BleepingComputer.com: NEW TDL Rootkit - reports not running - by request of Broni

Hi Jess!

Thanks for posting that log!

The 3rd partition appears to be the partition that the infection created and installed itself onto. Since parted can read your drive just fine, please run the following command to disable the malicious partition and reenable your windows partition as booting partition: parted /dev/sda set 2 boot on

Reboot your computer and let me know how things are running.

Try to run a scan with aswMBR and see if you can run that successfully. Also let me know if that solves the issues you are experiencing.

If it is, then we'll proceed with the next step of the removal process for that malicious partition.

Let me know.

ST.

This post has been edited by SweetTech: 10 February 2012 - 04:02 AM

Hi Sweet Tech,

Did you mean run that command in Terminal in XPUD or in Windows on the sick PC?

I ran it in XPUD and it gave the following prompt:

Information: You may need to update /etc/fscab

Now when I go to boot the sick PC into windows, it now just is blank screen with: BOOTMGR is missing press Ctrl+Alt+Del to restart.

Please advise when you have a moment.

Thanks,

Jess

Hi Sweet Tech,

**UPDATE**

I ran the command in XPUD again, but with the syntax:

parted /dev/sda set 1 boot on since I figured that might reset the boot mgr to the correct partition.

Was romted to run startup repair, but it just runs indefinitely. Windows is still not booting... please advise.

Though I'm reasonably competent with Windows, any detailed instructions would probably help to avoid confusion ;) especially with linux command-line!

Appreciate your patience and help on this.

Thanks,

Jess

Hi Sweet Tech,

** UPDATE 2 **

So after almost an hour of startup repair, booted the sick PC into Windows again!

I am now able to run aswMBR.exe finally.

The scan indicated rootkit Alureon-K yikes.

Please see log below.

Thanks,

Jess



aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-14 21:49:59
-----------------------------
21:49:59.102 OS Version: Windows 6.1.7601 Service Pack 1
21:49:59.102 Number of processors: 2 586 0x6802
21:49:59.118 ComputerName: JCP-PC UserName: JCP
21:50:06.044 Initialize success
21:51:34.377 AVAST engine defs: 12021401
21:52:53.751 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
21:52:53.751 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3
21:52:54.094 Disk 0 MBR read successfully
21:52:54.094 Disk 0 MBR scan
21:52:54.110 Disk 0 Windows 7 default MBR code
21:52:54.344 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:52:54.390 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
21:52:54.640 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 976771072
21:52:54.718 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
21:52:54.983 Disk 0 scanning sectors +976773152
21:52:55.779 Disk 0 scanning C:\Windows\system32\drivers
21:53:55.870 Service scanning
21:53:57.555 Modules scanning
21:54:05.838 Disk 0 trace - called modules:
21:54:05.870 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:54:05.885 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a68030]
21:54:05.885 3 CLASSPNP.SYS[891cd59e] -> nt!IofCallDriver -> [0x8560b918]
21:54:05.901 5 ACPI.sys[88bb13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x855fd030]
21:54:08.537 AVAST engine scan C:\Windows
21:54:12.765 AVAST engine scan C:\Windows\system32
21:58:42.745 AVAST engine scan C:\Windows\system32\drivers
21:59:02.063 AVAST engine scan C:\Users\JCP
22:41:24.317 AVAST engine scan C:\ProgramData
22:44:08.104 Scan finished successfully
22:45:16.386 Disk 0 MBR has been saved successfully to "C:\Users\JCP\Desktop\MBR.dat"
22:45:16.386 The log file has been saved successfully to "C:\Users\JCP\Desktop\aswMBR.txt"

Hi Jess!

Sorry to hear you experienced issues when you ran those instructions.

But I'm glad to hear that you were able to figure it out and get yourself booted up again.

It looks like the first partition maybe your boot manager partition. Which is why you experienced issues trying to boot after I gave you that command to run.

Thanks for posting that aswMBR log file for me as well.

-------

What we need to do now is remove that malicious partition. We will need to boot back up into xPUD to accomplish this.

I apologize for my previous instructions not being detailed enough for you. Please try these instructions below, if they're not detailed enough, let me know and I'll provide more detailed instructions for you.

You're going to want to boot back up into xPUD again.

In xPUD please press Tool at the top. Click on: Open Terminal

You'll want to type this bolded command in followed by ENTER: parted /dev/sda rm 3

After you enter that command, please exit out of xPUD and boot back up normally.

Then do me a favor and run a new scan with aswMBR and post that for me to review, and then run this scan below:


-------

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.

• Please post the C:\ComboFix.txt for further review.
  
  
• If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Hi Sweet Tech,

Alright, followed the steps as mentioned.

When I ran combofix it rebooted a few cycles and there were some warnings about rootkits, after which it continued.

Please see aswMBR2 log and Combofix logs below.

Thanks,

Jess



aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-15 20:39:07
-----------------------------
20:39:07.177 OS Version: Windows 6.1.7601 Service Pack 1
20:39:07.177 Number of processors: 2 586 0x6802
20:39:07.179 ComputerName: JCP-PC UserName: JCP
20:39:09.712 Initialize success
20:39:18.651 AVAST engine defs: 12021401
20:39:26.826 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
20:39:26.826 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3
20:39:26.888 Disk 0 MBR read successfully
20:39:26.888 Disk 0 MBR scan
20:39:26.904 Disk 0 Windows 7 default MBR code
20:39:26.919 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:39:26.966 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
20:39:26.997 Disk 0 scanning sectors +976771072
20:39:27.138 Disk 0 scanning C:\Windows\system32\drivers
20:40:07.183 Service scanning
20:40:17.479 Modules scanning
20:40:47.166 Disk 0 trace - called modules:
20:40:47.212 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:40:47.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a68aa0]
20:40:47.228 3 CLASSPNP.SYS[891bf59e] -> nt!IofCallDriver -> [0x855f4918]
20:40:47.244 5 ACPI.sys[88bb13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x855fd030]
20:40:48.476 AVAST engine scan C:\Windows
20:40:57.820 AVAST engine scan C:\Windows\system32
20:46:18.642 AVAST engine scan C:\Windows\system32\drivers
20:46:48.953 AVAST engine scan C:\Users\JCP
21:31:47.098 AVAST engine scan C:\ProgramData
21:34:30.759 Scan finished successfully
11:06:04.741 Disk 0 MBR has been saved successfully to "C:\Users\JCP\Desktop\MBR.dat"
11:06:04.757 The log file has been saved successfully to "C:\Users\JCP\Desktop\aswMBR2.txt"


ComboFix 12-02-16.02 - JCP 16/02/2012 12:37:19.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2047.1437 [GMT -8:00]
Running from: c:\users\JCP\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Hotspot Shield\hssie\HsSIe.dll
c:\users\JCP\g2mdlhlpx.exe
c:\windows\$NtUninstallKB8591$\2434248856\@
c:\windows\$NtUninstallKB8591$\2434248856\bckfg.tmp
c:\windows\$NtUninstallKB8591$\2434248856\cfg.ini
c:\windows\$NtUninstallKB8591$\2434248856\Desktop.ini
c:\windows\$NtUninstallKB8591$\2434248856\keywords
c:\windows\$NtUninstallKB8591$\2434248856\kwrd.dll
c:\windows\$NtUninstallKB8591$\2434248856\L\xadqgnnk
c:\windows\$NtUninstallKB8591$\2434248856\U\00000001.@
c:\windows\$NtUninstallKB8591$\2434248856\U\00000002.@
c:\windows\$NtUninstallKB8591$\2434248856\U\00000004.@
c:\windows\$NtUninstallKB8591$\2434248856\U\80000000.@
c:\windows\$NtUninstallKB8591$\2434248856\U\80000004.@
c:\windows\$NtUninstallKB8591$\2434248856\U\80000032.@
c:\windows\$NtUninstallKB8591$\2434248856\version
c:\windows\$NtUninstallKB8591$\416550403
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 20:47 . 2012-02-16 21:17 -------- d-----w- c:\users\JCP\AppData\Local\temp
2012-02-16 20:47 . 2012-02-16 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 19:19 . 2012-02-16 19:19 -------- d-----w- C:\found.000
2012-02-15 05:28 . 2012-02-15 05:27 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-05 22:13 . 2012-02-05 22:13 -------- d-----w- C:\_OTL
2012-02-02 18:40 . 2012-02-02 18:40 100864 ----a-w- C:\uwldypow.sys
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\users\JCP\AppData\Roaming\Malwarebytes
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\programdata\Malwarebytes
2012-01-20 17:43 . 2012-01-20 17:43 -------- d-----w- c:\users\JCP\AppData\Roaming\AVG2012
2012-01-20 17:43 . 2012-02-16 19:22 -------- d-----w- c:\programdata\AVG2012
2012-01-20 08:49 . 2012-01-20 08:49 -------- d-----w- c:\program files\ESET
2012-01-19 23:39 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-19 23:39 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-19 23:39 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-19 23:39 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-19 23:39 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-19 23:39 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-19 23:39 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-19 23:39 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-19 23:39 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-19 23:39 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-16 05:44 . 2011-06-16 19:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 06:27 . 2009-11-03 06:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-10 06:27 . 2009-11-03 06:36 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-01-10 06:27 . 2009-11-03 06:36 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-10 06:27 . 2009-11-03 06:36 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-24 04:25 . 2012-01-16 05:23 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:01 . 2012-01-16 05:23 67072 ----a-w- c:\windows\system32\packager.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-10 01:38 2331672 ----a-w- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"RockMelt Update"="c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-02-23 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 130560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\JCP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-11-2 25214]
MOTU Pedal Handler.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2009-11-20 188712]
VPN Client.lnk - c:\windows\Installer\{5EF5F1C4-DA0C-406C-A0DE-70A5216B773C}\Icon3E5562ED7.ico [2009-11-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 44432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [2009-11-20 26160]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [2009-11-20 69680]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2009-11-20 464944]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-29 17408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 57800]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2009-11-18 38976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-01-10 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 131584]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [2009-11-20 23600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-16 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
2012-02-16 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmeinrescue.com/CA-EN/TechConsole/Console.aspx
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: logmeinrescue.com\secure
TCP: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
TCP: Interfaces\{2EB444EB-F81B-4F35-8579-18C2975F41EB}: NameServer = 10.97.72.1
FF - ProfilePath - c:\users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: firefusk: {fffe0eac-3819-4561-8aa9-178a68450d4f} - %profile%\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Email This! Bookmarklet Extension: gmailthis@lazyrussian.com - %profile%\extensions\gmailthis@lazyrussian.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Craigslist Image Prefetcher: CLIP@chris.synan - %profile%\extensions\CLIP@chris.synan
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: BaseCode: {22AA42EA-508C-4b90-9BDA-836A848B6492} - %profile%\extensions\{22AA42EA-508C-4b90-9BDA-836A848B6492}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Hypem.com: The Hype Machine Track Downloader: hypem@downloader.com - %profile%\extensions\hypem@downloader.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5120)
c:\users\JCP\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-02-16 13:21:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 21:21
.
Pre-Run: 135,324,942,336 bytes free
Post-Run: 136,454,078,464 bytes free
.
- - End Of File - - 98387B859E4921DFF7FD558369BDA759

