Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help Remove Search Redirect Malware [Closed]

Started by jage750 , Jan 05 2012 04:17 PM

  • This topic is locked This topic is locked

#1
jage750
Posted 05 January 2012 - 04:17 PM

jage750

    New Member

  • Member
  • Pip
  • 7 posts
Hi there,
I recently starting working at a new job and took over the previous employee's PC, which seems to be infected with Malware that redirects all my searches (Google, Yahoo, Bing, etc.) in both IE and Firefox. Apparently, he may have been looking at a website called www. momsteachdaughter .com Now all my searches get redirected to sites like: infomash. org, shopautoweek .com, shoppinghornet. com, etc.

There was very little virus protection on this computer. I've since installed Avast, which seems to be doing a nice job of blocking new Malware. The problem is, scans can't seem to detect the existing Malware. I've also tried SpyBot Search & Destroy with no luck.

I found your forums and followed the steps suggested, even downloading TDSSKiller, but the Malware seems to be preventing it from running properly (TDSSKiller seems to run fine on other unaffected computers in the office.)

So this is my last resort before sending it in to a computer repair place. If someone in this forum can help, I will be eternally grateful and you will be my hero! I've run OTL and here is the log:

OTL logfile created on: 1/5/2012 4:59:57 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Production\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.63% Memory free
4.84 Gb Paging File | 4.05 Gb Available in Paging File | 83.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 64.00 Gb Free Space | 42.96% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 20.98 Gb Free Space | 4.50% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 12.88 Gb Free Space | 4.32% Space Free | Partition Type: NTFS

