Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

files are disapearing


  • This topic is locked This topic is locked
21 replies to this topic

#1 huskerbones

huskerbones

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 04 February 2012 - 10:56 AM

i had a virus in oct and thought it was gone then all my files were gone. did system restore and got everything back but fear not is all well.1st ran fogger then ran dds and got [open event] failed to perform the desired action. error code 2. then ran gamer GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-04 07:43:43
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Matt\AppData\Local\Temp\pxldqpow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247eaa5017
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247eaa5017@0025e50d163b 0xE9 0x44 0x96 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247eaa5017 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247eaa5017@0025e50d163b 0xE9 0x44 0x96 0x30 ...

---- EOF - GMER 1.0.15 ----
any help will be greatly appreciated.matt

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 06 February 2012 - 07:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 huskerbones

huskerbones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 11 February 2012 - 06:52 PM

hello and thanks for the help. I have win 7 32bit. I did a system restore and got all my files back. before i was missing all files and programs. I have ran the old timer and here are the results.


OTL logfile created on: 2/11/2012 5:36:12 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = H:\
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 44.83% Memory free
6.48 Gb Paging File | 4.74 Gb Available in Paging File | 73.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 388.53 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.47 Gb Total Space | 1.46 Gb Free Space | 19.55% Space Free | Partition Type: FAT32

Computer Name: CI7860 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 16:17:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/27 02:51:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/01/13 15:43:08 | 000,203,088 | ---- | M] (Palo Alto Software) -- C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.exe
PRC - [2009/11/24 15:45:44 | 000,756,224 | ---- | M] (HandBrake) -- C:\Program Files\Handbrake\Handbrake.exe
PRC - [2009/09/03 18:20:02 | 000,014,336 | ---- | M] (Mikinho) -- C:\Program Files\Yammm\YammmSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 02:27:03 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\168c6417c92bdddd10809791ed32be3e\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/14 02:21:40 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\9be84470118f84e965ff0f142701efc6\System.Deployment.ni.dll
MOD - [2011/10/14 02:21:39 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:21:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2011/10/14 02:21:34 | 010,578,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\ac940fe40ea55217f5798c4db009cb0c\System.Design.ni.dll
MOD - [2011/10/14 02:21:30 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011/10/14 02:21:27 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/14 02:21:24 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll
MOD - [2011/10/14 02:21:20 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/14 02:21:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 02:21:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 02:21:11 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 02:21:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/12 11:22:05 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/13 15:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/01/13 15:43:44 | 000,016,728 | ---- | M] () -- C:\Program Files\Business Plan Pro\bppenu11\Pas.Core.Feature.dll
MOD - [2010/01/13 15:43:42 | 000,028,512 | ---- | M] () -- C:\Program Files\Business Plan Pro\bppenu11\Pas.Import.Peachtree.dll
MOD - [2010/01/13 15:43:20 | 000,030,040 | ---- | M] () -- C:\Program Files\Business Plan Pro\bppenu11\Pas.ErrorReporter.dll
MOD - [2010/01/13 15:42:12 | 000,017,768 | ---- | M] () -- C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.Resources.dll
MOD - [2010/01/13 15:42:08 | 000,034,656 | ---- | M] () -- C:\Program Files\Business Plan Pro\bppenu11\Office2007Renderer.dll
MOD - [2009/09/28 11:04:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Handbrake\AxInterop.QTOControlLib.dll
MOD - [2009/06/10 15:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/09 02:00:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/03 18:20:02 | 000,014,336 | ---- | M] (Mikinho) [Auto | Running] -- C:\Program Files\Yammm\YammmSvc.exe -- (YammmSvc)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/02/04 17:55:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/03 14:56:37 | 000,100,864 | ---- | M] (GMER) [Kernel | On_Demand | Running] -- C:\Users\Matt\AppData\Local\temp\pxldqpow.sys -- (pxldqpow)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/10/27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/10/27 02:14:04 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/21 21:04:24 | 000,202,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E8 3A 78 0F 5B 38 57 48 BD ED 34 82 E7 FC 79 35 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E8 3A 78 0F 5B 38 57 48 BD ED 34 82 E7 FC 79 35 [binary data]

IE - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 8A 6F 2E 2C 22 CB 01 [binary data]
IE - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E8 3A 78 0F 5B 38 57 48 BD ED 34 82 E7 FC 79 35 [binary data]
IE - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/21 14:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 14:01:43 | 000,000,000 | ---D | M]

[2010/07/13 17:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2011/10/19 18:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\bsxh8kxz.default\extensions
[2012/01/21 14:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/21 13:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/21 14:01:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/21 14:01:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/21 14:01:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/20 18:28:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1816559905-562976308-2814665098-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E115821-3646-4290-94E3-3B722609B5E6}: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 06:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 11:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Click DVD Copy Pro
[2012/02/06 11:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\LG Software Innovations
[2012/02/04 17:55:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/03 21:12:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Freemake
[2012/02/03 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012/02/03 21:10:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/02/03 21:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/02/03 21:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012/02/03 20:48:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\land
[2012/02/03 20:08:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\iron
[2012/01/21 13:44:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/01/21 13:44:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/01/21 13:44:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/23 17:03:00 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\Matt\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/02/11 17:14:05 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/11 17:14:05 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/11 17:12:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/11 00:12:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/06 11:59:19 | 000,001,302 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\1Click DVD Copy Pro.lnk
[2012/02/06 11:59:19 | 000,001,278 | ---- | M] () -- C:\Users\Matt\Desktop\1Click DVD Copy Pro.lnk
[2012/02/05 02:08:06 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 02:08:06 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 17:55:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/03 21:12:45 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012/02/03 20:51:47 | 000,001,958 | -H-- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/03 14:42:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/03 14:42:34 | 2609,504,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/31 06:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/21 12:46:16 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 12:38:02 | 000,005,267 | ---- | M] () -- C:\Users\Matt\nah_log.dat
[2012/01/21 12:35:29 | 000,010,790 | -HS- | M] () -- C:\Users\Matt\AppData\Local\g52l7kx015e2sl81340pwhj21wpy026ba8t6
[2012/01/21 12:35:29 | 000,010,790 | -HS- | M] () -- C:\ProgramData\g52l7kx015e2sl81340pwhj21wpy026ba8t6