Hi Jess!

Quote

Okay, thanks for that information. It looks like ComboFix removed some things.

How are things running?


ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
FileLook::
c:\windows\system32\drivers\netbt.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you.
  
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



I would also like to see a list of files quarantined by ComboFix, so please do this:
Press the Windows key + R.

This should launch the Run Dialog box. Copy/Paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A text file should open. Post the contents of that file in your next reply.

Hi Sweet Tech,

The sick PC appears to be running more smoothly now. I can launch Firefox and IE normally with no redirects, etc .

Not getting any virus warnings, but that may be due to uninstalling AVG prior to running Combofix!

The latest Combofix log is below, followed by the quarantine list.

Thanks,

Jess



ComboFix 12-02-16.02 - JCP 17/02/2012 0:58.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2047.1164 [GMT -8:00]
Running from: c:\users\JCP\Desktop\ComboFix.exe
Command switches used :: c:\users\JCP\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x64\racodec.ax
c:\windows\Downloaded Program Files\x86
c:\windows\Downloaded Program Files\x86\racodec.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 09:08 . 2012-02-17 09:11 -------- d-----w- c:\users\JCP\AppData\Local\temp
2012-02-17 09:08 . 2012-02-17 09:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 19:19 . 2012-02-16 19:19 -------- d-----w- C:\found.000
2012-02-15 05:28 . 2012-02-15 05:27 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-05 22:13 . 2012-02-05 22:13 -------- d-----w- C:\_OTL
2012-02-02 18:40 . 2012-02-02 18:40 100864 ----a-w- C:\uwldypow.sys
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\users\JCP\AppData\Roaming\Malwarebytes
2012-01-31 05:24 . 2012-01-31 05:24 -------- d-----w- c:\programdata\Malwarebytes
2012-01-20 17:43 . 2012-01-20 17:43 -------- d-----w- c:\users\JCP\AppData\Roaming\AVG2012
2012-01-20 17:43 . 2012-02-16 19:22 -------- d-----w- c:\programdata\AVG2012
2012-01-20 08:49 . 2012-01-20 08:49 -------- d-----w- c:\program files\ESET
2012-01-19 23:39 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-19 23:39 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-19 23:39 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-19 23:39 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-19 23:39 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-19 23:39 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-19 23:39 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-19 23:39 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-19 23:39 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-19 23:39 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-16 05:44 . 2011-06-16 19:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 06:27 . 2009-11-03 06:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-10 06:27 . 2009-11-03 06:36 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-01-10 06:27 . 2009-11-03 06:36 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-10 06:27 . 2009-11-03 06:36 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-24 04:25 . 2012-01-16 05:23 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:01 . 2012-01-16 05:23 67072 ----a-w- c:\windows\system32\packager.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\netbt.sys ---
Company: Microsoft Corporation
File Description: MBT Transport driver
File Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: netbt.sys
File size: 187904
Created time: 2012-02-15 05:28
Modified time: 2012-02-15 05:27
MD5: 280122DDCF04B378EDD1AD54D71C1E54
SHA1: F22268875219C96100635C87F96D89C52B9B5E98
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-10 01:38 2331672 ----a-w- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"RockMelt Update"="c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-02-23 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 130560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\JCP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-11-2 25214]
MOTU Pedal Handler.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2009-11-20 188712]
VPN Client.lnk - c:\windows\Installer\{5EF5F1C4-DA0C-406C-A0DE-70A5216B773C}\Icon3E5562ED7.ico [2009-11-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 44432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [2009-11-20 26160]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [2009-11-20 69680]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2009-11-20 464944]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-29 17408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 57800]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2009-11-18 38976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-01-10 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 131584]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [2009-11-20 23600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 00:48]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 22:20]
.
2012-02-17 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
2012-02-17 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
- c:\users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-23 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmeinrescue.com/CA-EN/TechConsole/Console.aspx
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: logmeinrescue.com\secure
TCP: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
TCP: Interfaces\{2EB444EB-F81B-4F35-8579-18C2975F41EB}: NameServer = 10.97.72.1
FF - ProfilePath - c:\users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: firefusk: {fffe0eac-3819-4561-8aa9-178a68450d4f} - %profile%\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Email This! Bookmarklet Extension: gmailthis@lazyrussian.com - %profile%\extensions\gmailthis@lazyrussian.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Craigslist Image Prefetcher: CLIP@chris.synan - %profile%\extensions\CLIP@chris.synan
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: BaseCode: {22AA42EA-508C-4b90-9BDA-836A848B6492} - %profile%\extensions\{22AA42EA-508C-4b90-9BDA-836A848B6492}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Hypem.com: The Hype Machine Track Downloader: hypem@downloader.com - %profile%\extensions\hypem@downloader.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1996)
c:\users\JCP\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\JCP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-02-17 01:17:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 09:17
ComboFix2.txt 2012-02-16 21:21
.
Pre-Run: 136,539,308,032 bytes free
Post-Run: 136,275,935,232 bytes free
.
- - End Of File - - E8D2036C5B1BD0BC8F7CC1A12D90949F


Combofix Quarantined files:


2012-02-17 08:57:56 . 2012-02-17 08:57:56 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-02-16 21:19:43 . 2012-02-16 21:19:43 169 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-MacDrive volume icons.reg.dat
2012-02-16 20:43:32 . 2012-02-17 09:04:21 17,457 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-02-16 19:28:22 . 2012-02-17 08:57:56 175 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-02-02 09:39:15 . 2012-02-02 18:39:34 2,048 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\U\00000001.@.vir
2012-01-31 05:20:54 . 2012-02-05 22:10:03 858 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\version.vir
2012-01-29 00:09:53 . 2012-01-31 05:13:30 73,216 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\U\80000032.@.vir
2012-01-20 08:38:41 . 2012-01-20 08:38:41 0 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\keywords.vir
2012-01-20 03:48:34 . 2012-01-31 04:57:36 223,744 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\kwrd.dll.vir
2012-01-20 03:48:34 . 2012-01-31 05:13:28 858 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\bckfg.tmp.vir
2012-01-20 03:48:28 . 2012-01-20 03:48:28 2,048 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\@.vir
2012-01-20 03:48:28 . 2012-02-15 05:06:06 217 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\cfg.ini.vir
2012-01-20 03:48:28 . 2012-01-20 03:48:28 187,904 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\L\xadqgnnk.vir
2012-01-20 03:48:28 . 2012-02-15 05:05:42 4,608 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\Desktop.ini.vir
2012-01-20 03:48:27 . 2012-01-20 03:48:27 0 -c--a-we C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\416550403.vir
2012-01-05 11:32:16 . 2012-01-20 03:48:32 11,264 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\U\80000000.@.vir
2011-12-02 12:07:49 . 2012-01-20 03:48:34 224,768 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\U\00000002.@.vir
2011-11-29 13:10:08 . 2012-01-20 03:48:32 12,800 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\U\80000004.@.vir
2011-11-02 17:48:14 . 2012-01-20 03:48:32 1,024 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB8591$\2434248856\U\00000004.@.vir
2010-06-14 20:14:00 . 2010-06-14 20:14:00 72,080 ----a-w- C:\Qoobox\Quarantine\C\Users\JCP\g2mdlhlpx.exe.vir
2010-03-04 00:58:19 . 2010-03-04 00:58:19 220,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Hotspot Shield\hssie\HsSIe.dll.vir
2010-02-07 18:49:52 . 2011-02-04 17:30:47 515,456 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\x64\racodec.ax.vir
2010-02-07 18:49:52 . 2011-02-04 17:30:47 341,376 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\x86\racodec.ax.vir
2007-11-07 15:03:18 . 2007-11-07 15:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

Hi Jess!

