Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NEW TDL Rootkit - reports not running - by request of Broni


  • This topic is locked This topic is locked
40 replies to this topic

#1 solomonte

solomonte

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 02 February 2012 - 01:51 PM

Hi,

This is a continuation of thread http://www.bleepingcomputer.com/forums/topic440614.html/page__gopid__2579805#entry2579805 by Broni

I attempted to run dds.scr and Gmer as directed but they will not generate reports - whenever the applications are run, I get the following warning dialog from AVG Resident shield:

WARNING Threat Detected
C:\Windows\System32\drivers\netbt.sys
Virus: Cryptic detected on open

When I run dds.scr it seems to do the scan but no report is generated.

When running gmer, mosrt of the scan options are greyed out except: Services, Registry, files and ADS

Again, the AVG warning shows as soon as any of the scans run.

Thanks,

Jess

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:25 AM

Posted 03 February 2012 - 03:46 AM

Hi Jess!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Do you have access to a flash drive?


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:


Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. aswMBR log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Edited by SweetTech, 03 February 2012 - 03:50 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 solomonte

solomonte
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 04 February 2012 - 03:54 PM

Hi Sweettech,

Appreciate your assistance.
Followed your instructions as closely as possible, however the first two programs (aswMBR and TDSSKiller) wouldn't run at all.

they were downloaded to the desktop - on click they prompted a run dialogue and then nothing.

I did run OTL and here is the otl.txt followed by the Extras.txt

Thanks,

Jess


OTL logfile created on: 04/02/2012 12:29:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\JCP\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 38.93% Memory free
4.00 Gb Paging File | 2.57 Gb Available in Paging File | 64.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 124.86 Gb Free Space | 26.81% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 465.65 Gb Total Space | 249.73 Gb Free Space | 53.63% Space Free | Partition Type: NTFS