========== Files Created - No Company Name ==========

[2012/02/06 11:59:19 | 000,001,302 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\1Click DVD Copy Pro.lnk
[2012/02/06 11:59:19 | 000,001,278 | ---- | C] () -- C:\Users\Matt\Desktop\1Click DVD Copy Pro.lnk
[2012/02/03 21:10:28 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012/01/21 14:01:45 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/21 12:46:16 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 12:37:41 | 000,005,267 | ---- | C] () -- C:\Users\Matt\nah_log.dat
[2011/12/19 20:23:09 | 000,010,790 | -HS- | C] () -- C:\Users\Matt\AppData\Local\g52l7kx015e2sl81340pwhj21wpy026ba8t6
[2011/12/19 20:23:09 | 000,010,790 | -HS- | C] () -- C:\ProgramData\g52l7kx015e2sl81340pwhj21wpy026ba8t6
[2011/12/14 14:21:03 | 000,011,218 | -HS- | C] () -- C:\Users\Matt\AppData\Local\2jx3g74boy8c58nmukd8560gu512oxd24e3i
[2011/12/14 13:07:07 | 000,011,226 | -HS- | C] () -- C:\ProgramData\964865069
[2011/12/14 09:36:52 | 000,011,142 | -HS- | C] () -- C:\ProgramData\2jx3g74boy8c58nmukd8560gu512oxd24e3i
[2011/12/13 02:07:12 | 000,010,614 | -HS- | C] () -- C:\ProgramData\1024646331
[2011/12/13 01:27:18 | 000,010,622 | -HS- | C] () -- C:\ProgramData\855476t4l626j788g862c8koh0h1
[2011/12/13 01:27:18 | 000,010,606 | -HS- | C] () -- C:\Users\Matt\AppData\Local\855476t4l626j788g862c8koh0h1
[2011/11/07 18:51:46 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~8x8LV9dQmjALMJ
[2011/11/07 18:51:46 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~8x8LV9dQmjALMJr
[2011/11/07 18:51:43 | 000,000,336 | -H-- | C] () -- C:\ProgramData\8x8LV9dQmjALMJ
[2011/10/27 19:46:14 | 000,187,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/19 17:41:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/19 17:41:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/19 17:41:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/19 17:41:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/19 17:41:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/04 09:02:12 | 000,001,124 | -HS- | C] () -- C:\ProgramData\ny0fpfxb7414gt07l6y88hvqdn2om811f17535j188og
[2010/12/21 19:42:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/09/22 18:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/12/23 17:03:00 | 000,007,887 | -H-- | C] () -- C:\Users\Matt\AppData\Roaming\pcouffin.cat
[2009/12/23 17:03:00 | 000,001,144 | -H-- | C] () -- C:\Users\Matt\AppData\Roaming\pcouffin.inf
[2009/12/22 21:09:00 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/09 22:02:50 | 000,007,601 | ---- | C] () -- C:\Users\Matt\AppData\Local\resmon.resmoncfg
[2009/12/09 20:28:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/12/06 20:23:48 | 000,005,632 | -H-- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 06:06:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,411,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,628,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,108,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | -H-- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | -H-- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >

#4 huskerbones

huskerbones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 11 February 2012 - 06:53 PM

oh and yes i have my win cd

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 13 February 2012 - 04:56 PM

Hi,

this is not looking to bad. Are you seeing any more symptoms?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    [2011/12/19 20:23:09 | 000,010,790 | -HS- | C] () -- C:\Users\Matt\AppData\Local\g52l7kx015e2sl81340pwhj21wpy026ba8t6
    [2011/12/19 20:23:09 | 000,010,790 | -HS- | C] () -- C:\ProgramData\g52l7kx015e2sl81340pwhj21wpy026ba8t6
    [2011/12/14 14:21:03 | 000,011,218 | -HS- | C] () -- C:\Users\Matt\AppData\Local\2jx3g74boy8c58nmukd8560gu512oxd24e3i
    [2011/12/14 13:07:07 | 000,011,226 | -HS- | C] () -- C:\ProgramData\964865069
    [2011/12/14 09:36:52 | 000,011,142 | -HS- | C] () -- C:\ProgramData\2jx3g74boy8c58nmukd8560gu512oxd24e3i
    [2011/12/13 02:07:12 | 000,010,614 | -HS- | C] () -- C:\ProgramData\1024646331
    [2011/12/13 01:27:18 | 000,010,622 | -HS- | C] () -- C:\ProgramData\855476t4l626j788g862c8koh0h1
    [2011/12/13 01:27:18 | 000,010,606 | -HS- | C] () -- C:\Users\Matt\AppData\Local\855476t4l626j788g862c8koh0h1
    [2011/11/07 18:51:46 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~8x8LV9dQmjALMJ
    [2011/11/07 18:51:46 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~8x8LV9dQmjALMJr
    [2011/11/07 18:51:43 | 000,000,336 | -H-- | C] () -- C:\ProgramData\8x8LV9dQmjALMJ
    [2011/09/04 09:02:12 | 000,001,124 | -HS- | C] () -- C:\ProgramData\ny0fpfxb7414gt07l6y88hvqdn2om811f17535j188og
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please also run a scan with aswMBR:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 huskerbones

huskerbones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 13 February 2012 - 09:16 PM

the computer seems to be doing fine but im using it as little as possible {just running these tests}. i have 3 logs for you.

========== OTL ==========
C:\Users\Matt\AppData\Local\g52l7kx015e2sl81340pwhj21wpy026ba8t6 moved successfully.
C:\ProgramData\g52l7kx015e2sl81340pwhj21wpy026ba8t6 moved successfully.
C:\Users\Matt\AppData\Local\2jx3g74boy8c58nmukd8560gu512oxd24e3i moved successfully.
C:\ProgramData\964865069 moved successfully.
C:\ProgramData\2jx3g74boy8c58nmukd8560gu512oxd24e3i moved successfully.
C:\ProgramData\1024646331 moved successfully.
C:\ProgramData\855476t4l626j788g862c8koh0h1 moved successfully.
C:\Users\Matt\AppData\Local\855476t4l626j788g862c8koh0h1 moved successfully.
C:\ProgramData\~8x8LV9dQmjALMJ moved successfully.
C:\ProgramData\~8x8LV9dQmjALMJr moved successfully.
C:\ProgramData\8x8LV9dQmjALMJ moved successfully.
C:\ProgramData\ny0fpfxb7414gt07l6y88hvqdn2om811f17535j188og moved successfully.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.29.1 log created on 02132012_195500





///////////////////////////////////////////////////////////////////////////////////////////////////////////////


OTL logfile created on: 2/13/2012 8:00:03 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Matt\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.66% Memory free
6.48 Gb Paging File | 5.61 Gb Available in Paging File | 86.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 388.19 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.47 Gb Total Space | 1.46 Gb Free Space | 19.48% Space Free | Partition Type: FAT32

Computer Name: CI7860 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Yammm\YammmSvc.exe (Mikinho)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (YammmSvc) -- C:\Program Files\Yammm\YammmSvc.exe (Mikinho)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl7b88f596) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BBB346A-1888-434A-A77D-EC5F3CD1BF08}\MpKsl7b88f596.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (e1kexpress) Intel® -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 8A 6F 2E 2C 22 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E8 3A 78 0F 5B 38 57 48 BD ED 34 82 E7 FC 79 35 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/21 14:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 14:01:43 | 000,000,000 | ---D | M]