Computer Name: D2JPJFK1 | User Name: Production | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 16:59:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Production\Desktop\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\antivirus\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 18:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 10:34:30 | 001,664,000 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12010501\algo.dll
MOD - [2012/01/03 13:16:27 | 000,268,808 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12010501\aswRep.dll
MOD - [2011/10/14 08:02:47 | 011,800,576 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/14 08:02:38 | 000,771,584 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 08:02:14 | 000,025,600 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/14 08:02:13 | 012,430,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 08:02:08 | 001,587,200 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 16:48:55 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 16:48:52 | 000,971,264 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 16:48:49 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 16:48:41 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2009/11/02 23:46:23 | 001,691,648 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/11/02 23:46:23 | 000,671,744 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3331.38912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:23 | 000,491,520 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/11/02 23:46:23 | 000,364,544 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:23 | 000,290,816 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:23 | 000,204,800 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/11/02 23:46:23 | 000,139,264 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:23 | 000,106,496 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3331.38813__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:23 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/11/02 23:46:23 | 000,077,824 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3331.38912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:23 | 000,077,824 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3331.38874__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:23 | 000,073,728 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:23 | 000,069,632 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3331.38853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:23 | 000,061,440 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:23 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/11/02 23:46:23 | 000,036,864 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:23 | 000,028,672 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:23 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:22 | 000,811,008 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:22 | 000,712,704 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:22 | 000,589,824 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3331.38815__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:22 | 000,405,504 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/11/02 23:46:22 | 000,225,280 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:22 | 000,126,976 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:22 | 000,081,920 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:22 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:22 | 000,036,864 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:21 | 000,450,560 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3331.38835__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:21 | 000,438,272 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/11/02 23:46:21 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:21 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/11/02 23:46:21 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:21 | 000,032,768 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/11/02 23:46:21 | 000,032,768 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/11/02 23:46:21 | 000,028,672 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/11/02 23:46:21 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/11/02 23:46:21 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009/11/02 23:46:21 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/11/02 23:46:21 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/11/02 23:46:21 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/11/02 23:46:21 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/11/02 23:46:21 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/11/02 23:46:21 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/11/02 23:46:21 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/11/02 23:46:21 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/11/02 23:46:21 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/11/02 23:46:21 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/11/02 23:46:21 | 000,007,168 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/11/02 23:46:20 | 000,073,728 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/11/02 23:46:20 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,061,440 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,061,440 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,053,248 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,053,248 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,053,248 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,049,152 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/11/02 23:46:20 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,032,768 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,028,672 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/11/02 23:46:20 | 000,028,672 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,028,672 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,028,672 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,024,576 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,024,576 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/11/02 23:46:20 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/11/02 23:46:20 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/11/02 23:46:20 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/11/02 23:46:20 | 000,013,312 | -H-- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/11/02 23:46:20 | 000,007,168 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/11/02 23:46:19 | 001,142,784 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/11/02 23:46:19 | 000,405,504 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/11/02 23:46:19 | 000,106,496 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/11/02 23:46:19 | 000,081,920 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/11/02 23:46:19 | 000,081,920 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/11/02 23:46:19 | 000,061,440 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/11/02 23:46:19 | 000,061,440 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll
MOD - [2009/11/02 23:46:19 | 000,057,344 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/11/02 23:46:19 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/11/02 23:46:19 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/11/02 23:46:19 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/11/02 23:46:19 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/11/02 23:46:19 | 000,032,768 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/11/02 23:46:19 | 000,032,768 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/11/02 23:46:19 | 000,028,672 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/11/02 23:46:19 | 000,024,576 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/11/02 23:46:19 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/11/02 23:46:19 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/11/02 23:46:19 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/11/02 23:46:19 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/11/02 23:46:19 | 000,014,848 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008/11/18 13:00:10 | 000,016,384 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/07 13:01:34 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/03 18:55:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2012/01/05 15:04:53 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB5B701-50A3-43EC-BC28-2987C612F32E}\MpKslea71ff75.sys -- (MpKslea71ff75)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/05 10:16:32 | 000,142,336 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 13:35:06 | 000,017,536 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009/02/16 09:59:06 | 000,028,800 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2009/02/14 08:49:34 | 003,565,056 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/13 10:02:52 | 000,011,520 | -H-- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/31 21:52:16 | 000,093,184 | -H-- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/18 17:20:06 | 004,752,896 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/09 09:11:34 | 000,022,016 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://email.secure....orionontv.org"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/27 14:54:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/03 17:13:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/03 17:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2011/10/19 09:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Production\Application Data\Mozilla\Extensions
[2011/10/19 09:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Production\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/01/07 12:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Production\Application Data\Mozilla\Extensions\[email protected]
[2011/11/07 10:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Production\Application Data\Mozilla\Firefox\Profiles\g25xn0yo.default\extensions
[2010/07/27 10:05:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Production\Application Data\Mozilla\Firefox\Profiles\g25xn0yo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/29 11:12:53 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Production\Application Data\Mozilla\Firefox\Profiles\g25xn0yo.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/10/19 09:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Production\Application Data\Mozilla\Sunbird\Profiles\5qz81172.default\extensions
[2011/12/05 10:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/05 10:51:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PRODUCTION\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G25XN0YO.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PRODUCTION\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G25XN0YO.DEFAULT\EXTENSIONS\[email protected]
[2011/12/27 14:54:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/10 11:58:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 11:58:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 11:58:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/05 14:29:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\antivirus\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\antivirus\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Production\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\antivirus\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B47D42D7-DF52-43AD-80DE-5E46A9ABE18C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Production\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Production\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b4bf731-c1be-11df-86bc-002564dabfed}\Shell - "" = AutoRun
O33 - MountPoints2\{2b4bf731-c1be-11df-86bc-002564dabfed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b4bf731-c1be-11df-86bc-002564dabfed}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{2ee5839a-2573-11e0-8719-002564dabfed}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee5839a-2573-11e0-8719-002564dabfed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee5839a-2573-11e0-8719-002564dabfed}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{5ca640b4-6855-11df-b417-002564dabfed}\Shell\AutoRun\command - "" = E:\Launch.exe /run
O33 - MountPoints2\{894f7d26-36bc-11df-b3dc-002564dabfed}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 07:00:00 | 000,023,040 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{94c585b4-d719-11df-86ca-002564dabfed}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 16:59:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Production\Desktop\OTL.exe
[2012/01/05 14:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Production\Desktop\tdsskiller
[2012/01/05 14:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Production\Desktop\GooredFix Backups
[2012/01/05 14:42:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Production\Desktop\GooredFix.exe
[2012/01/05 14:29:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/05 14:27:22 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Production\Desktop\OTM.exe
[2012/01/04 10:53:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Production\Desktop\dds.scr
[2012/01/03 17:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QT Lite
[2012/01/03 17:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/01/03 17:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\QT Lite
[2012/01/03 17:03:50 | 018,136,665 | ---- | C] ( ) -- C:\Documents and Settings\Production\Desktop\QT_Lite_410.exe
[2012/01/03 16:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Production\Application Data\MPEG Streamclip
[2012/01/03 11:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/03 11:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/12/28 12:03:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/27 17:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/12/27 17:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/12/27 17:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/12/27 17:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/12/27 17:24:08 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/12/27 17:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Production\Application Data\HP
[2011/12/27 17:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Production\Desktop\temp
[2011/12/27 14:54:48 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/27 14:54:48 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/27 14:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/27 14:54:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/27 14:54:46 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/27 14:54:46 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/27 14:54:46 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/27 14:54:46 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/27 14:54:46 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/27 14:54:35 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/27 14:54:35 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/27 14:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/27 14:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/27 14:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\antivirus
[2011/12/27 14:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/07 11:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Production\Local Settings\Application Data\offsync
[2011/12/07 09:45:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER

========== Files - Modified Within 30 Days ==========

[2012/01/05 16:59:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Production\Desktop\OTL.exe
[2012/01/05 15:09:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/05 15:05:40 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/05 15:04:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 15:04:46 | 000,151,824 | -H-- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/01/05 14:55:06 | 001,558,406 | ---- | M] () -- C:\Documents and Settings\Production\Desktop\tdsskiller.zip
[2012/01/05 14:42:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Production\Desktop\GooredFix.exe
[2012/01/05 14:29:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/05 14:27:25 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Production\Desktop\OTM.exe
[2012/01/05 14:18:22 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Production\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 13:28:41 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012/01/05 13:28:41 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2012/01/05 13:28:41 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2012/01/05 13:28:41 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2012/01/05 13:28:41 | 000,000,021 | -H-- | M] () -- C:\WINDOWS\SurCode.INI
[2012/01/04 10:53:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Production\Desktop\dds.scr
[2012/01/03 17:04:53 | 018,136,665 | ---- | M] ( ) -- C:\Documents and Settings\Production\Desktop\QT_Lite_410.exe
[2012/01/03 16:53:03 | 000,335,236 | ---- | M] () -- C:\Documents and Settings\Production\Desktop\MPEG_Streamclip_1.2.1b5.zip
[2012/01/03 11:06:18 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Production\Desktop\Spybot - Search & Destroy.lnk
[2011/12/27 17:27:49 | 000,078,886 | ---- | M] () -- C:\WINDOWS\hpfins05.dat
[2011/12/27 17:27:12 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/27 15:57:04 | 000,001,133 | ---- | M] () -- C:\Documents and Settings\Production\Desktop\Shortcut to WINWORD.EXE.lnk
[2011/12/27 14:54:49 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/27 14:14:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/13 16:03:57 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Production\Desktop\Shortcut to Adobe Premiere Elements.exe.lnk
[2011/12/08 10:29:44 | 000,000,346 | ---- | M] () -- C:\Documents and Settings\Production\Desktop\My Documents.lnk
[2011/12/07 09:50:29 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\tmpPrst.tgz
[2011/12/07 09:50:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\tmpPrst.dll
[2011/12/07 09:42:58 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Production\Desktop\Shortcut to firefox.exe.lnk