Computer Name: JCP-PC | User Name: JCP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 12:28:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
PRC - [2012/02/01 17:19:42 | 001,422,664 | ---- | M] (RockMelt, Inc.) -- C:\Users\JCP\AppData\Local\RockMelt\Application\rockmelt.exe
PRC - [2012/01/09 22:27:16 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/01/09 22:27:07 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 13:32:47 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/08 14:15:40 | 000,167,936 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2010/01/08 15:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/11/20 15:18:24 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
PRC - [2009/11/15 11:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/07/29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\MAFWTray.exe
PRC - [2009/07/13 17:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/01/13 11:28:48 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 02:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 17:19:06 | 000,494,408 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.688\ppgooglenaclpluginchrome.dll
MOD - [2012/02/01 17:19:03 | 000,142,328 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.688\avutil-51.dll
MOD - [2012/02/01 17:18:58 | 001,633,288 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.688\avcodec-53.dll
MOD - [2012/02/01 17:18:58 | 000,219,152 | ---- | M] () -- C:\Users\JCP\AppData\Local\RockMelt\Application\0.9.72.688\avformat-53.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 04:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010/11/20 04:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/11/20 15:18:24 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
MOD - [2009/06/22 00:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2009/05/13 14:53:24 | 000,394,752 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/05/13 14:53:24 | 000,282,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/04/27 12:55:12 | 000,678,400 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/03/11 13:41:42 | 000,049,152 | ---- | M] () -- C:\Program Files\OxelonMedia\menuext.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/09 22:27:16 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/01/09 22:27:07 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2010/02/24 19:16:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/08 16:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 15:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/13 11:28:48 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2012/01/09 22:27:08 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 01:23:19 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/07 15:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/07/01 16:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/12 14:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/01/08 15:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/20 15:18:50 | 000,023,600 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\motubus.sys -- (motubus)
DRV - [2009/11/20 15:18:44 | 000,026,160 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MFWAMIDI.sys -- (mfwamidi)
DRV - [2009/11/20 15:18:38 | 000,464,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motufwa.sys -- (MotuFWA)
DRV - [2009/11/20 15:18:34 | 000,069,680 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfwawave.sys -- (mfwawave)
DRV - [2009/11/17 22:40:20 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/07/29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mafw.sys -- (MAFW)
DRV - [2009/07/13 14:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/05/13 14:47:44 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/05/13 14:47:44 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/01/13 11:27:36 | 000,306,812 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/11 02:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/21 16:04:16 | 000,029,696 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SeratoUsb.sys -- (SeratoUsb)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.logmeinrescue.com/CA-EN/TechConsole/Console.aspx
IE - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=FW69157
IE - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 85 E2 AE F3 5B CA 01 [binary data]
IE - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {22AA42EA-508C-4b90-9BDA-836A848B6492}:2.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.03
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.4
FF - prefs.js..extensions.enabledItems: {C3A8BC35-ADF4-46c9-B81E-69BF809BF681}:1.30
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.4
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: TechnicianConsole@logmeinrescue.com:6.1.0.617
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\JCP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\JCP\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JCP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JCP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\JCP\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 21:58:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/06 01:08:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/06 01:08:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/14 00:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/11/02 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Extensions
[2009/11/02 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Extensions\postbox@postbox-inc.com
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (BaseCode) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{22AA42EA-508C-4b90-9BDA-836A848B6492}
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (CLPicView) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{C3A8BC35-ADF4-46c9-B81E-69BF809BF681}
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(38)
[2009/11/02 12:11:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(36)
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (firefusk) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2009/11/02 12:11:03 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\gmailthis@lazyrussian(35).com
[2009/11/02 12:11:00 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\gmailthis@lazyrussian(88).com
[2009/11/02 12:11:05 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\LogMeInClient@logmein.com
[2009/11/02 12:11:02 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\TechnicianConsole@logmeinrescue.com
[2009/11/02 12:11:04 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\extensions\youtube2mp3@mondayx.de
[2012/01/14 22:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions
[2010/03/30 08:54:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/12/13 10:26:20 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2011/11/13 18:16:56 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/12/30 14:00:55 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/04/01 10:34:06 | 000,000,000 | ---D | M] (BaseCode) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{22AA42EA-508C-4b90-9BDA-836A848B6492}
[2011/04/08 15:54:10 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/06/24 12:46:26 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/22 11:38:39 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/12/02 20:19:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/11/13 18:16:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/14 00:10:29 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/11/02 12:11:31 | 000,000,000 | ---D | M] (CLPicView) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{C3A8BC35-ADF4-46c9-B81E-69BF809BF681}
[2011/10/01 14:21:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/02 12:11:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(38)
[2011/10/20 10:42:58 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/02 12:11:30 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(36)
[2011/06/15 17:49:32 | 000,000,000 | ---D | M] (firefusk) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2011/10/14 00:10:29 | 000,000,000 | ---D | M] (Craigslist Image Prefetcher) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\CLIP@chris.synan
[2011/10/14 00:10:24 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\en-CA@dictionaries.addons.mozilla.org
[2011/08/11 09:45:42 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\firebug@software.joehewitt.com
[2009/11/02 12:11:32 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian(35).com
[2009/11/02 12:11:29 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian(88).com
[2010/09/03 12:42:47 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\gmailthis@lazyrussian.com
[2011/11/13 18:16:55 | 000,000,000 | ---D | M] (Hypem.com: The Hype Machine Track Downloader) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\hypem@downloader.com
[2011/03/28 08:59:10 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\LogMeInClient@logmein.com
[2011/06/16 20:15:46 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\TechnicianConsole@logmeinrescue.com
[2011/10/01 14:21:52 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\yobjue9n.JCP\extensions\youtube2mp3@mondayx.de
[2009/03/20 23:18:14 | 000,000,853 | ---- | M] () -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\searchplugins\delicious-tag.xml