[2010/07/13 17:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2010/07/13 17:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/10/19 18:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\bsxh8kxz.default\extensions
[2012/01/21 14:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/21 14:01:43 | 000,000,000 | -H-D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/21 13:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/21 14:01:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/01/10 12:27:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/01/10 12:27:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/01/10 12:27:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/01/10 12:27:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/01/10 12:27:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/01/10 12:27:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/01/10 12:27:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/01/21 14:01:40 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/09/25 15:26:36 | 000,002,193 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2012/01/21 14:01:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/25 15:26:36 | 000,001,534 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2012/01/21 14:01:40 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/01/21 14:01:40 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/01/21 14:01:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/01/21 14:01:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/01/21 14:01:40 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/10/20 18:28:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E115821-3646-4290-94E3-3B722609B5E6}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 06:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 19:55:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/06 11:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Click DVD Copy Pro
[2012/02/06 11:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\LG Software Innovations
[2012/02/04 17:55:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/03 21:12:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Freemake
[2012/02/03 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012/02/03 21:10:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/02/03 21:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/02/03 21:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012/02/03 20:48:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\land
[2012/02/03 20:08:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\iron
[2012/01/21 13:44:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/01/21 13:44:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/01/21 13:44:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/23 17:03:00 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\Matt\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/02/13 19:58:21 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 19:58:21 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 19:55:20 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/13 19:55:20 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/13 19:53:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 19:50:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/13 19:50:47 | 2609,504,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/11 21:12:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 11:59:19 | 000,001,302 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\1Click DVD Copy Pro.lnk
[2012/02/06 11:59:19 | 000,001,278 | ---- | M] () -- C:\Users\Matt\Desktop\1Click DVD Copy Pro.lnk
[2012/02/04 17:55:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/03 21:12:45 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012/02/03 20:51:47 | 000,001,958 | -H-- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/31 06:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/21 12:46:16 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 12:38:02 | 000,005,267 | ---- | M] () -- C:\Users\Matt\nah_log.dat

========== Files Created - No Company Name ==========

[2012/02/06 11:59:19 | 000,001,302 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\1Click DVD Copy Pro.lnk
[2012/02/06 11:59:19 | 000,001,278 | ---- | C] () -- C:\Users\Matt\Desktop\1Click DVD Copy Pro.lnk
[2012/02/03 21:10:28 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012/01/21 14:01:45 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/21 12:46:16 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 12:37:41 | 000,005,267 | ---- | C] () -- C:\Users\Matt\nah_log.dat
[2011/10/27 19:46:14 | 000,187,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/19 17:41:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/19 17:41:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/19 17:41:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/19 17:41:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/19 17:41:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/21 19:42:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/09/22 18:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/12/23 17:03:00 | 000,007,887 | -H-- | C] () -- C:\Users\Matt\AppData\Roaming\pcouffin.cat
[2009/12/23 17:03:00 | 000,001,144 | -H-- | C] () -- C:\Users\Matt\AppData\Roaming\pcouffin.inf
[2009/12/22 21:09:00 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/09 22:02:50 | 000,007,601 | ---- | C] () -- C:\Users\Matt\AppData\Local\resmon.resmoncfg
[2009/12/09 20:28:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/12/06 20:23:48 | 000,005,632 | -H-- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 06:06:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,411,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,628,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,108,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
///////////////////////////////////////////////////////////////////////////////////////////////////////////////




aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 20:03:42
-----------------------------
20:03:42.902 OS Version: Windows 6.1.7600
20:03:42.902 Number of processors: 8 586 0x1E05
20:03:42.902 ComputerName: CI7860 UserName: Matt
20:03:46.713 Initialize success
20:04:00.605 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:04:00.615 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
20:04:00.615 Disk 0 MBR read successfully
20:04:00.615 Disk 0 MBR scan
20:04:00.615 Disk 0 Windows 7 default MBR code
20:04:00.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:04:00.635 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
20:04:00.635 Disk 0 scanning sectors +1953521664
20:04:00.685 Disk 0 scanning C:\Windows\system32\drivers
20:04:05.566 Service scanning
20:04:06.066 Service MpKsl01bc54a9 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{452BF195-F34C-4EBE-9EE8-CED4A57C59C7}\MpKsl01bc54a9.sys **LOCKED** 32
20:04:06.066 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:04:06.656 Modules scanning
20:04:17.978 Disk 0 trace - called modules:
20:04:17.998 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8687efa9]<<
20:04:17.998 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86867030]
20:04:18.008 3 CLASSPNP.SYS[8bdbb59e] -> nt!IofCallDriver -> [0x863138f8]
20:04:18.018 5 ACPI.sys[8343c3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x8633e030]
20:04:18.018 \Driver\atapi[0x8632b7b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8687efa9
20:04:18.028 Scan finished successfully
20:04:45.463 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
20:04:45.483 The log file has been saved successfully to "H:\aswMBR.txt"


seemed to have ran all scans no problem thanks , matt

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 14 February 2012 - 07:27 AM

Hi,

there's something unusual in your aswMBR logs, I would like to check this out more in depth.

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 huskerbones

huskerbones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 14 February 2012 - 10:17 AM

ok i ran the program and here are the results. thanks


Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 11-02-2012
Ran by SYSTEM at 2012-02-14 09:10:12
Running from G:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2011-12-24] (Malwarebytes Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2011-12-24] (Malwarebytes Corporation)
HKU\Family\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-01] (Google Inc.)
HKU\Family\...\Run: [138694955] C:\Users\Family\AppData\Local\Temp\tmph4538153899762298329.tmp [x]
HKU\Family\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2009-07-13] (Microsoft Corporation)
HKU\Family\...\Run: [inTHbmerhlAtlYF.exe] C:\ProgramData\inTHbmerhlAtlYF.exe [x]
HKU\Family\...\Run: [Macromedia] C:\Users\Family\AppData\Roaming\csrss.exe [x]
HKU\Family\...\Winlogon: [Shell] explorer.exe [x]
HKU\Mcx1-CI7860\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [313344 2009-07-13] (Microsoft Corporation)
HKU\Mcx2-CI7860\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [313344 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