Great! Glad to hear that things are working better!

Please delete your current copy of aswMBR & TDSSKiller and download fresh copies from the links below.

Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply





NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
  
• Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Check
  
• Make sure that the option "Remove found threats" is Unchecked
  
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
  
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NEXT:



Please make sure you include the following items in your next post:

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Hi Sweet Tech,

Alright, followed instructions - all went smoothly, except when I ran TDSS it did find threats but gave no option to reboot - just exit.

The sick PC seems to be running fine currently.

Please find logs below.

Thanks,

Jess


ASWmbr Log


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 15:37:02
-----------------------------
15:37:02.779 OS Version: Windows 6.1.7601 Service Pack 1
15:37:02.779 Number of processors: 2 586 0x6802
15:37:02.779 ComputerName: JCP-PC UserName: JCP
15:37:04.089 Initialize success
15:40:06.743 AVAST engine defs: 12021901
15:40:28.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:40:28.505 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3
15:40:28.520 Disk 0 MBR read successfully
15:40:28.520 Disk 0 MBR scan
15:40:28.536 Disk 0 Windows 7 default MBR code
15:40:28.551 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:40:28.551 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
15:40:28.567 Disk 0 scanning sectors +976771072
15:40:28.661 Disk 0 scanning C:\Windows\system32\drivers
15:40:44.697 Service scanning
15:41:11.935 Modules scanning
15:41:22.746 Disk 0 trace - called modules:
15:41:22.777 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys amdk8.sys ndis.sys bcmwl6.sys nvm62x32.sys
15:41:22.777 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a69030]
15:41:22.793 3 CLASSPNP.SYS[891d559e] -> nt!IofCallDriver -> [0x8560c918]
15:41:22.793 5 ACPI.sys[88c0d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x855ad318]
15:41:24.009 AVAST engine scan C:\Windows
15:41:27.956 AVAST engine scan C:\Windows\system32
15:44:58.017 AVAST engine scan C:\Windows\system32\drivers
15:45:16.738 AVAST engine scan C:\Users\JCP
16:20:17.044 AVAST engine scan C:\ProgramData
16:22:37.555 Scan finished successfully
17:17:00.094 Disk 0 MBR has been saved successfully to "C:\Users\JCP\Desktop\MBR.dat"
17:17:00.094 The log file has been saved successfully to "C:\Users\JCP\Desktop\aswMBR3.txt"

TDSS Killer Log


17:21:08.0103 2940 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
17:21:08.0633 2940 ============================================================
17:21:08.0633 2940 Current date / time: 2012/02/19 17:21:08.0633
17:21:08.0633 2940 SystemInfo:
17:21:08.0633 2940
17:21:08.0633 2940 OS Version: 6.1.7601 ServicePack: 1.0
17:21:08.0633 2940 Product type: Workstation
17:21:08.0633 2940 ComputerName: JCP-PC
17:21:08.0633 2940 UserName: JCP
17:21:08.0633 2940 Windows directory: C:\Windows
17:21:08.0633 2940 System windows directory: C:\Windows
17:21:08.0633 2940 Processor architecture: Intel x86
17:21:08.0633 2940 Number of processors: 2
17:21:08.0633 2940 Page size: 0x1000
17:21:08.0633 2940 Boot type: Normal boot
17:21:08.0633 2940 ============================================================
17:21:09.0788 2940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:21:09.0788 2940 \Device\Harddisk0\DR0:
17:21:09.0803 2940 MBR used
17:21:09.0803 2940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:21:09.0803 2940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:21:09.0866 2940 Initialize success
17:21:09.0866 2940 ============================================================
17:21:18.0087 3536 ============================================================
17:21:18.0087 3536 Scan started
17:21:18.0087 3536 Mode: Manual; SigCheck; TDLFS;
17:21:18.0087 3536 ============================================================
17:21:18.0773 3536 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:21:18.0820 3536 1394ohci - ok
17:21:18.0883 3536 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:21:18.0914 3536 ACPI - ok
17:21:18.0976 3536 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:21:19.0007 3536 AcpiPmi - ok
17:21:19.0054 3536 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:19.0085 3536 adp94xx - ok
17:21:19.0101 3536 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:21:19.0117 3536 adpahci - ok
17:21:19.0148 3536 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:21:19.0163 3536 adpu320 - ok
17:21:19.0241 3536 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:21:19.0257 3536 AFD - ok
17:21:19.0304 3536 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:21:19.0304 3536 agp440 - ok
17:21:19.0335 3536 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:21:19.0351 3536 aic78xx - ok
17:21:19.0507 3536 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:21:19.0538 3536 aliide - ok
17:21:19.0600 3536 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:21:19.0616 3536 amdagp - ok
17:21:19.0631 3536 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:21:19.0631 3536 amdide - ok
17:21:19.0663 3536 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:21:19.0678 3536 AmdK8 - ok
17:21:19.0709 3536 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:21:19.0709 3536 AmdPPM - ok
17:21:19.0772 3536 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:21:19.0787 3536 amdsata - ok
17:21:19.0819 3536 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:19.0834 3536 amdsbs - ok
17:21:19.0881 3536 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:21:19.0881 3536 amdxata - ok
17:21:19.0943 3536 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:21:19.0975 3536 AppID - ok
17:21:20.0021 3536 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:21:20.0037 3536 arc - ok
17:21:20.0053 3536 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:21:20.0068 3536 arcsas - ok
17:21:20.0115 3536 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:20.0146 3536 AsyncMac - ok
17:21:20.0209 3536 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:21:20.0224 3536 atapi - ok
17:21:20.0302 3536 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:21:20.0333 3536 b06bdrv - ok
17:21:20.0380 3536 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:21:20.0396 3536 b57nd60x - ok
17:21:20.0474 3536 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:21:20.0536 3536 BCM43XX - ok
17:21:20.0567 3536 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:21:20.0583 3536 Beep - ok
17:21:20.0630 3536 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:20.0645 3536 blbdrive - ok
17:21:20.0723 3536 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:21:20.0739 3536 bowser - ok
17:21:20.0755 3536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:20.0770 3536 BrFiltLo - ok
17:21:20.0786 3536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:20.0801 3536 BrFiltUp - ok
17:21:20.0833 3536 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:21:20.0911 3536 BridgeMP - ok
17:21:20.0942 3536 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:21:20.0957 3536 Brserid - ok
17:21:20.0989 3536 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:21.0004 3536 BrSerWdm - ok
17:21:21.0020 3536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:21.0035 3536 BrUsbMdm - ok
17:21:21.0051 3536 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:21:21.0067 3536 BrUsbSer - ok
17:21:21.0129 3536 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
17:21:21.0145 3536 BthEnum - ok
17:21:21.0160 3536 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:21.0176 3536 BTHMODEM - ok
17:21:21.0223 3536 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
17:21:21.0238 3536 BthPan - ok
17:21:21.0332 3536 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
17:21:21.0379 3536 BTHPORT - ok
17:21:21.0410 3536 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
17:21:21.0425 3536 BTHUSB - ok
17:21:21.0488 3536 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
17:21:21.0488 3536 btusbflt - ok
17:21:21.0550 3536 catchme - ok
17:21:21.0613 3536 CBDisk (93c568904e116607df2389907a9d8899) C:\Windows\system32\drivers\CBDisk.sys
17:21:21.0613 3536 CBDisk - ok
17:21:21.0644 3536 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:21:21.0675 3536 cdfs - ok
17:21:21.0737 3536 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
17:21:21.0784 3536 cdrom - ok
17:21:21.0815 3536 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:21:21.0831 3536 circlass - ok
17:21:21.0878 3536 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:21:21.0893 3536 CLFS - ok
17:21:21.0940 3536 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:21.0956 3536 CmBatt - ok
17:21:22.0003 3536 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:21:22.0018 3536 cmdide - ok
17:21:22.0065 3536 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:21:22.0096 3536 CNG - ok
17:21:22.0143 3536 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
17:21:22.0143 3536 CnxtHdAudService - ok
17:21:22.0190 3536 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:21:22.0190 3536 Compbatt - ok
17:21:22.0252 3536 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:21:22.0268 3536 CompositeBus - ok
17:21:22.0299 3536 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:22.0299 3536 crcdisk - ok
17:21:22.0377 3536 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
17:21:22.0393 3536 CVirtA - ok
17:21:22.0486 3536 CVPNDRVA (f4a38e478d71cf609b9a11c46bf1cafe) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:21:22.0486 3536 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
17:21:22.0486 3536 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
17:21:22.0549 3536 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\Windows\system32\DRIVERS\dc3d.sys
17:21:22.0564 3536 dc3d - ok
17:21:22.0627 3536 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:21:22.0642 3536 DfsC - ok
17:21:22.0673 3536 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:21:22.0705 3536 discache - ok
17:21:22.0720 3536 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:21:22.0736 3536 Disk - ok
17:21:22.0798 3536 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
17:21:22.0829 3536 DNE - ok
17:21:22.0876 3536 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:21:22.0907 3536 drmkaud - ok
17:21:22.0970 3536 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:21:22.0985 3536 DXGKrnl - ok
17:21:23.0079 3536 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:21:23.0126 3536 ebdrv - ok
17:21:23.0235 3536 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:21:23.0235 3536 ElbyCDIO - ok
17:21:23.0266 3536 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:21:23.0282 3536 elxstor - ok
17:21:23.0329 3536 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:21:23.0344 3536 ErrDev - ok
17:21:23.0391 3536 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:21:23.0422 3536 exfat - ok
17:21:23.0438 3536 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:21:23.0469 3536 fastfat - ok
17:21:23.0485 3536 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:21:23.0500 3536 fdc - ok
17:21:23.0531 3536 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:21:23.0531 3536 FileInfo - ok
17:21:23.0563 3536 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:21:23.0578 3536 Filetrace - ok
17:21:23.0609 3536 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:23.0625 3536 flpydisk - ok
17:21:23.0641 3536 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:21:23.0656 3536 FltMgr - ok
17:21:23.0672 3536 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:21:23.0687 3536 FsDepends - ok
17:21:23.0765 3536 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
17:21:23.0781 3536 fssfltr - ok
17:21:23.0797 3536 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:21:23.0828 3536 Fs_Rec - ok
17:21:23.0890 3536 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:21:23.0906 3536 fvevol - ok
17:21:23.0921 3536 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:21:23.0921 3536 gagp30kx - ok
17:21:23.0984 3536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:21:23.0999 3536 GEARAspiWDM - ok
17:21:24.0093 3536 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
17:21:24.0109 3536 hamachi - ok
17:21:24.0124 3536 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:21:24.0124 3536 hcw85cir - ok
17:21:24.0202 3536 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:21:24.0218 3536 HdAudAddService - ok
17:21:24.0280 3536 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:21:24.0327 3536 HDAudBus - ok
17:21:24.0343 3536 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:21:24.0358 3536 HidBatt - ok
17:21:24.0389 3536 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:21:24.0405 3536 HidBth - ok
17:21:24.0436 3536 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:21:24.0452 3536 HidIr - ok
17:21:24.0499 3536 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:21:24.0514 3536 HidUsb - ok
17:21:24.0608 3536 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:21:24.0608 3536 HpqKbFiltr - ok
17:21:24.0670 3536 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
17:21:24.0670 3536 HpqRemHid - ok
17:21:24.0701 3536 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:21:24.0717 3536 HpSAMD - ok
17:21:24.0764 3536 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:21:24.0795 3536 HSF_DPV - ok
17:21:24.0842 3536 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:21:24.0857 3536 HSXHWAZL - ok
17:21:24.0935 3536 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:21:25.0013 3536 HTTP - ok
17:21:25.0060 3536 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:21:25.0076 3536 hwpolicy - ok
17:21:25.0123 3536 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:21:25.0138 3536 i8042prt - ok
17:21:25.0201 3536 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:21:25.0232 3536 iaStorV - ok
17:21:25.0263 3536 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:21:25.0279 3536 iirsp - ok
17:21:25.0310 3536 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:21:25.0325 3536 intelide - ok
17:21:25.0357 3536 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:21:25.0372 3536 intelppm - ok
17:21:25.0388 3536 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:21:25.0419 3536 IpFilterDriver - ok
17:21:25.0497 3536 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:21:25.0513 3536 IPMIDRV - ok
17:21:25.0528 3536 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:21:25.0559 3536 IPNAT - ok
17:21:25.0606 3536 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:21:25.0622 3536 IRENUM - ok
17:21:25.0669 3536 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:21:25.0700 3536 isapnp - ok
17:21:25.0731 3536 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:21:25.0762 3536 iScsiPrt - ok
17:21:25.0825 3536 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
17:21:25.0840 3536 kbdclass - ok
17:21:25.0903 3536 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
17:21:25.0918 3536 kbdhid - ok
17:21:25.0965 3536 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:21:25.0965 3536 KSecDD - ok
17:21:25.0996 3536 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:21:26.0012 3536 KSecPkg - ok
17:21:26.0074 3536 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:21:26.0105 3536 lltdio - ok
17:21:26.0246 3536 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
17:21:26.0246 3536 LMIInfo - ok
17:21:26.0324 3536 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
17:21:26.0324 3536 lmimirr - ok
17:21:26.0339 3536 LMIRfsClientNP - ok
17:21:26.0371 3536 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
17:21:26.0371 3536 LMIRfsDriver - ok
17:21:26.0433 3536 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:21:26.0449 3536 LSI_FC - ok
17:21:26.0480 3536 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:21:26.0511 3536 LSI_SAS - ok
17:21:26.0527 3536 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:21:26.0542 3536 LSI_SAS2 - ok
17:21:26.0573 3536 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:21:26.0589 3536 LSI_SCSI - ok
17:21:26.0620 3536 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:21:26.0651 3536 luafv - ok
17:21:26.0729 3536 MAFW (c1d028531ed173ff164f660ff03eb090) C:\Windows\system32\DRIVERS\mafw.sys
17:21:26.0745 3536 MAFW - ok
17:21:26.0761 3536 mcdbus - ok
17:21:26.0854 3536 MDFSYSNT (958b893eb11586b4ed1301ba067abc94) C:\Windows\system32\drivers\MDFSYSNT.sys
17:21:26.0870 3536 MDFSYSNT - ok
17:21:26.0885 3536 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:21:26.0901 3536 mdmxsdk - ok
17:21:26.0963 3536 MDPMGRNT (9f06ca581cce21fc72a946487aa243e9) C:\Windows\system32\drivers\MDPMGRNT.sys
17:21:26.0979 3536 MDPMGRNT - ok
17:21:27.0026 3536 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:21:27.0041 3536 megasas - ok
17:21:27.0073 3536 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:21:27.0088 3536 MegaSR - ok
17:21:27.0166 3536 mfwamidi (9639d4271ca2d3ccce8c5aaed7eff23d) C:\Windows\system32\drivers\mfwamidi.sys
17:21:27.0166 3536 mfwamidi - ok
17:21:27.0197 3536 mfwawave (6851aa83470a748c8695ba2ad73d559f) C:\Windows\system32\drivers\mfwawave.sys
17:21:27.0197 3536 mfwawave - ok
17:21:27.0229 3536 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:21:27.0260 3536 Modem - ok
17:21:27.0322 3536 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:21:27.0322 3536 monitor - ok
17:21:27.0385 3536 motubus (d40dbd0e86f6c0fc2bc4e83c3d6961cc) C:\Windows\system32\drivers\MotuBus.sys
17:21:27.0400 3536 motubus - ok
17:21:27.0431 3536 MotuFWA (9c0754369988b890682d7f63181befe8) C:\Windows\system32\drivers\motufwa.sys
17:21:27.0447 3536 MotuFWA - ok
17:21:27.0494 3536 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
17:21:27.0509 3536 mouclass - ok
17:21:27.0556 3536 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:21:27.0587 3536 mouhid - ok
17:21:27.0650 3536 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:21:27.0665 3536 mountmgr - ok
17:21:27.0728 3536 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:21:27.0743 3536 mpio - ok
17:21:27.0759 3536 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:21:27.0790 3536 mpsdrv - ok
17:21:27.0868 3536 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:21:27.0884 3536 MRxDAV - ok
17:21:27.0931 3536 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:21:27.0946 3536 mrxsmb - ok
17:21:27.0993 3536 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:21:28.0040 3536 mrxsmb10 - ok
17:21:28.0055 3536 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:21:28.0102 3536 mrxsmb20 - ok
17:21:28.0149 3536 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:21:28.0149 3536 msahci - ok
17:21:28.0211 3536 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:21:28.0227 3536 msdsm - ok
17:21:28.0258 3536 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:21:28.0289 3536 Msfs - ok
17:21:28.0289 3536 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:21:28.0321 3536 mshidkmdf - ok
17:21:28.0367 3536 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:21:28.0383 3536 msisadrv - ok