[2008/06/19 15:00:00 | 000,001,108 | ---- | M] () -- C:\Users\JCP\AppData\Roaming\Mozilla\Firefox\Profiles\d4brfg0l.default\searchplugins\wikipedia-en.xml
[2012/01/15 10:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/23 12:46:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{22AA42EA-508C-4B90-9BDA-836A848B6492}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{C3A8BC35-ADF4-46C9-B81E-69BF809BF681}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{FCE36C1E-58D8-498A-B2A5-66AD1CEDEBBB}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\{FFFE0EAC-3819-4561-8AA9-178A68450D4F}
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\EN-CA@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\LOGMEINCLIENT@LOGMEIN.COM
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\TECHNICIANCONSOLE@LOGMEINRESCUE.COM
File not found (No name found) -- C:\USERS\JCP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDGSLU8L.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE
[2009/07/17 00:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-4208267705-815321249-1981094610-1000..\Run: [RockMelt Update] C:\Users\JCP\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JCP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JCP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4208267705-815321249-1981094610-1000\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB444EB-F81B-4F35-8579-18C2975F41EB}: NameServer = 10.97.72.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA9B515-890D-4F69-9A27-66DB8F109C85}: DhcpNameServer = 64.71.255.198 207.181.101.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AB4E4CD-F55D-433A-9BE0-10904D6441CD}: DhcpNameServer = 192.168.1.1 75.153.176.9 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC87EDB3-054B-41B0-B59D-3C2597542738}: DhcpNameServer = 64.71.255.198 207.181.101.5
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{74a63660-2dfa-11df-86c7-001b24e70f07}\Shell - "" = AutoRun
O33 - MountPoints2\{74a63660-2dfa-11df-86c7-001b24e70f07}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b210738e-1def-11df-b6f0-001e3770a8bf}\Shell - "" = AutoRun
O33 - MountPoints2\{b210738e-1def-11df-b6f0-001e3770a8bf}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{b36f8db7-f04a-11de-b250-001e3770a8bf}\Shell - "" = AutoRun
O33 - MountPoints2\{b36f8db7-f04a-11de-b250-001e3770a8bf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 12:28:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
[2012/02/04 12:19:48 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\JCP\Desktop\aswMBR (1).exe
[2012/02/04 12:16:08 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JCP\Desktop\tdsskill.exe
[2012/02/02 10:40:31 | 000,100,864 | ---- | C] (GMER) -- C:\uwldypow.sys
[2012/02/02 10:35:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JCP\Desktop\dds.scr
[2012/02/01 00:38:32 | 000,000,000 | ---D | C] -- C:\Users\JCP\Desktop\bootkit_remover
[2012/01/30 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\JCP\AppData\Roaming\Malwarebytes
[2012/01/30 21:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 21:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/30 21:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/30 21:05:44 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\JCP\Desktop\aswMBR.exe
[2012/01/30 21:05:31 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JCP\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/20 09:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/20 09:43:35 | 000,000,000 | ---D | C] -- C:\Users\JCP\AppData\Roaming\AVG2012
[2012/01/20 09:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/01/20 00:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/19 15:39:16 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/19 15:39:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/15 21:30:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/15 21:30:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/15 21:30:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/15 21:30:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/15 21:30:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/15 21:29:57 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/15 21:23:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/01/15 21:23:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/15 21:23:02 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/01/15 21:23:01 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/15 21:23:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/15 21:23:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/01/15 21:22:59 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/01/15 21:20:03 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/01/15 21:20:03 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/02/04 12:37:09 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
[2012/02/04 12:32:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/04 12:31:41 | 000,017,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 12:31:41 | 000,017,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 12:31:12 | 000,664,780 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 12:31:12 | 000,129,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 12:28:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JCP\Desktop\OTL.exe
[2012/02/04 12:24:10 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 12:23:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 12:23:34 | 1609,797,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 12:19:49 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\JCP\Desktop\aswMBR (1).exe
[2012/02/04 12:16:26 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JCP\Desktop\tdsskill.exe
[2012/02/04 12:07:35 | 088,161,480 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/04 12:07:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000UA.job
[2012/02/04 12:02:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/02/04 12:02:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/02/04 12:02:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/02/04 12:00:29 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
[2012/02/04 12:00:28 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/02/04 12:00:27 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/04 12:00:27 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/04 12:00:27 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/04 12:00:27 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/04 12:00:27 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/04 12:00:27 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/04 12:00:27 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/02/04 12:00:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4208267705-815321249-1981094610-1000Core.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/02/04 12:00:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/02/04 12:00:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/02 10:40:31 | 000,100,864 | ---- | M] (GMER) -- C:\uwldypow.sys
[2012/02/02 10:39:44 | 000,302,592 | ---- | M] () -- C:\Users\JCP\Desktop\q39yht1d.exe
[2012/02/02 10:35:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JCP\Desktop\dds.scr
[2012/02/02 10:29:35 | 000,050,477 | ---- | M] () -- C:\Users\JCP\Desktop\Defogger.exe
[2012/02/02 10:29:04 | 000,205,518 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/02 10:26:09 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/02/02 10:26:09 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/02/02 10:26:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/02/02 10:26:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/02/01 08:28:15 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/02/01 08:28:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/02/01 08:28:14 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/02/01 08:28:14 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/02/01 00:30:13 | 000,303,059 | ---- | M] () -- C:\Users\JCP\Desktop\ListParts.exe
[2012/02/01 00:25:11 | 000,044,607 | ---- | M] () -- C:\Users\JCP\Desktop\bootkit_remover.zip
[2012/01/30 21:24:37 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 21:07:10 | 000,869,194 | ---- | M] () -- C:\Users\JCP\Desktop\SecurityCheck (1).exe
[2012/01/30 21:06:06 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\JCP\Desktop\aswMBR.exe
[2012/01/30 21:05:37 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JCP\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/30 21:04:47 | 000,869,194 | ---- | M] () -- C:\Users\JCP\Desktop\SecurityCheck.exe
[2012/01/26 09:09:03 | 000,000,112 | ---- | M] () -- C:\ProgramData\6S578V.dat
[2012/01/23 20:37:12 | 209,824,740 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/20 11:34:39 | 000,000,000 | ---- | M] () -- C:\Users\JCP\defogger_reenable
[2012/01/20 09:44:21 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/15 21:44:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/15 21:39:35 | 002,252,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/14 22:33:24 | 000,057,569 | ---- | M] () -- C:\Users\JCP\Desktop\pass thrus 2.5 doc.rtf
[2012/01/09 22:27:08 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/01/09 22:27:07 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/01/09 22:27:07 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll

========== Files Created - No Company Name ==========

[2012/02/02 10:39:42 | 000,302,592 | ---- | C] () -- C:\Users\JCP\Desktop\q39yht1d.exe
[2012/02/02 10:29:34 | 000,050,477 | ---- | C] () -- C:\Users\JCP\Desktop\Defogger.exe
[2012/02/01 00:30:12 | 000,303,059 | ---- | C] () -- C:\Users\JCP\Desktop\ListParts.exe
[2012/02/01 00:25:11 | 000,044,607 | ---- | C] () -- C:\Users\JCP\Desktop\bootkit_remover.zip
[2012/01/30 21:24:37 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 21:07:10 | 000,869,194 | ---- | C] () -- C:\Users\JCP\Desktop\SecurityCheck (1).exe
[2012/01/30 21:04:46 | 000,869,194 | ---- | C] () -- C:\Users\JCP\Desktop\SecurityCheck.exe
[2012/01/26 03:03:06 | 000,000,112 | ---- | C] () -- C:\ProgramData\6S578V.dat
[2012/01/26 03:03:05 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At48.job
[2012/01/26 03:03:04 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At47.job
[2012/01/26 03:03:03 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At46.job
[2012/01/26 03:03:02 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At45.job
[2012/01/26 03:03:01 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At44.job
[2012/01/26 03:03:01 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At43.job
[2012/01/26 03:03:00 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At42.job
[2012/01/26 03:02:59 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At40.job
[2012/01/26 03:02:59 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At41.job
[2012/01/26 03:02:58 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At39.job
[2012/01/26 03:02:57 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At38.job
[2012/01/26 03:02:56 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At36.job
[2012/01/26 03:02:56 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At37.job
[2012/01/26 03:02:55 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At35.job
[2012/01/26 03:02:54 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At34.job
[2012/01/26 03:02:54 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At33.job
[2012/01/26 03:02:53 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At32.job
[2012/01/26 03:02:53 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At31.job
[2012/01/26 03:02:52 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At30.job
[2012/01/26 03:02:51 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At28.job
[2012/01/26 03:02:51 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At29.job
[2012/01/26 03:02:50 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At27.job
[2012/01/26 03:02:49 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At26.job
[2012/01/26 03:02:49 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At25.job
[2012/01/26 03:02:48 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At24.job
[2012/01/26 03:02:47 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At23.job
[2012/01/26 03:02:46 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At22.job
[2012/01/26 03:02:46 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At21.job
[2012/01/26 03:02:45 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At20.job
[2012/01/26 03:02:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At19.job
[2012/01/26 03:02:43 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At18.job
[2012/01/26 03:02:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At17.job
[2012/01/26 03:02:42 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At16.job
[2012/01/26 03:02:41 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At15.job
[2012/01/26 03:02:40 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At14.job
[2012/01/26 03:02:40 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At13.job
[2012/01/26 03:02:39 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At12.job
[2012/01/26 03:02:38 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/01/26 03:02:38 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At11.job
[2012/01/26 03:02:37 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/01/26 03:02:36 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/01/26 03:02:35 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/01/26 03:02:35 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/01/26 03:02:34 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/01/26 03:02:33 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/01/26 03:02:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/01/26 03:02:32 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/01/26 03:02:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/01/20 11:34:39 | 000,000,000 | ---- | C] () -- C:\Users\JCP\defogger_reenable
[2012/01/20 09:44:21 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/14 22:33:23 | 000,057,569 | ---- | C] () -- C:\Users\JCP\Desktop\pass thrus 2.5 doc.rtf
[2011/05/29 11:58:58 | 000,000,000 | ---- | C] () -- C:\Users\JCP\AppData\Local\{33F0A466-CC6F-431B-B10A-7CEAF8815BF0}
[2010/10/19 11:31:43 | 000,031,802 | ---- | C] () -- C:\Users\JCP\AppData\Roaming\UserTile.png
[2010/09/23 22:48:30 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/08/11 13:31:20 | 000,008,704 | ---- | C] () -- C:\Users\JCP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 22:31:10 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/17 22:31:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/08 14:51:10 | 000,322,720 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/12/25 13:51:05 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/12/19 22:32:27 | 000,000,056 | ---- | C] () -- C:\Users\JCP\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2009/12/07 15:58:14 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009/12/07 15:53:18 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/12/07 11:48:44 | 000,510,976 | ---- | C] () -- C:\Windows\System32\synsoacc.dll
[2009/11/09 17:08:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/03 09:42:56 | 000,172,032 | ---- | C] () -- C:\Windows\System32\secsnmp.dll
[2009/11/03 09:42:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssh1ml3.dll
[2009/11/02 23:10:00 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 002,252,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,664,780 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,129,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/01/13 11:28:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1998/10/10 23:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