================================ Services (Whitelisted) ==================

2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2010-10-27] (AMD)
2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [135664 2010-02-08] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [135664 2010-02-08] (Google Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [652872 2011-12-24] (Malwarebytes Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
2 YammmSvc; "C:\Program Files\Yammm\YammmSvc.exe" [14336 2009-09-03] (Mikinho)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6573568 2010-10-27] (ATI Technologies Inc.)
3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [229888 2010-10-27] (Advanced Micro Devices, Inc.)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6573568 2010-10-27] (ATI Technologies Inc.)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6232.sys [202408 2009-06-21] (Intel Corporation)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-02-04] (Malwarebytes Corporation)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
1 MpKsl01bc54a9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{452BF195-F34C-4EBE-9EE8-CED4A57C59C7}\MpKsl01bc54a9.sys [29904 2012-02-13] ()
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [65024 2011-04-27] (Microsoft Corporation)
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-12-23] (VSO Software)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
3 VClone; C:\Windows\System32\DRIVERS\VClone.sys [29696 2009-08-09] (Elaborate Bytes AG)
3 catchme; \??\C:\Users\Matt\AppData\Local\Temp\catchme.sys [x]
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-14 09:10 - 2012-02-14 09:10 - 0000000 ____D C:\FRST
2012-02-14 06:49 - 2012-02-14 06:57 - 0589408 ____A C:\Windows\ntbtlog.txt
2012-02-13 18:02 - 2012-02-13 18:02 - 0072968 ____A C:\Users\Matt\Desktop\OTL.Txt
2012-02-13 17:55 - 2012-02-13 17:55 - 0000000 ____D C:\_OTL
2012-02-06 09:59 - 2012-02-06 09:59 - 0001278 ____A C:\Users\Matt\Desktop\1Click DVD Copy Pro.lnk
2012-02-06 09:59 - 2012-02-06 09:59 - 0000000 ____D C:\Program Files\LG Software Innovations
2012-02-04 20:56 - 2012-02-04 20:56 - 0000242 ____A C:\Users\Family\Downloads\defogger_enable.log
2012-02-04 15:55 - 2012-02-04 15:55 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-02-03 19:12 - 2012-02-03 19:13 - 0000000 ____D C:\Users\Matt\Documents\Freemake
2012-02-03 19:12 - 2012-02-03 19:13 - 0000000 ____D C:\Users\All Users\Freemake
2012-02-03 19:12 - 2012-02-03 19:13 - 0000000 ____D C:\ProgramData\Freemake
2012-02-03 19:10 - 2012-02-03 19:12 - 0001238 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2012-02-03 19:10 - 2012-02-03 19:12 - 0000000 ____D C:\Program Files\Freemake
2012-02-03 18:48 - 2012-02-03 18:49 - 0000000 ____D C:\Users\Matt\Desktop\land
2012-02-03 18:08 - 2012-02-03 18:08 - 0000000 ____D C:\Users\Matt\Desktop\iron
2012-02-03 12:50 - 2012-02-03 12:50 - 0000470 ____A C:\Users\Family\Downloads\defogger_disable.log
2012-01-21 11:44 - 2012-01-21 11:44 - 0006189 ____A C:\Windows\System32\jupdate-1.6.0_30-b12.log
2012-01-21 11:44 - 2011-11-10 03:54 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-01-21 11:44 - 2011-11-10 03:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-01-21 11:44 - 2011-11-10 03:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-01-21 10:46 - 2012-01-21 10:46 - 0001027 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-21 10:37 - 2012-01-21 10:38 - 0005267 ____A C:\Users\Matt\nah_log.dat
2012-01-21 10:32 - 2012-01-21 10:33 - 0010974 __ASH C:\Users\Family\AppData\Local\g52l7kx015e2sl81340pwhj21wpy026ba8t6