========== Files Created - No Company Name ==========

[2012/01/05 14:55:06 | 001,558,406 | ---- | C] () -- C:\Documents and Settings\Production\Desktop\tdsskiller.zip
[2012/01/03 16:53:08 | 000,335,236 | ---- | C] () -- C:\Documents and Settings\Production\Desktop\MPEG_Streamclip_1.2.1b5.zip
[2012/01/03 11:06:18 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Production\Desktop\Spybot - Search & Destroy.lnk
[2011/12/27 17:27:12 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/27 17:23:40 | 000,078,886 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2011/12/27 17:23:40 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2011/12/27 17:23:19 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2011/12/27 17:23:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/12/27 15:57:04 | 000,001,133 | ---- | C] () -- C:\Documents and Settings\Production\Desktop\Shortcut to WINWORD.EXE.lnk
[2011/12/27 14:54:49 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/27 14:14:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/27 14:14:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/13 16:03:57 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Production\Desktop\Shortcut to Adobe Premiere Elements.exe.lnk
[2011/12/08 10:29:44 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\Production\Desktop\My Documents.lnk
[2011/12/07 09:50:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/12/07 09:50:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/12/07 09:50:29 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\tmpPrst.tgz
[2011/12/07 09:50:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\tmpPrst.dll
[2011/12/07 09:42:58 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\Production\Desktop\Shortcut to firefox.exe.lnk
[2011/12/02 10:21:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/02 10:21:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/02 10:21:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/02 10:21:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/02 10:21:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/01 10:55:12 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~D3AgTd1kSFPv7p
[2011/12/01 10:55:12 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~D3AgTd1kSFPv7pr
[2011/12/01 10:54:59 | 000,000,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\D3AgTd1kSFPv7p
[2011/11/28 12:56:58 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~z5nuTcwetlZZ0N
[2011/11/28 12:56:58 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~z5nuTcwetlZZ0Nr
[2011/11/28 12:56:33 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\z5nuTcwetlZZ0N
[2011/11/28 12:47:45 | 000,295,921 | -H-- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/04/14 09:51:26 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/07 13:56:12 | 000,002,048 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/12/07 13:56:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/12/07 13:56:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/12/07 13:56:12 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\SurCode.INI
[2009/11/11 14:31:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/11 11:17:01 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Production\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 11:04:28 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009/11/11 10:26:15 | 000,354,816 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/11 10:25:39 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/11/11 10:14:52 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/03 05:37:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/11/03 01:34:38 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/11/03 01:34:38 | 000,887,724 | -H-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/11/03 01:34:38 | 000,182,995 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/03 01:34:38 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/11/03 01:34:38 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2009/11/03 01:34:28 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/11/03 01:34:18 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/11/03 01:32:08 | 000,001,152 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/11/02 23:51:46 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 16:27:18 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:26:32 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 11:16:35 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/25 11:16:35 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/25 11:16:35 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/25 11:16:35 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/25 11:16:35 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/25 11:16:24 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 11:16:22 | 000,464,276 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 11:16:22 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 11:16:22 | 000,079,426 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 11:16:22 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 11:16:22 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 11:16:21 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 11:16:20 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 11:16:18 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 11:16:18 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 11:16:13 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 11:16:11 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 04:22:39 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 04:21:52 | 002,081,504 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 11:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2011/12/27 14:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/12/07 13:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/11/02 23:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/01/11 14:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Production\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/03 16:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Production\Application Data\MPEG Streamclip
[2010/06/25 11:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Production\Application Data\OpenOffice.org
[2009/11/17 14:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Production\Application Data\Opera
[2010/07/22 16:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Production\Application Data\Search Settings
[2009/11/02 23:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Production\Application Data\Windows Desktop Search
[2009/11/11 11:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Production\Application Data\Windows Search
[2010/07/22 16:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Production\Application Data\YouTube Downloader
[2012/01/05 15:09:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >


Thanks for your time and assistance.