17:21:28.0414 3536 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:21:28.0445 3536 MSKSSRV - ok
17:21:28.0477 3536 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:21:28.0492 3536 MSPCLOCK - ok
17:21:28.0508 3536 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:21:28.0539 3536 MSPQM - ok
17:21:28.0555 3536 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:21:28.0570 3536 MsRPC - ok
17:21:28.0601 3536 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:21:28.0601 3536 mssmbios - ok
17:21:28.0617 3536 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:21:28.0648 3536 MSTEE - ok
17:21:28.0664 3536 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:21:28.0679 3536 MTConfig - ok
17:21:28.0695 3536 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:21:28.0711 3536 Mup - ok
17:21:28.0742 3536 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:21:28.0757 3536 NativeWifiP - ok
17:21:28.0820 3536 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:21:28.0882 3536 NDIS - ok
17:21:28.0929 3536 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:21:28.0976 3536 NdisCap - ok
17:21:29.0007 3536 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:21:29.0038 3536 NdisTapi - ok
17:21:29.0085 3536 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:21:29.0116 3536 Ndisuio - ok
17:21:29.0163 3536 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:21:29.0194 3536 NdisWan - ok
17:21:29.0241 3536 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:21:29.0272 3536 NDProxy - ok
17:21:29.0335 3536 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\Windows\system32\DRIVERS\netaapl.sys
17:21:29.0335 3536 Netaapl ( UnsignedFile.Multi.Generic ) - warning
17:21:29.0335 3536 Netaapl - detected UnsignedFile.Multi.Generic (1)
17:21:29.0366 3536 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:21:29.0413 3536 NetBIOS - ok
17:21:29.0475 3536 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:21:29.0506 3536 NetBT - ok
17:21:29.0600 3536 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:21:29.0615 3536 nfrd960 - ok
17:21:29.0647 3536 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:21:29.0678 3536 Npfs - ok
17:21:29.0693 3536 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:21:29.0725 3536 nsiproxy - ok
17:21:29.0803 3536 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:21:29.0834 3536 Ntfs - ok
17:21:29.0896 3536 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
17:21:29.0912 3536 NuidFltr - ok
17:21:29.0943 3536 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:21:29.0974 3536 Null - ok
17:21:30.0037 3536 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
17:21:30.0052 3536 NVENETFD - ok
17:21:30.0271 3536 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:21:30.0458 3536 nvlddmkm - ok
17:21:30.0520 3536 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:21:30.0551 3536 nvraid - ok
17:21:30.0614 3536 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:21:30.0629 3536 nvstor - ok
17:21:30.0707 3536 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:21:30.0723 3536 nv_agp - ok
17:21:30.0785 3536 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:21:30.0801 3536 ohci1394 - ok
17:21:30.0832 3536 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:21:30.0848 3536 Parport - ok
17:21:30.0895 3536 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
17:21:30.0910 3536 partmgr - ok
17:21:30.0926 3536 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:21:30.0941 3536 Parvdm - ok
17:21:30.0957 3536 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:21:30.0973 3536 pci - ok
17:21:31.0019 3536 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:21:31.0051 3536 pciide - ok
17:21:31.0066 3536 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:21:31.0097 3536 pcmcia - ok
17:21:31.0113 3536 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:21:31.0129 3536 pcw - ok
17:21:31.0160 3536 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:21:31.0191 3536 PEAUTH - ok
17:21:31.0316 3536 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
17:21:31.0316 3536 pnarp - ok
17:21:31.0409 3536 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
17:21:31.0409 3536 Point32 - ok
17:21:31.0456 3536 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:21:31.0487 3536 PptpMiniport - ok
17:21:31.0503 3536 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:21:31.0519 3536 Processor - ok
17:21:31.0550 3536 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:21:31.0581 3536 Psched - ok
17:21:31.0628 3536 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys
17:21:31.0643 3536 PSSDK42 - ok
17:21:31.0721 3536 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
17:21:31.0737 3536 purendis - ok
17:21:31.0768 3536 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:21:31.0815 3536 ql2300 - ok
17:21:31.0831 3536 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:21:31.0846 3536 ql40xx - ok
17:21:31.0877 3536 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:21:31.0893 3536 QWAVEdrv - ok
17:21:31.0909 3536 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:21:31.0940 3536 RasAcd - ok
17:21:31.0955 3536 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:21:31.0971 3536 RasAgileVpn - ok
17:21:32.0018 3536 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:32.0033 3536 Rasl2tp - ok
17:21:32.0080 3536 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:32.0111 3536 RasPppoe - ok
17:21:32.0143 3536 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:21:32.0158 3536 RasSstp - ok
17:21:32.0221 3536 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:21:32.0252 3536 rdbss - ok
17:21:32.0267 3536 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:21:32.0283 3536 rdpbus - ok
17:21:32.0345 3536 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:32.0408 3536 RDPCDD - ok
17:21:32.0439 3536 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:21:32.0470 3536 RDPENCDD - ok
17:21:32.0486 3536 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:21:32.0517 3536 RDPREFMP - ok
17:21:32.0564 3536 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
17:21:32.0595 3536 RDPWD - ok
17:21:32.0642 3536 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:21:32.0657 3536 rdyboost - ok
17:21:32.0720 3536 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
17:21:32.0735 3536 RFCOMM - ok
17:21:32.0782 3536 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
17:21:32.0782 3536 rimmptsk - ok
17:21:32.0813 3536 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:21:32.0813 3536 rimsptsk - ok
17:21:32.0845 3536 RimUsb - ok
17:21:32.0907 3536 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
17:21:32.0923 3536 RimVSerPort - ok
17:21:32.0954 3536 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:21:32.0954 3536 rismxdp - ok
17:21:33.0001 3536 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
17:21:33.0063 3536 ROOTMODEM - ok
17:21:33.0125 3536 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:21:33.0157 3536 rspndr - ok
17:21:33.0219 3536 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:21:33.0219 3536 sbp2port - ok
17:21:33.0281 3536 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:21:33.0297 3536 scfilter - ok
17:21:33.0359 3536 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
17:21:33.0375 3536 sdbus - ok
17:21:33.0391 3536 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:21:33.0422 3536 secdrv - ok
17:21:33.0500 3536 SeratoUsb (fb2d6ff234f5d8d6a1477fb4dc5daf82) C:\Windows\system32\Drivers\SeratoUsb.sys
17:21:33.0531 3536 SeratoUsb - ok
17:21:33.0562 3536 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:21:33.0593 3536 Serenum - ok
17:21:33.0609 3536 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:21:33.0625 3536 Serial - ok
17:21:33.0687 3536 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:21:33.0703 3536 sermouse - ok
17:21:33.0734 3536 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:21:33.0749 3536 sffdisk - ok
17:21:33.0765 3536 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:21:33.0781 3536 sffp_mmc - ok
17:21:33.0812 3536 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:21:33.0812 3536 sffp_sd - ok
17:21:33.0843 3536 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:21:33.0843 3536 sfloppy - ok
17:21:33.0890 3536 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:21:33.0905 3536 sisagp - ok
17:21:33.0952 3536 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:21:33.0968 3536 SiSRaid2 - ok
17:21:33.0999 3536 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:21:33.0999 3536 SiSRaid4 - ok
17:21:34.0030 3536 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:21:34.0077 3536 Smb - ok
17:21:34.0108 3536 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:21:34.0124 3536 spldr - ok
17:21:34.0186 3536 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:21:34.0233 3536 srv - ok
17:21:34.0264 3536 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:21:34.0295 3536 srv2 - ok
17:21:34.0327 3536 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:21:34.0342 3536 SrvHsfHDA - ok
17:21:34.0389 3536 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:21:34.0420 3536 SrvHsfV92 - ok
17:21:34.0451 3536 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:21:34.0483 3536 SrvHsfWinac - ok
17:21:34.0498 3536 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:21:34.0514 3536 srvnet - ok
17:21:34.0561 3536 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:21:34.0561 3536 stexstor - ok
17:21:34.0639 3536 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:21:34.0639 3536 swenum - ok
17:21:34.0748 3536 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
17:21:34.0748 3536 SynTP - ok
17:21:34.0826 3536 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
17:21:34.0841 3536 taphss - ok
17:21:34.0966 3536 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
17:21:35.0013 3536 Tcpip - ok
17:21:35.0060 3536 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
17:21:35.0107 3536 TCPIP6 - ok
17:21:35.0169 3536 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:21:35.0200 3536 tcpipreg - ok
17:21:35.0247 3536 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:21:35.0278 3536 TDPIPE - ok
17:21:35.0341 3536 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
17:21:35.0387 3536 TDTCP - ok
17:21:35.0434 3536 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:21:35.0465 3536 tdx - ok
17:21:35.0528 3536 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:21:35.0528 3536 TermDD - ok
17:21:35.0653 3536 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
17:21:35.0668 3536 truecrypt - ok
17:21:35.0684 3536 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:35.0715 3536 tssecsrv - ok
17:21:35.0777 3536 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:21:35.0809 3536 TsUsbFlt - ok
17:21:35.0871 3536 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:21:35.0902 3536 tunnel - ok
17:21:35.0933 3536 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:21:35.0933 3536 uagp35 - ok
17:21:35.0996 3536 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:21:36.0027 3536 udfs - ok
17:21:36.0105 3536 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:21:36.0105 3536 uliagpkx - ok
17:21:36.0152 3536 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:21:36.0152 3536 umbus - ok
17:21:36.0183 3536 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:21:36.0199 3536 UmPass - ok
17:21:36.0261 3536 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
17:21:36.0277 3536 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
17:21:36.0277 3536 USBAAPL - detected UnsignedFile.Multi.Generic (1)
17:21:36.0323 3536 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:36.0355 3536 usbccgp - ok
17:21:36.0386 3536 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:21:36.0433 3536 usbcir - ok
17:21:36.0479 3536 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:21:36.0495 3536 usbehci - ok
17:21:36.0557 3536 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:21:36.0573 3536 usbhub - ok
17:21:36.0620 3536 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
17:21:36.0635 3536 usbohci - ok
17:21:36.0682 3536 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:21:36.0698 3536 usbprint - ok
17:21:36.0745 3536 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:21:36.0776 3536 usbscan - ok
17:21:36.0838 3536 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
17:21:36.0869 3536 USBSTOR - ok
17:21:36.0885 3536 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:36.0901 3536 usbuhci - ok
17:21:36.0979 3536 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
17:21:36.0994 3536 usbvideo - ok
17:21:37.0057 3536 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
17:21:37.0072 3536 VClone - ok
17:21:37.0119 3536 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:21:37.0135 3536 vdrvroot - ok
17:21:37.0166 3536 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:37.0181 3536 vga - ok
17:21:37.0197 3536 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:21:37.0228 3536 VgaSave - ok
17:21:37.0275 3536 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:21:37.0291 3536 vhdmp - ok
17:21:37.0337 3536 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:21:37.0353 3536 viaagp - ok
17:21:37.0369 3536 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:21:37.0384 3536 ViaC7 - ok
17:21:37.0415 3536 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:21:37.0415 3536 viaide - ok
17:21:37.0478 3536 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:21:37.0478 3536 volmgr - ok
17:21:37.0509 3536 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:21:37.0525 3536 volmgrx - ok
17:21:37.0571 3536 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:21:37.0618 3536 volsnap - ok
17:21:37.0634 3536 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:21:37.0665 3536 vsmraid - ok
17:21:37.0681 3536 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:21:37.0696 3536 vwifibus - ok
17:21:37.0727 3536 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:21:37.0743 3536 vwififlt - ok
17:21:37.0774 3536 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:21:37.0790 3536 WacomPen - ok
17:21:37.0852 3536 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:37.0868 3536 WANARP - ok
17:21:37.0883 3536 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:37.0915 3536 Wanarpv6 - ok
17:21:37.0961 3536 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:21:37.0977 3536 Wd - ok
17:21:38.0008 3536 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:21:38.0024 3536 Wdf01000 - ok
17:21:38.0071 3536 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:21:38.0102 3536 WfpLwf - ok
17:21:38.0133 3536 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:21:38.0133 3536 WIMMount - ok
17:21:38.0195 3536 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:21:38.0242 3536 winachsf - ok
17:21:38.0351 3536 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:21:38.0383 3536 WinUsb - ok
17:21:38.0461 3536 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:21:38.0476 3536 WmiAcpi - ok
17:21:38.0523 3536 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:21:38.0554 3536 ws2ifsl - ok
17:21:38.0632 3536 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:21:38.0648 3536 WudfPf - ok
17:21:38.0710 3536 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:38.0788 3536 WUDFRd - ok
17:21:38.0819 3536 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
17:21:38.0819 3536 XAudio - ok
17:21:38.0897 3536 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:21:39.0069 3536 \Device\Harddisk0\DR0 - ok
17:21:39.0069 3536 Boot (0x1200) (7656b4fa25b7ab37e689c2102244dd47) \Device\Harddisk0\DR0\Partition0
17:21:39.0069 3536 \Device\Harddisk0\DR0\Partition0 - ok
17:21:39.0100 3536 Boot (0x1200) (a315621b64d875c6c063ee007ddf3d05) \Device\Harddisk0\DR0\Partition1
17:21:39.0116 3536 \Device\Harddisk0\DR0\Partition1 - ok
17:21:39.0116 3536 ============================================================
17:21:39.0116 3536 Scan finished
17:21:39.0116 3536 ============================================================
17:21:39.0131 4528 Detected object count: 3
17:21:39.0131 4528 Actual detected object count: 3
17:21:51.0565 4528 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:51.0565 4528 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:21:51.0565 4528 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:51.0565 4528 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:21:51.0565 4528 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:51.0565 4528 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:28.0211 3748 Deinitialize success