============ 3 Months Modified Files and Folders ===============

2012-02-14 09:10 - 2012-02-14 09:10 - 0000000 ____D C:\FRST
2012-02-14 06:57 - 2012-02-14 06:49 - 0589408 ____A C:\Windows\ntbtlog.txt
2012-02-14 06:56 - 2009-12-06 04:05 - 2609504256 __ASH C:\hiberfil.sys
2012-02-14 06:50 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-14 06:50 - 2009-07-13 20:39 - 0131667 ____A C:\Windows\setupact.log
2012-02-14 06:12 - 2010-02-08 18:17 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-13 22:12 - 2010-02-08 18:17 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-13 18:06 - 2009-07-13 20:34 - 0015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-13 18:06 - 2009-07-13 20:34 - 0015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-13 18:02 - 2012-02-13 18:02 - 0072968 ____A C:\Users\Matt\Desktop\OTL.Txt
2012-02-13 18:02 - 2009-12-06 12:13 - 1748933 ____A C:\Windows\WindowsUpdate.log
2012-02-13 17:55 - 2012-02-13 17:55 - 0000000 ____D C:\_OTL
2012-02-13 17:55 - 2009-12-06 12:14 - 0733692 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-06 10:25 - 2010-12-20 08:27 - 0000000 ____D C:\Users\All Users\1click dvd copy pro
2012-02-06 10:25 - 2010-12-20 08:27 - 0000000 ____D C:\ProgramData\1click dvd copy pro
2012-02-06 09:59 - 2012-02-06 09:59 - 0001278 ____A C:\Users\Matt\Desktop\1Click DVD Copy Pro.lnk
2012-02-06 09:59 - 2012-02-06 09:59 - 0000000 ____D C:\Program Files\LG Software Innovations
2012-02-06 09:57 - 2009-12-23 15:03 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Vso
2012-02-04 22:07 - 2011-10-21 13:36 - 0000000 __SHD C:\Config.Msi
2012-02-04 20:56 - 2012-02-04 20:56 - 0000242 ____A C:\Users\Family\Downloads\defogger_enable.log
2012-02-04 20:56 - 2009-12-06 12:13 - 0000000 ___HD C:\users\Matt
2012-02-04 15:55 - 2012-02-04 15:55 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-02-03 19:13 - 2012-02-03 19:12 - 0000000 ____D C:\Users\Matt\Documents\Freemake
2012-02-03 19:13 - 2012-02-03 19:12 - 0000000 ____D C:\Users\All Users\Freemake
2012-02-03 19:13 - 2012-02-03 19:12 - 0000000 ____D C:\ProgramData\Freemake
2012-02-03 19:12 - 2012-02-03 19:10 - 0001238 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2012-02-03 19:12 - 2012-02-03 19:10 - 0000000 ____D C:\Program Files\Freemake
2012-02-03 18:49 - 2012-02-03 18:48 - 0000000 ____D C:\Users\Matt\Desktop\land
2012-02-03 18:47 - 2011-10-13 17:59 - 0000000 ___HD C:\Users\Matt\Desktop\gmer
2012-02-03 18:23 - 2009-12-09 19:05 - 0000000 ____D C:\Users\Matt\AppData\Roaming\HandBrake
2012-02-03 18:08 - 2012-02-03 18:08 - 0000000 ____D C:\Users\Matt\Desktop\iron
2012-02-03 12:50 - 2012-02-03 12:50 - 0000470 ____A C:\Users\Family\Downloads\defogger_disable.log
2012-01-31 04:44 - 2009-12-06 12:27 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-21 12:01 - 2010-07-13 15:32 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-01-21 11:44 - 2012-01-21 11:44 - 0006189 ____A C:\Windows\System32\jupdate-1.6.0_30-b12.log
2012-01-21 11:44 - 2009-12-06 12:39 - 0000000 ____D C:\Program Files\Java
2012-01-21 11:28 - 2009-12-10 20:36 - 0019764 ____A C:\Windows\PFRO.log
2012-01-21 10:47 - 2011-10-22 13:07 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-21 10:46 - 2012-01-21 10:46 - 0001027 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-21 10:43 - 2009-07-13 18:37 - 0000000 ___HD C:\Windows\System32\config\TxR
2012-01-21 10:43 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2012-01-21 10:42 - 2011-12-17 16:44 - 0000000 ____D C:\Users\Matt\Desktop\nroot
2012-01-21 10:42 - 2011-07-10 07:55 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\vlc
2012-01-21 10:42 - 2011-01-12 17:31 - 0000000 ____D C:\users\Mcx2-CI7860
2012-01-21 10:42 - 2011-01-10 15:10 - 0000000 ___HD C:\Users\Matt\Desktop\from portable harddrive
2012-01-21 10:42 - 2010-12-20 08:27 - 0000000 ___HD C:\Users\Public\Documents\1Click DVD Copy Pro
2012-01-21 10:42 - 2010-10-11 12:30 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\gtk-2.0
2012-01-21 10:42 - 2010-10-04 15:11 - 0000000 ___HD C:\Users\Matt\Desktop\besthandicapper
2012-01-21 10:42 - 2010-08-24 13:57 - 0000000 ___HD C:\Users\Matt\Downloads\IraApServlet2_files
2012-01-21 10:42 - 2010-08-24 13:56 - 0000000 ___HD C:\Users\Matt\Downloads\IraApServlet_files
2012-01-21 10:42 - 2010-08-20 14:03 - 0000000 ___HD C:\Users\Matt\Downloads\spiderwebsports_files
2012-01-21 10:42 - 2010-07-07 10:55 - 0000000 ___HD C:\Users\Matt\Desktop\KompoZer 0.7.10
2012-01-21 10:42 - 2010-07-07 10:55 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\KompoZer
2012-01-21 10:42 - 2010-03-04 13:49 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\WinAVI
2012-01-21 10:42 - 2010-03-04 13:38 - 0000000 ___HD C:\Users\Matt\Documents\bleep.Slap.2009.UNRATED.WS.DVDRip.XviD-VoMiT.(www.USABIT.com)
2012-01-21 10:42 - 2010-02-18 18:44 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\U3
2012-01-21 10:42 - 2010-01-23 20:26 - 0000000 ___HD C:\Users\Matt\Documents\MemTest[1]
2012-01-21 10:42 - 2009-12-22 19:09 - 0000000 ____D C:\users\Mcx1-CI7860
2012-01-21 10:42 - 2009-12-08 15:06 - 0000000 ___HD C:\users\Family
2012-01-21 10:42 - 2009-12-06 16:22 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\uTorrent
2012-01-21 10:42 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-01-21 10:42 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\security
2012-01-21 10:41 - 2011-10-24 18:42 - 0000000 ___HD C:\Users\Matt\AppData\Local\Palo_Alto_Software
2012-01-21 10:41 - 2011-10-24 18:25 - 0000000 ___HD C:\Users\Matt\AppData\Local\Downloaded Installations
2012-01-21 10:41 - 2011-10-20 16:24 - 0000000 ___HD C:\ComboFix
2012-01-21 10:41 - 2011-09-09 14:30 - 0000000 ___HD C:\Users\Family\Downloads\Corel Draw X5 with Keygen
2012-01-21 10:41 - 2011-08-27 14:52 - 0000000 ___HD C:\Users\Family\Downloads\ZJMedia.WinAVI.All.In.One.Converter.v1.6.0.4147.Cracked-DJiNN
2012-01-21 10:41 - 2011-08-27 11:47 - 0000000 ___HD C:\Users\Family\AppData\Local\HandBrake
2012-01-21 10:41 - 2011-06-19 08:47 - 0000000 ___HD C:\Users\Family\AppData\Roaming\dvdcss
2012-01-21 10:41 - 2011-06-19 08:25 - 0000000 ___HD C:\Users\Family\AppData\Roaming\vlc
2012-01-21 10:41 - 2010-01-01 09:12 - 0000000 ___HD C:\Users\Matt\AppData\Local\Microsoft Help
2012-01-21 10:41 - 2009-12-23 13:35 - 0000000 ___HD C:\Users\All Users\Hewlett-Packard
2012-01-21 10:41 - 2009-12-23 13:35 - 0000000 ___HD C:\ProgramData\Hewlett-Packard
2012-01-21 10:41 - 2009-12-22 18:05 - 0000000 ___HD C:\Program Files\FairUse Wizard 2
2012-01-21 10:41 - 2009-12-09 19:05 - 0000000 ___HD C:\Users\Matt\AppData\Local\HandBrake
2012-01-21 10:41 - 2009-12-08 15:16 - 0000000 ___HD C:\Users\Family\AppData\Roaming\uTorrent
2012-01-21 10:41 - 2009-12-08 15:06 - 0000000 ___HD C:\Users\Family\AppData\Local\VirtualStore