- Joe Johnson
Lake Orion, Michigan
  • 0

Advertisements

#2
Essexboy
Posted 05 January 2012 - 04:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - lets start shall we :cool:

I will need you to run the first programme twice each time in a different mode

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Second run

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/01 10:55:12 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~D3AgTd1kSFPv7p
    [2011/12/01 10:55:12 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~D3AgTd1kSFPv7pr
    [2011/12/01 10:54:59 | 000,000,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\D3AgTd1kSFPv7p
    [2011/11/28 12:56:58 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~z5nuTcwetlZZ0N
    [2011/11/28 12:56:58 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~z5nuTcwetlZZ0Nr
    [2011/11/28 12:56:33 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\z5nuTcwetlZZ0N

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY FOR NOW

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
jage750
Posted 06 January 2012 - 10:14 AM

jage750

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here are the results after pressing 2 on RogueKiller:

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Production [Admin rights]
Mode: Remove -- Date : 01/06/2012 11:11:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 61fdf61a77190f998db8462ab93b50a8
[BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 41 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 81920 | Size: 159957 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] fa87d1d545fbea7443e212d767212069
[BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 41 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 81920 | Size: 159957 Mo
2 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 312497952 | Size: 1 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] fa87d1d545fbea7443e212d767212069
[BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 41 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 81920 | Size: 159957 Mo
2 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 312497952 | Size: 1 Mo

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] f9774b74822e32d28a28944425a626f0
[BSP] 3703d865a544c8b2f2cd2d1caa821c9e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 500105 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#4
jage750
Posted 06 January 2012 - 10:19 AM

jage750

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here are the results after pressing 6 on RogueKiller:

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Production [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/06/2012 11:18:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 67 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 26637 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  • 0

#5
jage750
Posted 06 January 2012 - 10:38 AM

jage750

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here are the results of the OTL scan:

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\~D3AgTd1kSFPv7p moved successfully.
C:\Documents and Settings\All Users\Application Data\~D3AgTd1kSFPv7pr moved successfully.
C:\Documents and Settings\All Users\Application Data\D3AgTd1kSFPv7p moved successfully.
C:\Documents and Settings\All Users\Application Data\~z5nuTcwetlZZ0N moved successfully.
C:\Documents and Settings\All Users\Application Data\~z5nuTcwetlZZ0Nr moved successfully.
C:\Documents and Settings\All Users\Application Data\z5nuTcwetlZZ0N moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Production\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Production\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Production\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Production\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Production\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Production\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Production\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Production\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Production\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Production\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 83601 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 15910 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Production
->Temp folder emptied: 2952686 bytes
->Temporary Internet Files folder emptied: 255852137 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17258298 bytes
->Flash cache emptied: 4105 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25819 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 264.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01062012_112109

Files\Folders moved on Reboot...
C:\Documents and Settings\Production\Local Settings\Temporary Internet Files\Content.IE5\9CKQ8LAC\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Production\Local Settings\Temporary Internet Files\Content.IE5\9CKQ8LAC\page__gopid__2104467[1].htm moved successfully.
C:\Documents and Settings\Production\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...
  • 0

#6
jage750
Posted 06 January 2012 - 11:18 AM

jage750

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I downloaded aswMBR.exe and the Malware prevented me from running it.
I tried a Google search and still got redirected.
After following all the steps above, the Malware is still present and affecting my computer.
So frustrating.

- Joe
  • 0

#7
Essexboy
Posted 06 January 2012 - 12:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you rename aswMBR.exe to aswMBR.scr please and try again

If it fails I will try to kill some more malware before we try it again

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow Combofix to install the recovery console as we may need it

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
jage750
Posted 09 January 2012 - 09:16 AM

jage750

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well, I give up. Ran Combofix, but the redirect Malware is still there. I think it's time to wipe the computer clean and start from scratch. I've never seen a more persistent, stubborn virus.

- Joe
  • 0

#9
Essexboy
Posted 09 January 2012 - 12:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I believe I know what it is

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#10
jage750
Posted 11 January 2012 - 09:54 AM

jage750

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the screen shot you requested:

disk management screen shot.jpg
  • 0

#11
Essexboy
Posted 11 January 2012 - 02:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I see it . Please read the following instructions two or three times untill you are happy

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)

Create a bootable CD, for Gparted from the ISO image. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is 1MB
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now boot to the Windows XP Recovery Console (which should show as a boot menu item) and execute the following commands:

  • fixmbr \Device\HardDisk0
  • fixboot c:
  • exit

Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

  • 0

#12
Essexboy
Posted 15 January 2012 - 09:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP