\_OTL
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\users\JCP\AppData\Roaming\Malwarebytes
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 09:40 . 2010-06-15 16:03 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 05:36 . 2009-11-03 06:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-15 05:36 . 2009-11-03 06:36 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-15 05:36 . 2009-11-03 06:36 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-15 05:36 . 2009-11-03 06:36 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-31 12:59 . 2009-11-02 19:19 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-16 05:44 . 2011-06-16 19:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 06:27 . 2009-11-03 06:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-16 14:40 . 2012-02-21 09:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\$NtUninstallKB8591$ ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-10 01:38 2331672 ----a-w- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"RockMelt Update"="c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-02-23 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 130560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\JCP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-11-2 25214]
MOTU Pedal Handler.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2009-11-20 188712]
VPN Client.lnk - c:\windows\Installer\{5EF5F1C4-DA0C-406C-A0DE-70A5216B773C}\Icon3E5562ED7.ico [2009-11-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 44432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [2009-11-20 26160]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [2009-11-20 69680]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2009-11-20 464944]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-29 17408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 57800]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2009-11-18 38976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-02-15 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 131584]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [2009-11-20 23600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-24 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
2012-02-24 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmeinrescue.com/CA-EN/TechConsole/Console.aspx
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: logmeinrescue.com\secure
TCP: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
TCP: Interfaces\{2EB444EB-F81B-4F35-8579-18C2975F41EB}: NameServer = 10.97.72.1
FF - ProfilePath - c:\users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5376)
c:\users\JCP\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-02-24 01:27:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 09:27
ComboFix2.txt 2012-02-24 05:55
ComboFix3.txt 2012-02-17 09:17
ComboFix4.txt 2012-02-16 21:21
.
Pre-Run: 140,162,580,480 bytes free
Post-Run: 139,876,323,328 bytes free
.
- - End Of File - - 85187A364FFCE22C594509719DE72B57

#36 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 24 February 2012 - 08:46 AM

Hi Jess!

Please run this ComboFix script:

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

KillAll::
Folder::
C:\Windows\$NtUninstallKB8591$

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Then please try downloading and running this Microsoft FixIt to see if it fixes the Windows Update issue.

http://support.microsoft.com/kb/971058

#37 solomonte

Member

Group: Members
Posts: 26
Joined: 20-January 12

Posted 24 February 2012 - 01:03 PM

Hi Sweet Tech,

Windows fixit on Windows Update. It seemed to detect issues and "fixit"them, however Windows Update idstill not running (same error code.

The CF log is below.

Thanks,

Jess

ComboFix 12-02-23.02 - JCP 24/02/2012 9:06.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2047.1037 [GMT -8:00]
Running from: c:\users\JCP\Desktop\ComboFix.exe
Command switches used :: c:\users\JCP\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB8591$
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 17:16 . 2012-02-24 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 09:35 . 2012-02-20 09:05 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A21D6AF-8964-4C2E-9F86-8C79442FC867}\mpengine.dll
2012-02-24 05:55 . 2012-02-24 17:24 -------- d-----w- c:\users\JCP\AppData\Local\temp
2012-02-23 08:16 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7992C10A-CCF3-4C21-90E4-1D13CE829A2B}\gapaengine.dll
2012-02-23 08:15 . 2012-02-23 08:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-21 09:41 . 2012-02-21 09:41 -------- d-----w- c:\program files\Common Files\Java
2012-02-21 09:40 . 2012-02-21 09:40 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-21 09:30 . 2012-02-16 14:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-21 09:30 . 2012-02-16 14:40 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-21 09:30 . 2012-02-16 14:40 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-21 09:30 . 2012-02-16 14:40 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-21 09:30 . 2012-02-16 14:40 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-21 09:30 . 2012-02-16 14:40 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-21 09:30 . 2012-02-16 14:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-21 09:30 . 2012-02-16 10:42 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-21 09:30 . 2012-02-16 10:42 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-21 09:30 . 2012-02-16 10:42 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-21 09:30 . 2012-02-16 10:42 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-21 09:30 . 2012-02-16 10:42 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-20 01:24 . 2012-02-20 01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-20 01:24 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 19:19 . 2012-02-16 19:19 -------- d-----w- C:\found.000
2012-02-15 05:28 . 2012-02-15 05:27 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-05 22:13 . 2012-02-05 22:13 -------- d-----w- C:\_OTL
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\users\JCP\AppData\Roaming\Malwarebytes
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 09:40 . 2010-06-15 16:03 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 05:36 . 2009-11-03 06:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-15 05:36 . 2009-11-03 06:36 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-15 05:36 . 2009-11-03 06:36 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-15 05:36 . 2009-11-03 06:36 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-31 12:59 . 2009-11-02 19:19 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-16 05:44 . 2011-06-16 19:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 06:27 . 2009-11-03 06:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-16 14:40 . 2012-02-21 09:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-10 01:38 2331672 ----a-w- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"RockMelt Update"="c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-02-23 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 130560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\JCP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-11-2 25214]
MOTU Pedal Handler.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2009-11-20 188712]
VPN Client.lnk - c:\windows\Installer\{5EF5F1C4-DA0C-406C-A0DE-70A5216B773C}\Icon3E5562ED7.ico [2009-11-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 44432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [2009-11-20 26160]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [2009-11-20 69680]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2009-11-20 464944]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-29 17408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 57800]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2009-11-18 38976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-02-15 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 131584]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [2009-11-20 23600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-24 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
2012-02-24 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmeinrescue.com/CA-EN/TechConsole/Console.aspx
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: logmeinrescue.com\secure
TCP: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
TCP: Interfaces\{2EB444EB-F81B-4F35-8579-18C2975F41EB}: NameServer = 10.97.72.1
FF - ProfilePath - c:\users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4492)
c:\users\JCP\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\RICHED20.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\windows\system32\FXSAPI.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-02-24 09:27:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 17:27
ComboFix2.txt 2012-02-24 09:27
ComboFix3.txt 2012-02-24 05:55
ComboFix4.txt 2012-02-17 09:17
ComboFix5.txt 2012-02-24 17:05
.
Pre-Run: 139,925,331,968 bytes free
Post-Run: 139,839,426,560 bytes free
.
- - End Of File - - CADC51014C01FDD2C149982DDE60440E

#38 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 25 February 2012 - 09:04 AM

Hi Jess!

Please try this:

Windows Repair Tool No Internet

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image

On the start repairs tab select advanced mode and click start
Posted Image

Select the items ticked (remove the ticks from the rest ) and tick restart system when finished
Posted Image

#39 solomonte

Member

Group: Members
Posts: 26
Joined: 20-January 12

Posted 26 February 2012 - 12:14 AM

Hi Sweet Tech,

Alright, that fix seems like it ran correctly - Windows Update is as usual now.

Really appreciate it!

Let me know if theres any other wrap-up steps.

Thanks,

Jess

#40 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 26 February 2012 - 02:48 AM

Hi Jess!

Great glad to hear that running through those steps worked.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#41 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 March 2012 - 03:18 AM

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.