2012-01-21 10:41 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2012-01-21 10:40 - 2010-12-20 06:19 - 0000000 ___HD C:\Users\Matt\Documents\DVDFab
2012-01-21 10:40 - 2010-07-28 19:40 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\Affilorama
2012-01-21 10:40 - 2010-07-13 15:32 - 0000000 ___HD C:\Users\Matt\AppData\Local\Mozilla
2012-01-21 10:40 - 2010-07-07 10:55 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\Mozilla
2012-01-21 10:40 - 2009-12-12 20:38 - 0000000 ___HD C:\Users\Matt\AppData\Local\Adobe
2012-01-21 10:40 - 2009-12-06 12:27 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\Macromedia
2012-01-21 10:40 - 2009-12-06 12:27 - 0000000 ___HD C:\Users\Matt\AppData\Roaming\Adobe
2012-01-21 10:40 - 2009-12-06 12:13 - 0000000 ___HD C:\Users\Matt\AppData\LocalLow
2012-01-21 10:40 - 2009-12-06 12:13 - 0000000 ___HD C:\Users\Matt\AppData\Local\VirtualStore
2012-01-21 10:39 - 2011-10-22 13:07 - 0000000 ___HD C:\Users\All Users\Malwarebytes
2012-01-21 10:39 - 2011-10-22 13:07 - 0000000 ___HD C:\ProgramData\Malwarebytes
2012-01-21 10:39 - 2011-08-27 12:00 - 0000000 ___HD C:\Users\Family\AppData\Roaming\WinAVI
2012-01-21 10:39 - 2011-06-26 06:43 - 0000000 ___HD C:\Users\Family\AppData\Roaming\XBMC
2012-01-21 10:39 - 2011-02-11 19:00 - 0000000 ___HD C:\Users\Family\AppData\Roaming\Mozilla
2012-01-21 10:39 - 2011-02-11 19:00 - 0000000 ___HD C:\Users\Family\AppData\Local\Mozilla
2012-01-21 10:39 - 2011-01-10 10:26 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-01-21 10:39 - 2011-01-10 10:26 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-01-21 10:39 - 2010-05-18 06:25 - 0000000 ___HD C:\Users\All Users\DivX
2012-01-21 10:39 - 2010-05-18 06:25 - 0000000 ___HD C:\ProgramData\DivX
2012-01-21 10:39 - 2010-01-01 09:29 - 0000000 ___HD C:\Users\All Users\Google
2012-01-21 10:39 - 2010-01-01 09:29 - 0000000 ___HD C:\ProgramData\Google
2012-01-21 10:39 - 2009-12-08 15:06 - 0000000 ___HD C:\Users\Family\AppData\Roaming\Adobe
2012-01-21 10:39 - 2009-12-08 15:06 - 0000000 ___HD C:\Users\Family\AppData\LocalLow
2012-01-21 10:39 - 2009-12-06 12:33 - 0000000 ___HD C:\Users\All Users\Apple
2012-01-21 10:39 - 2009-12-06 12:33 - 0000000 ___HD C:\ProgramData\Apple
2012-01-21 10:38 - 2012-01-21 10:37 - 0005267 ____A C:\Users\Matt\nah_log.dat
2012-01-21 10:33 - 2012-01-21 10:32 - 0010974 __ASH C:\Users\Family\AppData\Local\g52l7kx015e2sl81340pwhj21wpy026ba8t6
2011-12-17 17:50 - 2011-12-17 17:50 - 0000000 ____D C:\Users\Matt\.android
2011-12-17 17:12 - 2011-12-17 16:44 - 0000000 ____D C:\nroot
2011-12-17 17:09 - 2011-12-17 17:08 - 23768632 ____A C:\Users\Matt\Downloads\Nook&Zergy.zip
2011-12-17 16:45 - 2011-12-17 16:45 - 6396555 ____A C:\Users\Matt\Downloads\usbdrivers.zip
2011-12-16 12:45 - 2011-12-16 12:45 - 0607260 ____R (Swearware) C:\Users\Family\Downloads\dds.scr
2011-12-16 12:45 - 2011-12-16 12:45 - 0050477 ____A C:\Users\Family\Downloads\Defogger.exe
2011-12-16 12:25 - 2011-12-14 07:58 - 0000000 ____D C:\Users\Family\AppData\Roaming\4512B
2011-12-16 12:25 - 2011-12-14 07:58 - 0000000 ____D C:\Users\Family\AppData\Roaming\08445
2011-12-16 01:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2011-12-16 01:04 - 2010-01-01 09:12 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-16 01:04 - 2010-01-01 09:12 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-16 01:01 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\System
2011-12-16 01:01 - 2009-07-13 18:04 - 0000478 ____A C:\Windows\win.ini
2011-12-14 16:30 - 2011-12-14 16:30 - 0000000 ____D C:\Users\Matt\Desktop\florida pics
2011-12-14 14:22 - 2011-12-14 07:37 - 0000000 ____D C:\Users\Family\AppData\Roaming\Ybl
2011-12-14 14:22 - 2009-07-13 20:53 - 0032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-14 13:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Help
2011-12-14 12:09 - 2011-02-11 19:05 - 0000000 ____D C:\Users\Family\Documents\Outlook Files
2011-12-14 11:22 - 2011-12-14 07:36 - 0011234 __ASH C:\Users\Family\AppData\Local\2jx3g74boy8c58nmukd8560gu512oxd24e3i
2011-12-14 08:18 - 2011-12-14 07:37 - 0000000 ____D C:\Users\Family\AppData\Roaming\Zaiz
2011-12-14 07:36 - 2011-10-22 13:29 - 0003181 ___AH C:\Users\Family\Desktop\HiJackThis.lnk
2011-12-14 03:32 - 2009-07-13 18:37 - 0000000 ___HD C:\Windows\LiveKernelReports
2011-12-13 15:15 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\TAPI
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-HK
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\tr-TR
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\Msdtc
2011-12-13 15:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2011-12-13 15:14 - 2010-02-28 21:10 - 0000000 ____D C:\Windows\Minidump
2011-12-13 15:14 - 2009-07-13 23:50 - 0000000 ____D C:\Windows\ShellNew
2011-12-13 15:14 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-12-13 15:14 - 2009-07-13 18:37 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2011-12-13 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2011-12-13 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\he-IL
2011-12-13 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2011-12-13 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2011-12-13 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\el-GR
2011-12-13 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2011-12-13 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ar-SA
2011-12-13 15:13 - 2011-10-27 17:40 - 0000000 ____D C:\Program Files\Market Samurai
2011-12-13 15:13 - 2011-10-21 13:38 - 0000000 ____D C:\Program Files\iTunes
2011-12-13 15:13 - 2011-08-29 13:51 - 0000000 ____D C:\Program Files\Apple Software Update
2011-12-13 15:13 - 2011-06-26 06:08 - 0000000 ____D C:\Program Files\XBMC
2011-12-13 15:13 - 2011-03-07 17:07 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-12-13 15:13 - 2011-01-12 09:22 - 0000000 ____D C:\Program Files\Common Files\DESIGNER
2011-12-13 15:13 - 2011-01-10 10:26 - 0000000 ____D C:\Program Files\QuickTime
2011-12-13 15:13 - 2010-10-11 12:23 - 0000000 ____D C:\Program Files\GIMP-2.0
2011-12-13 15:13 - 2010-07-28 19:40 - 0000000 ____D C:\Program Files\Traffic Travis v3
2011-12-13 15:13 - 2010-07-07 11:30 - 0000000 ____D C:\Program Files\FileZilla FTP Client
2011-12-13 15:13 - 2010-03-04 13:49 - 0000000 ____D C:\Program Files\WinAVI Video Converter
2011-12-13 15:13 - 2010-03-04 13:48 - 0000000 ____D C:\Program Files\7-Zip
2011-12-13 15:13 - 2009-12-10 16:32 - 0000000 ___HD C:\Users\All Users\Yammm
2011-12-13 15:13 - 2009-12-10 16:32 - 0000000 ___HD C:\ProgramData\Yammm
2011-12-13 15:13 - 2009-12-10 16:32 - 0000000 ____D C:\Program Files\Yammm
2011-12-13 15:13 - 2009-12-09 19:21 - 0000000 ____D C:\Program Files\FLAC
2011-12-13 15:13 - 2009-12-09 19:05 - 0000000 ____D C:\Program Files\Handbrake
2011-12-13 15:13 - 2009-12-06 13:49 - 0000000 ____D C:\Program Files\PlayReady
2011-12-13 15:13 - 2009-12-06 13:34 - 0000000 ____D C:\Program Files\DivX