< End of report >


EXTRAS.TXT

OTL Extras logfile created on: 04/02/2012 12:29:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\JCP\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 38.93% Memory free
4.00 Gb Paging File | 2.57 Gb Available in Paging File | 64.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 124.86 Gb Free Space | 26.81% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 465.65 Gb Total Space | 249.73 Gb Free Space | 53.63% Space Free | Partition Type: NTFS

Computer Name: JCP-PC | User Name: JCP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4208267705-815321249-1981094610-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{07A0541F-4A40-4F0A-8E98-4D3CEC08FE2B}" = Rapidshare Auto Downloader 3.8
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DF1F8BD-1630-42F7-B37C-2BEAAA2EC01C}" = London Drugs Photobooks
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 24
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2ED284FB-7AF2-42CF-8445-78F5D2473F5A}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8900 smartphone
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EF5F1C4-DA0C-406C-A0DE-70A5216B773C}" = Cisco Systems VPN Client 5.0.05.0280
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64522D5F-4743-4939-8E22-B1878FB68772}" = M-Audio FireWire Driver 6.0.1 (x86)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6CA2C4D7-4680-4164-95CA-BC79DBF93959}" = Scratch Live 2.0.0 (20049)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.991
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9576C428-7258-4B59-961C-439925E6AF8F}" = Cisco Network Magic
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AF346D59-7F5B-4CA2-9302-7F4AC3C09C10}" = MacDrive 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}" = MOTU FireWire/USB2 Audio
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Antares Microphone Modeler - ZONE" = Antares Microphone Modeler - ZONE
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVG" = AVG 2012
"BitComet" = BitComet 1.16
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"emlBridge_is1" = emlBridge 3.6
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio Editor" = Free Audio Editor
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.91
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.0" = Freecorder 4.0 Application
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.37
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mastering Edition" = Steinberg Mastering Edition v1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mixxx" = Mixxx 1.7.2
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Mp3tag" = Mp3tag v2.46
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"Pidgin" = Pidgin
"Pidgin-Musictracker" = Pidgin-Musictracker plugin (remove only)
"Postbox (2.1.4)" = Postbox (2.1.4)
"PSP 84 v1.0" = PSP 84 v1.0
"Reason4_is1" = Reason 4.0
"Recuva" = Recuva
"Steinberg Cubase SX 2" = Steinberg Cubase SX 2
"Steinberg Cubase SX v2.2.0.35" = Steinberg Cubase SX v2.2.0.35
"Switch" = Switch Sound File Converter
"SyncBackSE_is1" = SyncBackSE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeraCopy_is1" = TeraCopy 2.01
"TrueCrypt" = TrueCrypt
"URS Everything EQ Bundle v4.0" = URS Everything EQ Bundle v4.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"VST" = VST Compressor
"Wave Arts MasterVerb DX v2.01" = Wave Arts MasterVerb DX v2.01
"Waves API Collection" = Waves API Collection
"Waves Native Gold Bundle v3.01" = Waves Native Gold Bundle v3.01
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4208267705-815321249-1981094610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c10949c2968a970a" = IMS4 - 1
"c10aae089688e173" = IMS4
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457
"RockMelt" = RockMelt

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/01/2012 02:17:24 | Computer Name = JCP-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4363 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1390 Start
Time: 01ccdfdfd79e0420 Termination Time: 16 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id:

Error - 01/02/2012 04:24:27 | Computer Name = JCP-PC | Source = Google Update | ID = 20
Description =

Error - 01/02/2012 04:37:16 | Computer Name = JCP-PC | Source = Google Update | ID = 20
Description =

Error - 01/02/2012 12:28:15 | Computer Name = JCP-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 01/02/2012 12:28:15 | Computer Name = JCP-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 02/02/2012 14:26:11 | Computer Name = JCP-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 02/02/2012 14:26:11 | Computer Name = JCP-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 04/02/2012 16:14:47 | Computer Name = JCP-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x35686400 Faulting process id: 0x16cc Faulting application
start time: 0x01cce37960857a10 Faulting application path: C:\Windows\System32\ping.exe
Faulting
module path: unknown Report Id: e1f50110-4f6c-11e1-b00a-001e3770a8bf

Error - 04/02/2012 16:17:57 | Computer Name = JCP-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e2111c0 Exception code: 0xe06d7363 Fault offset: 0x0000d36f Faulting
process id: 0x958 Faulting application start time: 0x01cce379ce746bd0 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 534cd7c0-4f6d-11e1-b00a-001e3770a8bf

Error - 04/02/2012 16:36:48 | Computer Name = JCP-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x35680000 Faulting process id: 0x1040 Faulting application
start time: 0x01cce37c4d0d7070 Faulting application path: C:\Windows\System32\ping.exe
Faulting
module path: unknown Report Id: f58a1910-4f6f-11e1-a29a-001e3770a8bf

[ Media Center Events ]
Error - 07/12/2009 01:48:55 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 9:48:55 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 07/12/2009 01:48:56 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 9:48:56 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 07/12/2009 01:48:56 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 9:48:56 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 07/12/2009 01:48:57 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 9:48:57 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 07/12/2009 01:48:57 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 9:48:57 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 07/12/2009 02:53:43 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 10:53:42 PM - Error connecting to the internet. 10:53:42 PM - Unable
to contact server..

Error - 13/12/2009 00:38:52 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 8:38:52 PM - Error connecting to the internet. 8:38:52 PM - Unable
to contact server..

Error - 13/12/2009 01:38:57 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 9:38:57 PM - Error connecting to the internet. 9:38:57 PM - Unable
to contact server..

Error - 13/12/2009 02:39:02 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 10:39:02 PM - Error connecting to the internet. 10:39:02 PM - Unable
to contact server..

Error - 13/12/2009 03:39:07 | Computer Name = JCP-PC | Source = MCUpdate | ID = 0
Description = 11:39:07 PM - Error connecting to the internet. 11:39:07 PM - Unable
to contact server..

[ OSession Events ]
Error - 27/05/2010 15:06:54 | Computer Name = JCP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/02/2011 17:31:39 | Computer Name = JCP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/02/2012 16:23:50 | Computer Name = JCP-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 04/02/2012 16:23:50 | Computer Name = JCP-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 04/02/2012 16:23:52 | Computer Name = JCP-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 04/02/2012 16:23:53 | Computer Name = JCP-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 04/02/2012 16:23:53 | Computer Name = JCP-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 04/02/2012 16:23:55 | Computer Name = JCP-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 04/02/2012 16:23:57 | Computer Name = JCP-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 04/02/2012 16:23:57 | Computer Name = JCP-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 04/02/2012 16:23:58 | Computer Name = JCP-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 04/02/2012 16:25:29 | Computer Name = JCP-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:25 AM

Posted 05 February 2012 - 07:30 AM

Hi Jess!

Oh noes, sorry to hear that you weren't able to run TDSSKiller or aswMBR. It seems the infection you have is playing hardball and is not letting some of our tools run.