MBAM Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
JCP :: JCP-PC [administrator]

19/02/2012 17:25:21
mbam-log-2012-02-19 (17-25-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188972
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Log

C:\Documents and Settings\JCP\Music Projects\Apps\MELODYNE 3 SETUP\H2O.rar probably a variant of Win32/Agent.BGLROXX trojan
C:\Users\JCP\Music Projects\Apps\MELODYNE 3 SETUP\H2O.rar probably a variant of Win32/Agent.BGLROXX trojan

Security Check Log

Results of screen317's Security Check version 0.99.31
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 24
Java version out of date!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (3.6.25) Firefox out of Date!
Mozilla Thunderbird (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Hi Jess!

Quote

It looks like TDSSKiller found some files that are unsigned. Malware will sometimes patch a system file, and use it for malicious activity.

I'll take a look at the files it detected, and see if anything is required with them.

These threat(s) below will be removed very shortly:

Quote

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  
• Look for "Java Platform, Standard Edition".
  
• Click the "Download JRE" button to the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• From the list, select your OS and Platform:
  
  • 32-bit Select: Windows x86 Offline.
    
  • 64-bit Select: Windows x64.
  
  
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u3-windows-i586-s.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.

NEXT



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 10.0.2.

You can get the latest version of Firefox by accessing the menu in Firefox and then selecting About.

Please make sure that you check for updates again by selecting the Aboutmenu after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  
  :Reg
  
  :Files
  C:\Documents and Settings\JCP\Music Projects\Apps\MELODYNE 3 SETUP\H2O.rar
  C:\Users\JCP\Music Projects\Apps\MELODYNE 3 SETUP\H2O.rar
  :Commands
  [purity]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  
  
  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %systemroot%\*. /rp /s
  /md5start
  CVPNDRVA.sys
  netaapl.sys
  usbaapl.sys
  /md5stop
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
  
  
• Push the button.
  
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Hi Sweet Tech,

The sick PC seems to be running fairly well.

followed the steps, all was fine, except that when uninstalling Java (6.31) it said "could not uninstall" however it did remove the listing from Programs and Features I believe that at least part of the infection was a Java exploit, since I saw a Java window open briefly when the attack first occurred (as stated in original post) .

I rebooted and installed JRE 7 as directed with no issues on the install.

Also, Windows Update is prompting, but seems to have no history of older updates (although there are many) .

Please see logs below.

Thanks,

Jess

OTL Fix Log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\JCP\Music Projects\Apps\MELODYNE 3 SETUP\H2O.rar moved successfully.
File\Folder C:\Users\JCP\Music Projects\Apps\MELODYNE 3 SETUP\H2O.rar not found.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JCP
->Temp folder emptied: 54581958 bytes
->Temporary Internet Files folder emptied: 53737698 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9918260 bytes
->Apple Safari cache emptied: 15532032 bytes
->Opera cache emptied: 1708264 bytes
->Flash cache emptied: 611 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 443837 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11526192 bytes

Total Files Cleaned = 141.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: JCP
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02212012_014251

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL Scan Log

OTL logfile created on: 21/02/2012 01:47:43 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\JCP\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.66% Memory free
4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 131.23 Gb Free Space | 28.18% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 465.65 Gb Total Space | 249.73 Gb Free Space | 53.63% Space Free | Partition Type: NTFS