2011-12-13 15:13 - 2009-12-06 13:34 - 0000000 ____D C:\Program Files\Common Files\PX Storage Engine
2011-12-13 15:13 - 2009-12-06 13:34 - 0000000 ____D C:\Program Files\Common Files\DivX Shared
2011-12-13 15:13 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\MSBuild
2011-12-13 15:13 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-12-13 15:12 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\System32\winrm
2011-12-13 15:12 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\System32\WCN
2011-12-13 15:12 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2011-12-13 15:12 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2011-12-13 15:12 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Web
2011-12-13 15:12 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Vss
2011-12-13 15:11 - 2009-12-06 12:27 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-13 15:11 - 2009-12-06 12:27 - 0000000 ____D C:\Windows\System32\Adobe
2011-12-13 15:11 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\System32\slmgr
2011-12-13 15:11 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2011-12-13 15:11 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Performance
2011-12-13 15:11 - 2009-07-13 20:34 - 0000000 ____D C:\Windows\ServiceProfiles
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\spp
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\spool
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\Speech
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\SMI
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NetworkList
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\MUI
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\IME
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\com
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Speech
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\schemas
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Resources
2011-12-13 15:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\PLA
2011-12-13 15:09 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\IME
2011-12-13 15:09 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Globalization
2011-12-13 15:08 - 2011-10-19 15:41 - 0000000 ____D C:\Windows\ERDNT
2011-12-13 15:08 - 2011-07-13 14:10 - 0000000 ____D C:\Windows\Downloaded Installations
2011-12-13 15:08 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Branding
2011-12-13 15:07 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2011-12-13 15:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2011-12-13 15:06 - 2011-10-19 15:41 - 0000000 ___HD C:\Qoobox
2011-12-13 15:06 - 2011-01-10 10:28 - 0000000 ____D C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-13 15:06 - 2011-01-10 10:28 - 0000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-13 15:06 - 2009-12-12 20:39 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-12-13 15:06 - 2009-12-12 20:39 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-12-13 15:06 - 2009-07-13 18:37 - 0000000 __RHD C:\users\Default
2011-12-13 15:05 - 2011-10-22 13:31 - 0000000 ____D C:\Program Files\Trend Micro
2011-12-13 15:05 - 2011-08-27 14:47 - 0000000 ____D C:\Program Files\WinAVI
2011-12-13 15:05 - 2011-07-13 14:15 - 0000000 ____D C:\Program Files\Success Studios
2011-12-13 15:05 - 2010-10-28 08:53 - 0000000 ____D C:\Program Files\Windows Live
2011-12-13 15:05 - 2010-10-06 17:37 - 0000000 ____D C:\Program Files\VideoLAN
2011-12-13 15:05 - 2009-12-14 09:02 - 0000000 ____D C:\Program Files\Xiph.Org
2011-12-13 15:05 - 2009-07-13 23:50 - 0000000 ____D C:\Program Files\Windows Journal
2011-12-13 15:05 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-12-13 15:05 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Defender
2011-12-13 15:05 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Reference Assemblies
2011-12-13 15:05 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Windows NT
2011-12-13 15:04 - 2011-01-12 09:22 - 0000000 ____D C:\Program Files\Microsoft Synchronization Services
2011-12-13 15:04 - 2011-01-12 09:21 - 0000000 ____D C:\Program Files\Microsoft Sync Framework
2011-12-13 15:04 - 2011-01-12 09:17 - 0000000 ____D C:\Program Files\Microsoft Analysis Services
2011-12-13 15:04 - 2010-10-28 08:54 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2011-12-13 15:04 - 2010-01-01 09:13 - 0000000 ____D C:\Program Files\Microsoft.NET
2011-12-13 15:04 - 2010-01-01 09:12 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 8
2011-12-13 15:04 - 2010-01-01 09:12 - 0000000 ____D C:\Program Files\Microsoft Office
2011-12-13 15:04 - 2009-12-14 09:09 - 0000000 ____D C:\Program Files\piPOol
2011-12-13 15:03 - 2011-10-21 13:38 - 0000000 ____D C:\Program Files\iPod
2011-12-13 15:03 - 2011-04-20 14:44 - 0000000 ____D C:\Program Files\Elaborate Bytes
2011-12-13 15:03 - 2010-10-28 08:25 - 0000000 ____D C:\Program Files\Common Files\Windows Live
2011-12-13 15:03 - 2010-01-01 09:29 - 0000000 ____D C:\Program Files\Google
2011-12-13 15:03 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\DVD Maker
2011-12-13 15:03 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2011-12-13 15:02 - 2011-10-24 18:40 - 0000000 ____D C:\Program Files\Business Plan Pro
2011-12-13 15:02 - 2010-10-13 14:23 - 0000000 ____D C:\Program Files\Citrix
2011-12-13 15:02 - 2010-08-15 16:48 - 0000000 ____D C:\Program Files\Common Files\Java
2011-12-13 15:02 - 2009-12-12 20:39 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2011-12-13 15:02 - 2009-12-12 20:39 - 0000000 ____D C:\Program Files\Adobe
2011-12-13 15:02 - 2009-12-09 18:28 - 0000000 ____D C:\Program Files\AviSynth 2.5
2011-12-13 15:02 - 2009-12-06 12:51 - 0000000 ____D C:\Program Files\ATI
2011-12-13 15:02 - 2009-12-06 12:34 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-12-13 15:01 - 2011-10-20 16:29 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-13 15:01 - 2010-01-01 09:11 - 0000000 __RHD C:\MSOCache
2011-12-13 15:01 - 2009-12-14 14:57 - 0000000 ___HD C:\all downloaded video and music
2011-12-13 15:01 - 2009-12-06 12:51 - 0000000 ___HD C:\ATI
2011-12-13 14:16 - 2011-10-21 13:36 - 0000000 ____D C:\Program Files\Bonjour
2011-12-13 14:01 - 2011-12-13 14:00 - 0010630 __ASH C:\Users\Family\AppData\Local\855476t4l626j788g862c8koh0h1
2011-12-12 21:05 - 2011-11-07 16:42 - 0000000 ___HD C:\Windows\Sun
2011-12-12 19:36 - 2011-11-08 17:06 - 0000000 ____D C:\Users\Family\AppData\Local\Palo_Alto_Software
2011-12-12 18:48 - 2011-11-07 16:44 - 0000000 ____D C:\Users\Matt\AppData\Local\bbd25be5
2011-12-08 16:34 - 2011-12-08 16:34 - 0000000 ____A C:\Users\Family\AppData\Local\{B5B487F5-2D4E-49B2-88C7-152C05D31272}
2011-12-07 11:50 - 2010-07-20 19:11 - 0000000 ___HD C:\Users\Matt\AppData\Local\ElevatedDiagnostics
2011-12-05 14:36 - 2009-07-13 18:37 - 0000000 ___HD C:\Windows\SchCache

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4086.15 MB
Available physical RAM: 3543.31 MB
Total Pagefile: 4084.43 MB
Available Pagefile: 3550.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.31 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:388.36 GB) NTFS
2 Drive e: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
3 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive g: (Cruzer) (Removable) (Total:7.47 GB) (Free:1.46 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
Partition 3 Primary 1744 KB 931 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 931 GB Healthy

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Cruzer FAT32 Removable 7655 MB Healthy



==========================================================

Last Boot: 2011-10-31 21:58

======================= End Of Log ==========================

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 15 February 2012 - 07:12 AM

Hi,

please navigate again to the Command Prompt within the Recovery Options. There type in: diskpart select disk 0 and hit enter. Then type in diskpart list partition. In the output check that size of the first partition is 100Mb. If that's not the case, stop and report back. Otherwise type in diskpart select partition 1 and hit enter. It should show Partition 1 is now the selected partition. Then type in active and hit enter.

After that run a new scan with FRST and reboot and let me know how the PC is doing.

regards myrti

Edited by myrti, 15 February 2012 - 07:12 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 huskerbones

huskerbones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 15 February 2012 - 08:59 AM

hello,

I typed in diskpart select disk 0 and then it says diskpart was unable to process the parameters. diskpart is not recognized as an external or internal command.


matt

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 15 February 2012 - 11:12 AM

Hi,

that is unsual. You did use it in the repair environment command prompt, right?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 huskerbones

huskerbones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 15 February 2012 - 05:35 PM

hi,

ya the same from earlier it starts with x:\sources>
the win disk is still in the machine.

any ideas? matt

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 16 February 2012 - 05:30 AM

  • Download ListParts
  • Open notepad and copy this into it:
    Disk=0 Partition=1 active
    bcdedit
    Save it as fix.txt along with ListParts on a flash drive.
  • Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\listparts and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • Press Fix button.
  • When it finished check "List BCD" option and click Scan. It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.
  • Also please restart. First post the Result.txt before it is overwritten then run a new Scan of ListParts and post the new Result.txt
[/list]

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 huskerbones

huskerbones
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 16 February 2012 - 08:51 AM

hi,

here is the first scan results.




ListParts by Farbar
Ran by SYSTEM on 16-02-2012 at 07:35:54
Windows 7 (X86)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 4086.15 MB
Available physical RAM: 3647.3 MB
Total Pagefile: 4084.43 MB
Available Pagefile: 3639.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.54 MB

======================= Partitions =========================

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: () (Fixed) (Total:931.41 GB) (Free:388.36 GB) NTFS
3 Drive e: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (Cruzer) (Removable) (Total:7.47 GB) (Free:1.46 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
Partition 3 Primary 1744 KB 931 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 931 GB Healthy

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Cruzer FAT32 Removable 7655 MB Healthy



Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {729d0202-e25f-11de-8739-ca5609d7b73c}
resumeobject {729d0201-e25f-11de-8739-ca5609d7b73c}
displayorder {729d0202-e25f-11de-8739-ca5609d7b73c}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {729d0202-e25f-11de-8739-ca5609d7b73c}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {729d0203-e25f-11de-8739-ca5609d7b73c}
recoveryenabled Yes
osdevice partition=D:
systemroot \Windows
resumeobject {729d0201-e25f-11de-8739-ca5609d7b73c}
nx OptIn

Windows Boot Loader
-------------------
identifier {729d0203-e25f-11de-8739-ca5609d7b73c}
device ramdisk=[D:]\Recovery\729d0203-e25f-11de-8739-ca5609d7b73c\Winre.wim,{729d0204-e25f-11de-8739-ca5609d7b73c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\729d0203-e25f-11de-8739-ca5609d7b73c\Winre.wim,{729d0204-e25f-11de-8739-ca5609d7b73c}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {729d0201-e25f-11de-8739-ca5609d7b73c}
device partition=D:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=D:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {729d0204-e25f-11de-8739-ca5609d7b73c}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\729d0203-e25f-11de-8739-ca5609d7b73c\boot.sdi


****** End Of Log ******


second scan results

ListParts by Farbar
Ran by SYSTEM on 16-02-2012 at 07:45:12
Windows 7 (X86)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 4086.15 MB
Available physical RAM: 3645.37 MB
Total Pagefile: 4084.43 MB
Available Pagefile: 3637.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1985.54 MB

======================= Partitions =========================

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: () (Fixed) (Total:931.41 GB) (Free:388.36 GB) NTFS
3 Drive e: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (Cruzer) (Removable) (Total:7.47 GB) (Free:1.46 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
Partition 3 Primary 1744 KB 931 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 931 GB Healthy

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Cruzer FAT32 Removable 7655 MB Healthy



Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {729d0202-e25f-11de-8739-ca5609d7b73c}
resumeobject {729d0201-e25f-11de-8739-ca5609d7b73c}
displayorder {729d0202-e25f-11de-8739-ca5609d7b73c}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {729d0202-e25f-11de-8739-ca5609d7b73c}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {729d0203-e25f-11de-8739-ca5609d7b73c}
recoveryenabled Yes
osdevice partition=D:
systemroot \Windows
resumeobject {729d0201-e25f-11de-8739-ca5609d7b73c}
nx OptIn

Windows Boot Loader
-------------------
identifier {729d0203-e25f-11de-8739-ca5609d7b73c}
device ramdisk=[D:]\Recovery\729d0203-e25f-11de-8739-ca5609d7b73c\Winre.wim,{729d0204-e25f-11de-8739-ca5609d7b73c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\729d0203-e25f-11de-8739-ca5609d7b73c\Winre.wim,{729d0204-e25f-11de-8739-ca5609d7b73c}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {729d0201-e25f-11de-8739-ca5609d7b73c}
device partition=D:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=D:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {729d0204-e25f-11de-8739-ca5609d7b73c}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\729d0203-e25f-11de-8739-ca5609d7b73c\boot.sdi


****** End Of Log ******

ok hope this helps, good day to ya.
matt

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 16 February 2012 - 08:57 AM

Hi,

that is looking good. Can you boot normally? Please run a new scan with aswMBR and show the results here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users