I'd like to have you try and run this OTL fix and see if you can run it successfully for me.

Do you have access to a flash drive that we could utilize?

OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    :OTL
    [2012/01/26 09:09:03 | 000,000,112 | ---- | M] () -- C:\ProgramData\6S578V.dat
    :Reg
    
    :Files
    C:\Windows\tasks\At*.job
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 solomonte

solomonte
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 05 February 2012 - 05:18 PM

Hi Sweetteach,

Alright, the new OTL report is below for your perusal.

I can get a USB drive if that would help.

Thanks,

Jess


========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\ProgramData\6S578V.dat moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\JCP\Desktop\cmd.bat deleted successfully.
C:\Users\JCP\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\JCP\Desktop\cmd.bat deleted successfully.
C:\Users\JCP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: JCP
->Flash cache emptied: 328907 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: JCP
->Java cache emptied: 4662 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02052012_141301

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:25 AM

Posted 06 February 2012 - 03:09 AM

Hi Jess!

Yes, it'd be much easier for us if you had access to a flash drive that we could utilize.

If you can get your hands on one, please do the following:

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 solomonte

solomonte
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 07 February 2012 - 01:13 AM

Hi Sweet Tech,

I followed the exact instructions, however its not booting from the USB stick .

On my laptop (HP dv5000) its actually F9 (not F12) to change boot order - there's no option to set it to boot from USB otherwise.

When I do so, it shows the following text:

SYSLINUX 3.72 2008-09-25 EBIOS Copyright 1994-2008 H Peter Anvin
Could not find kernel image: linux
boot:

I attempted the whole process again to no avail. I noticed in your instructions you mention to download http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop (of the clean PC) which I did, but there's no mention of installing it on anything - could this be the issue?

Thanks,

Jess

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:25 AM

Posted 07 February 2012 - 03:51 AM

Hi Jess!

Yes, my instructions really need to be updated to be a little clearer about what to do with the .iso file you downloaded.

When you're running the xPUD USB Installer you will need to browse to where the xpud-0.9.2.iso is saved and select that for the source of the disk image.

Please try that and see if you have better luck booting into xPUD bootable USB.

Kindest Regards,
ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 solomonte

solomonte
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 08 February 2012 - 12:29 AM

Hi Sweet Tech,

Alright, it booted into xpud linux fine once the .iso was loaded onto the USB stick.

Followed instructions but it did not find or copy a MBRbackup.zip file on the USB though.

I ran the command on all sda folders just to verify but no different on the others.

It did create a file called xpud-data.gz which is attached to this post.

Thanks,

Jess

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:25 AM

Posted 08 February 2012 - 03:51 AM

Hi Jess,

Did you open up a terminal window and type in the following:

dd if=/dev/sda of=MBRbackup.zip bs=512 count=1

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 solomonte

solomonte
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 08 February 2012 - 12:27 PM

Hi Sweet Tech,

Indeed, followed all instructions exactly. Tried the script in the Terminal window, etc as directed but no file was generated.

Thanks,

Jess

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:25 AM

Posted 09 February 2012 - 09:03 AM

Hi!

Try this please.

  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer with the USB
  • The computer must be set to boot from the USB
  • Gently tap F12 and choose to boot from the UB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 solomonte

solomonte
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 09 February 2012 - 03:47 PM

Hi Sweet Tech,

Alright. Please find MBR.zip attached for your perusal.

Thanks for your patience on this repair!

Thanks,

Jess

Attached Files

  • Attached File  mbr.zip   2.25KB   6 downloads


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:25 AM

Posted 10 February 2012 - 02:15 AM

Hi Jess!

Thanks for getting me that copy of your MBR. It definitely showed me what I needed to see.

The infection has modified your partitions. We will attempt to rectify that. As a first step I would like you to check that the command we are using is recognizing your hard drive correctly.

Please boot from the flash drive once more. Go to File then mnt and select the flash drive (most likely sdb1). Then press Tool and select the command line again. Type in: parted -l > logfile.txt and let me know if it shows any warnings.

Please also post the contents of the logfile.txt in your next reply.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 solomonte

solomonte
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 10 February 2012 - 03:18 AM

Hi Sweet Tech,

Alright, did that and the command, etc.

Slight pause and then just does another line of the standard sh-4.0# prompt

No error messages but the logfile (renamed logfile2.txt) is attached as requested.

Thanks,

Jess

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users