Computer Name: JCP-PC | User Name: JCP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 21:37:03 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/14 21:36:49 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.) -- C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe
PRC - [2012/02/04 12:28:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 13:32:47 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/08 14:15:40 | 000,167,936 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2010/01/08 15:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/11/20 15:18:24 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
PRC - [2009/11/15 11:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/07/29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\MAFWTray.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/01/13 11:28:48 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 02:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/07 15:17:37 | 000,494,408 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.698\ppgooglenaclpluginchrome.dll
MOD - [2012/02/07 15:17:33 | 000,219,152 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.698\avformat-53.dll
MOD - [2012/02/07 15:17:33 | 000,142,328 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.698\avutil-51.dll
MOD - [2012/02/07 15:17:32 | 001,633,288 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.698\avcodec-53.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/20 15:18:24 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
MOD - [2009/06/22 00:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2009/04/27 12:55:12 | 000,678,400 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/03/11 13:41:42 | 000,049,152 | ---- | M] () -- C:\Program Files\OxelonMedia\menuext.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/14 21:37:03 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/02/14 21:36:49 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2010/02/24 19:16:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/08 16:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 15:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/13 11:28:48 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2012/02/14 21:36:49 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/02/10 01:23:19 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/07 15:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/07/01 16:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/12 14:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/01/08 15:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/20 15:18:50 | 000,023,600 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\motubus.sys -- (motubus)
DRV - [2009/11/20 15:18:44 | 000,026,160 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MFWAMIDI.sys -- (mfwamidi)
DRV - [2009/11/20 15:18:38 | 000,464,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motufwa.sys -- (MotuFWA)
DRV - [2009/11/20 15:18:34 | 000,069,680 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfwawave.sys -- (mfwawave)
DRV - [2009/11/17 22:40:20 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/07/29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mafw.sys -- (MAFW)
DRV - [2009/07/13 14:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/05/13 14:47:44 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/05/13 14:47:44 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/01/13 11:27:36 | 000,306,812 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/11 02:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/21 16:04:16 | 000,029,696 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SeratoUsb.sys -- (SeratoUsb)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.logmeinrescue.com/CA-EN/TechConsole/Console.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 85 E2 AE F3 5B CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {22AA42EA-508C-4b90-9BDA-836A848B6492}:2.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.03
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.4
FF - prefs.js..extensions.enabledItems: {C3A8BC35-ADF4-46c9-B81E-69BF809BF681}:1.30
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.4
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: TechnicianConsole@logmeinrescue.com:6.1.0.617
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\JCP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\JCP\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JCP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JCP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 21:58:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 01:30:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/21 01:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/14 00:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/11/02 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Extensions
[2009/11/02 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Extensions\postbox@postbox-inc.com
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (BaseCode) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{22AA42EA-508C-4b90-9BDA-836A848B6492}
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (CLPicView) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{C3A8BC35-ADF4-46c9-B81E-69BF809BF681}
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(38)
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(36)
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (firefusk) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\gmailthis@lazyrussian(35).com
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\gmailthis@lazyrussian(88).com
[2009/11/02 12:11:05 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\LogMeInClient@logmein.com
[2009/11/02 12:11:02 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\TechnicianConsole@logmeinrescue.com
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\youtube2mp3@mondayx.de
[2012/02/21 01:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions
[2010/03/30 08:54:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2012/02/21 01:31:26 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/12/30 14:00:55 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/04/01 10:34:06 | 000,000,000 | ---D | M] (BaseCode) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{22AA42EA-508C-4b90-9BDA-836A848B6492}
[2011/04/08 15:54:10 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2012/02/21 01:31:48 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/22 11:38:39 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/11/13 18:16:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/02 12:11:31 | 000,000,000 | ---D | M] (CLPicView) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{C3A8BC35-ADF4-46c9-B81E-69BF809BF681}
[2009/11/02 12:11:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(38)
[2009/11/02 12:11:30 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(36)
[2011/06/15 17:49:32 | 000,000,000 | ---D | M] (firefusk) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2012/02/21 01:31:43 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\en-CA@dictionaries.addons.mozilla.org
[2011/08/11 09:45:42 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\firebug@software.joehewitt.com
[2009/11/02 12:11:32 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian(35).com
[2009/11/02 12:11:29 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian(88).com
[2010/09/03 12:42:47 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian.com
[2011/11/13 18:16:55 | 000,000,000 | ---D | M] (Hypem.com: The Hype Machine Track Downloader) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\hypem@downloader.com
[2011/03/28 08:59:10 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\LogMeInClient@logmein.com
[2011/06/16 20:15:46 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\TechnicianConsole@logmeinrescue.com
[2011/10/01 14:21:52 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\youtube2mp3@mondayx.de
[2009/03/20 23:18:14 | 000,000,853 | ---- | M] () -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\searchplugins\delicious-tag.xml
[2008/06/19 15:00:00 | 000,001,108 | ---- | M] () -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\searchplugins\wikipedia-en.xml
[2012/02/21 01:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{22AA42EA-508C-4B90-9BDA-836A848B6492}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{C3A8BC35-ADF4-46C9-B81E-69BF809BF681}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{FCE36C1E-58D8-498A-B2A5-66AD1CEDEBBB}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{FFFE0EAC-3819-4561-8AA9-178A68450D4F}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\EN-CA@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\LOGMEINCLIENT@LOGMEIN.COM
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\TECHNICIANCONSOLE@LOGMEINRESCUE.COM
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE
[2012/02/16 06:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 00:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/02/16 02:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 02:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/02/17 01:10:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - Startup: C:\Users\JCP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB444EB-F81B-4F35-8579-18C2975F41EB}: NameServer = 10.97.72.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA9B515-890D-4F69-9A27-66DB8F109C85}: DhcpNameServer = 64.71.255.198 207.181.101.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AB4E4CD-F55D-433A-9BE0-10904D6441CD}: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC87EDB3-054B-41B0-B59D-3C2597542738}: DhcpNameServer = 64.71.255.198 207.181.101.5
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 01:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/21 01:40:30 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/02/21 01:40:30 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/02/21 01:40:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/02/21 01:40:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/02/21 01:29:48 | 015,792,320 | ---- | C] (Mozilla) -- C:\Users\JCP\Desktop\Firefox Setup 10.0.2.exe
[2012/02/21 01:23:28 | 020,320,648 | ---- | C] (Oracle Corporation) -- C:\Users\JCP\Desktop\jre-7u3-windows-i586.exe
[2012/02/21 01:21:21 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\JCP\Desktop\chromeinstall-6u31.exe
[2012/02/19 18:53:25 | 002,322,184 | ---- | C] (ESET) -- C:\Users\JCP\Desktop\esetsmartinstaller_enu.exe
[2012/02/19 17:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/19 17:24:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/19 17:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/19 17:17:14 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JCP\Desktop\tdsskiller.exe
[2012/02/19 15:35:21 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Users\JCP\Desktop\aswMBR.exe
[2012/02/17 01:16:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/17 01:08:41 | 000,000,000 | ---D | C] -- C:\Users\JCP\AppData\Local\temp
[2012/02/16 13:21:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/16 11:28:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/16 11:28:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/16 11:28:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/16 11:28:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/16 11:27:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/16 11:19:50 | 000,000,000 | ---D | C] -- C:\found.000
[2012/02/16 11:08:13 | 004,406,022 | R--- | C] (Swearware) -- C:\Users\JCP\Desktop\ComboFix.exe
[2012/02/05 14:13:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/04 12:28:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
[2012/02/02 10:40:31 | 000,100,864 | ---- | C] (GMER) -- C:\uwldypow.sys
[2012/02/02 10:35:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JCP\Desktop\dds.scr
[2012/02/01 00:38:32 | 000,000,000 | ---D | C] -- C:\Users\JCP\Desktop\bootkit_remover
[2012/01/30 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\JCP\AppData\Roaming\Malwarebytes
[2012/01/30 21:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/30 21:05:31 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JCP\Desktop\mbam-setup-1.60.1.1000.exe

========== Files - Modified Within 30 Days ==========

[2012/02/21 01:51:33 | 000,664,780 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/21 01:51:33 | 000,129,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/21 01:51:24 | 000,017,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 01:51:23 | 000,017,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 01:44:42 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/21 01:44:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/21 01:44:00 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/21 01:40:12 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/02/21 01:40:12 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/02/21 01:40:12 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/02/21 01:40:11 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/02/21 01:40:11 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/02/21 01:37:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
[2012/02/21 01:32:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/21 01:30:34 | 000,001,990 | ---- | M] () -- C:\Users\JCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/21 01:30:34 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/21 01:30:11 | 015,792,320 | ---- | M] (Mozilla) -- C:\Users\JCP\Desktop\Firefox Setup 10.0.2.exe
[2012/02/21 01:23:41 | 020,320,648 | ---- | M] (Oracle Corporation) -- C:\Users\JCP\Desktop\jre-7u3-windows-i586.exe
[2012/02/21 01:21:22 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\JCP\Desktop\chromeinstall-6u31.exe
[2012/02/21 01:19:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
[2012/02/21 01:18:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
[2012/02/19 21:58:37 | 000,000,499 | ---- | M] () -- C:\Users\JCP\Desktop\aswMBR3.lnk
[2012/02/19 21:51:39 | 000,879,700 | ---- | M] () -- C:\Users\JCP\Desktop\SecurityCheck (2).exe
[2012/02/19 21:07:03 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
[2012/02/19 18:53:33 | 002,322,184 | ---- | M] (ESET) -- C:\Users\JCP\Desktop\esetsmartinstaller_enu.exe
[2012/02/19 17:24:56 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 17:17:24 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JCP\Desktop\tdsskiller.exe
[2012/02/19 17:17:00 | 000,000,512 | ---- | M] () -- C:\Users\JCP\Desktop\MBR.dat
[2012/02/19 15:35:59 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Users\JCP\Desktop\aswMBR.exe
[2012/02/17 01:10:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/16 11:08:29 | 004,406,022 | R--- | M] (Swearware) -- C:\Users\JCP\Desktop\ComboFix.exe
[2012/02/14 21:36:49 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/02/14 21:36:49 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/02/14 21:36:49 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/02/05 14:09:53 | 243,559,124 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/04 12:28:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
[2012/02/02 10:40:31 | 000,100,864 | ---- | M] (GMER) -- C:\uwldypow.sys
[2012/02/02 10:39:44 | 000,302,592 | ---- | M] () -- C:\Users\JCP\Desktop\q39yht1d.exe
[2012/02/02 10:35:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JCP\Desktop\dds.scr
[2012/02/02 10:29:35 | 000,050,477 | ---- | M] () -- C:\Users\JCP\Desktop\Defogger.exe
[2012/02/01 00:30:13 | 000,303,059 | ---- | M] () -- C:\Users\JCP\Desktop\ListParts.exe
[2012/02/01 00:25:11 | 000,044,607 | ---- | M] () -- C:\Users\JCP\Desktop\bootkit_remover.zip
[2012/01/30 21:07:10 | 000,869,194 | ---- | M] () -- C:\Users\JCP\Desktop\SecurityCheck (1).exe
[2012/01/30 21:05:37 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JCP\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/30 21:04:47 | 000,869,194 | ---- | M] () -- C:\Users\JCP\Desktop\SecurityCheck.exe

========== Files Created - No Company Name ==========

[2012/02/21 01:30:34 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/19 21:51:35 | 000,879,700 | ---- | C] () -- C:\Users\JCP\Desktop\SecurityCheck (2).exe
[2012/02/19 17:24:56 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 17:17:00 | 000,000,499 | ---- | C] () -- C:\Users\JCP\Desktop\aswMBR3.lnk
[2012/02/16 11:28:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/16 11:28:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/16 11:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/16 11:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/16 11:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/14 22:45:16 | 000,000,512 | ---- | C] () -- C:\Users\JCP\Desktop\MBR.dat
[2012/02/02 10:39:42 | 000,302,592 | ---- | C] () -- C:\Users\JCP\Desktop\q39yht1d.exe
[2012/02/02 10:29:34 | 000,050,477 | ---- | C] () -- C:\Users\JCP\Desktop\Defogger.exe
[2012/02/01 00:30:12 | 000,303,059 | ---- | C] () -- C:\Users\JCP\Desktop\ListParts.exe
[2012/02/01 00:25:11 | 000,044,607 | ---- | C] () -- C:\Users\JCP\Desktop\bootkit_remover.zip
[2012/01/30 21:07:10 | 000,869,194 | ---- | C] () -- C:\Users\JCP\Desktop\SecurityCheck (1).exe
[2012/01/30 21:04:46 | 000,869,194 | ---- | C] () -- C:\Users\JCP\Desktop\SecurityCheck.exe
[2011/05/29 11:58:58 | 000,000,000 | ---- | C] () -- C:\Users\JCP\AppData\Local\{33F0A466-CC6F-431B-B10A-7CEAF8815BF0}
[2010/10/19 11:31:43 | 000,031,802 | ---- | C] () -- C:\Users\JCP\AppData\Roaming\UserTile.png
[2010/09/23 22:48:30 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/08/11 13:31:20 | 000,008,704 | ---- | C] () -- C:\Users\JCP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 22:31:10 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/17 22:31:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/08 14:51:10 | 000,322,720 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/12/25 13:51:05 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/12/19 22:32:27 | 000,000,056 | ---- | C] () -- C:\Users\JCP\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2009/12/07 15:58:14 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009/12/07 15:53:18 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/12/07 11:48:44 | 000,510,976 | ---- | C] () -- C:\Windows\System32\synsoacc.dll
[2009/11/09 17:08:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/03 09:42:56 | 000,172,032 | ---- | C] () -- C:\Windows\System32\secsnmp.dll
[2009/11/03 09:42:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssh1ml3.dll
[2009/11/02 23:10:00 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 002,252,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,664,780 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,129,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/01/13 11:28:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1998/10/10 23:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/06 09:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/06 09:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/06 09:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\ShowIconsCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --show-icons [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\HideIconsCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --hide-icons [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\InstallInfo\\ReinstallCommand: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" --make-default-browser [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\RockMelt\shell\open\command\\: "C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe" [2012/02/07 15:18:02 | 001,422,664 | ---- | M] (RockMelt, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 19:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< %systemroot%\*. /rp /s >


< MD5 for: CVPNDRVA.SYS >
[2009/01/13 11:27:36 | 000,306,812 | ---- | M] (Cisco Systems, Inc.) MD5=F4A38E478D71CF609B9A11C46BF1CAFE -- C:\Windows\System32\drivers\CVPNDRVA.sys

< MD5 for: NETAAPL.SYS >
[2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) MD5=1352E1648213551923A0A822E441553C -- C:\Program Files\Common Files\Apple\Mobile Device Support\NetDrivers\netaapl.sys
[2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) MD5=1352E1648213551923A0A822E441553C -- C:\Windows\System32\DriverStore\FileRepository\netaapl.inf_x86_neutral_b1e5350f88598904\netaapl.sys
[2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) MD5=29C45722E20572B6440B57E3359E73EE -- C:\Windows\System32\drivers\netaapl.sys

< MD5 for: USBAAPL.SYS >
[2011/05/10 07:06:08 | 000,042,496 | ---- | M] (Apple, Inc.) MD5=83CAFCB53201BBAC04D822F32438E244 -- C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers\usbaapl.sys
[2011/05/10 07:06:08 | 000,042,496 | ---- | M] (Apple, Inc.) MD5=83CAFCB53201BBAC04D822F32438E244 -- C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_x86_neutral_1e34817a8e80d76d\usbaapl.sys
[2011/02/18 16:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) MD5=D4FB6ECC60A428564BA8768B0E23C0FC -- C:\Windows\System32\drivers\usbaapl.sys

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/01/20 00:43:48 | 000,000,000 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\First Run
[2012/01/20 00:44:55 | 000,000,000 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/01/20 00:44:55 | 000,000,512 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2012/01/20 00:44:36 | 000,000,063 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/01/20 00:44:36 | 000,016,384 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/01/20 00:44:36 | 000,000,512 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/01/20 00:44:35 | 000,086,016 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\History
[2012/01/20 00:44:35 | 000,000,011 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2010/11/30 22:01:00 | 000,000,287 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/01/20 00:44:55 | 000,000,000 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/01/20 00:44:55 | 000,000,512 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2012/01/20 00:44:36 | 000,073,728 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/01/20 00:44:36 | 000,001,024 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2012/01/20 00:44:35 | 000,000,000 | ---- | M] () -- C:\Users\JCP\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

Hi Jess!

Quote

Can you please elaborate on this a bit more?


Enable CD Emulation Driver

To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  [2012/02/21 01:30:11 | 015,792,320 | ---- | M] (Mozilla) -- C:\Users\JCP\Desktop\Firefox Setup 10.0.2.exe
  [2012/02/21 01:23:41 | 020,320,648 | ---- | M] (Oracle Corporation) -- C:\Users\JCP\Desktop\jre-7u3-windows-i586.exe
  [2012/02/21 01:21:22 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\JCP\Desktop\chromeinstall-6u31.exe
  [2012/02/19 21:51:39 | 000,879,700 | ---- | M] () -- C:\Users\JCP\Desktop\SecurityCheck (2).exe
  [2012/02/19 18:53:33 | 002,322,184 | ---- | M] (ESET) -- C:\Users\JCP\Desktop\esetsmartinstaller_enu.exe
  [2012/02/19 17:17:24 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JCP\Desktop\tdsskiller.exe
  [2012/02/19 17:17:00 | 000,000,512 | ---- | M] () -- C:\Users\JCP\Desktop\MBR.dat
  [2012/02/19 15:35:59 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Users\JCP\Desktop\aswMBR.exe
  [2012/02/02 10:40:31 | 000,100,864 | ---- | M] (GMER) -- C:\uwldypow.sys
  [2012/02/02 10:39:44 | 000,302,592 | ---- | M] () -- C:\Users\JCP\Desktop\q39yht1d.exe
  [2012/02/02 10:35:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JCP\Desktop\dds.scr
  [2012/02/01 00:30:13 | 000,303,059 | ---- | M] () -- C:\Users\JCP\Desktop\ListParts.exe
  [2012/02/01 00:25:11 | 000,044,607 | ---- | M] () -- C:\Users\JCP\Desktop\bootkit_remover.zip
  [2012/01/30 21:07:10 | 000,869,194 | ---- | M] () -- C:\Users\JCP\Desktop\SecurityCheck (1).exe
  [2012/01/30 21:05:37 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JCP\Desktop\mbam-setup-1.60.1.1000.exe
  [2012/01/30 21:04:47 | 000,869,194 | ---- | M] () -- C:\Users\JCP\Desktop\SecurityCheck.exe
  [2012/02/02 10:29:35 | 000,050,477 | ---- | M] () -- C:\Users\JCP\Desktop\Defogger.exe
  :Files
  ipconfig /flushdns /c
  :Commands
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  [EMPTYJAVA]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Uploading File
Please visit this site & follow the instructions for uploading the file mentioned below.
Copy/paste the contents of the Code Box below into the Link to topic where this file was requested: box:

http://www.bleepingcomputer.com/forums/topic441065.html/page__view__findpost__p__2605901

Click Browse & navigate to C:\Windows\System32\drivers\CVPNDRVA.sys.

Cheers,
ST.

Hi Sweet Tech,

To clarify, Windows Update is prompting to check for updates, but seems to have no history of older checks or updates installed (although of course ive installed many since getting the PC) . Should I check and install all Windows Updates as well?

The suspicious driver file was uploaded as instructed.

Please see OTL log below.

Also, any recommendations for good free AV programs? I uninstalled AVG for one of the fixes, so need to get some protection on there soon.

Thanks,

Jess



All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\JCP\Desktop\Firefox Setup 10.0.2.exe moved successfully.
C:\Users\JCP\Desktop\jre-7u3-windows-i586.exe moved successfully.
C:\Users\JCP\Desktop\chromeinstall-6u31.exe moved successfully.
C:\Users\JCP\Desktop\SecurityCheck (2).exe moved successfully.
C:\Users\JCP\Desktop\esetsmartinstaller_enu.exe moved successfully.
C:\Users\JCP\Desktop\tdsskiller.exe moved successfully.
C:\Users\JCP\Desktop\MBR.dat moved successfully.
C:\Users\JCP\Desktop\aswMBR.exe moved successfully.
C:\uwldypow.sys moved successfully.
C:\Users\JCP\Desktop\q39yht1d.exe moved successfully.
C:\Users\JCP\Desktop\dds.scr moved successfully.
C:\Users\JCP\Desktop\ListParts.exe moved successfully.
C:\Users\JCP\Desktop\bootkit_remover.zip moved successfully.
C:\Users\JCP\Desktop\SecurityCheck (1).exe moved successfully.
C:\Users\JCP\Desktop\mbam-setup-1.60.1.1000.exe moved successfully.
C:\Users\JCP\Desktop\SecurityCheck.exe moved successfully.
C:\Users\JCP\Desktop\Defogger.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\JCP\Desktop\cmd.bat deleted successfully.
C:\Users\JCP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JCP
->Temp folder emptied: 2386 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256862 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: JCP
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: JCP
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02222012_171332

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hi Jess!

Thanks for the clarification on that, I had a feeling that was what you were referring to, but wanted to ensure that we were both on the same page in terms of what we were talking about.

Yes, I'd like to have you check and install any windows updates that are present for you to install.

Quote

Thank you. The suspicious driver file looks to be fine, so no worries with that one.

Quote

Yep, I do. See below.

I'd probably go with either Microsoft Security Essentials or Avast.

No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

• Avira AntiVir Personal
  
• avast! 6 Home Edition
  
• Microsoft Security Essentials

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



After you install any Windows Updates available and install an anti-virus program, please run a new OTL scan for me, so that I can ensure no further action is required from us. If that's the case we'll be able to clean-up our tools in the next reply.

OTL Custom Scan

We need to create a new OTL Report

• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  "%WinDir%\$NtUninstallKB*$."
  C:\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.sys
  atapi.sys
  explorer.exe
  winlogon.exe
  wininit.exe
  hlp.dat
  /md5stop
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  

  
  
• Push the button.
  
• One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened