Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Open Cloud Malware

Started by scoot707 , Oct 01 2011 07:41 PM

  • This topic is locked This topic is locked

#1
scoot707
Posted 01 October 2011 - 07:41 PM

scoot707

    Member

  • Member
  • PipPip
  • 19 posts
Im sure this is Open Cloud AV because when I boot my computer up it automatically starts a scan and there is an icon for it on my desktop that wasn't there before. Some examples are that it closes out of most programs when I try and open them and gives me the message "The file "............" is infected. Running of application is impossible. Please activate your antivirus software.

This started occurring about 4 hours ago and I've been attempting to fix it but no luck so far. Ive tried the tutorial on this website and a separate tutorial on a different site, and both have failed to remove the virus.
The first time around I scanned my computer with Malwarebytes and I came up with several infections and I removed them immediately. After I was prompted to restart my computer, so I did and when I logged in Open Cloud was still there.
I then scanned it again with Malwarebytes and found 0 infections so I am confused as to why I still have Open Cloud on my computer.

Many thanks in advance :)

*Im running Windows Vista



OTL logfile created on: 10/1/2011 9:08:15 PM - Run 5
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\scott\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 13.55 Gb Free Space | 9.39% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.76 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTT-PC
Current User Name: scott
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 18:14:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.scr
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/06 18:14:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.scr
MOD - [2006/11/02 05:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/25 23:41:17 | 001,252,232 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/12 22:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/30 19:11:27 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 16:06:56 | 000,943,608 | ---- | M] ( ) [Auto | Stopped] -- C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\DriveDefraggerService.exe -- (DefenderProDriveDefraggerService)
SRV - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/21 21:33:20 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/04/16 21:48:12 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/11/21 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/21 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/21 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/21 00:43:42 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/21 00:42:52 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/21 00:42:12 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\UimBus.sys -- (UimBus)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\Uim_IM.sys -- (Uim_IM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEBD29B2-7D2A-4C69-AF0F-B7E554047A55}\MpKslf383e588.sys -- (MpKslf383e588)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC84C35E-1428-41F0-B961-3D98170E81D2}\MpKslbe6679db.sys -- (MpKslbe6679db)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC84C35E-1428-41F0-B961-3D98170E81D2}\MpKsl9c58f8d2.sys -- (MpKsl9c58f8d2)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81607025-B6A1-4611-BA8D-850A743C3789}\MpKsl68cc15a2.sys -- (MpKsl68cc15a2)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BC71E3C-FFC4-4285-B4BE-0BEC5E28BDF1}\MpKsl5f7d43ee.sys -- (MpKsl5f7d43ee)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F56AB796-A685-425A-A4F1-588ED3B356F7}\MpKsl4cd4e043.sys -- (MpKsl4cd4e043)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F56AB796-A685-425A-A4F1-588ED3B356F7}\MpKsl3c7ffe2c.sys -- (MpKsl3c7ffe2c)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{574771A2-4984-40B8-B0CC-4136D6F3873A}\MpKsl3b1e9176.sys -- (MpKsl3b1e9176)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74A3EE7C-BF48-4569-B8EB-2E026574BDD6}\MpKsl1b4a8e8d.sys -- (MpKsl1b4a8e8d)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\CSNPD51a64.sys -- (CSNPD51a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/04/18 13:18:50 | 000,165,648 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2009/08/14 17:46:06 | 000,067,424 | ---- | M] (CyberDefender Corp.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\CDAVFS.sys -- (CDAVFS)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/03/05 05:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080324.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/03/05 05:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080324.005\NAVENG.SYS -- (NAVENG)
DRV - [2008/02/13 12:18:22 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080314.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/01/18 05:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/10/17 18:04:58 | 000,027,800 | ---- | M] (Colasoft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CSNPD51.sys -- (CSNPD51)
DRV - [2007/07/30 20:14:43 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/07/30 19:36:12 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/04/10 15:05:38 | 001,764,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/02/01 20:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 00:45:52 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/11/21 00:45:52 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2006/11/21 00:45:52 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/11/21 00:45:50 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/11/21 00:45:50 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/11/21 00:45:50 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/11/21 00:45:42 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/21 00:45:42 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/21 00:45:42 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/21 00:45:36 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:58:52 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2006/11/02 04:57:10 | 000,066,048 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV - [2006/11/02 04:57:06 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2006/11/02 04:55:22 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2006/11/02 04:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...7-26C8F57618E5}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....10&affID=19591
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {038cb5c7-48ea-4af9-94e0-a1646542e62b}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: {4152e25e-6bba-49e4-9813-103a1d44c131}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {b31ba05d-959c-439f-a01e-552179220981}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {59c6f12b-f004-43e5-9997-08f2123119b6}:2.5.0.3
FF - prefs.js..keyword.URL: "http://search.babylo...affID=19591&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/18 00:50:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/16 01:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 20:52:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 20:52:05 | 000,000,000 | ---D | M]

[2008/06/22 01:17:02 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Extensions
[2011/10/01 17:16:28 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions
[2011/10/01 17:16:06 | 000,000,000 | ---D | M] (ToggleEN Community Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2010/07/23 11:46:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/04 18:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011/08/18 15:42:38 | 000,000,000 | ---D | M] (Xbox 360 modz Community Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{4152e25e-6bba-49e4-9813-103a1d44c131}
[2011/10/01 17:16:17 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/03/10 20:45:55 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
[2011/08/14 17:24:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/01 17:16:26 | 000,000,000 | ---D | M] (myBabylon EnglishBB Community Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011/08/14 17:24:21 | 000,000,000 | ---D | M] (Alexcruz00 Community Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{b31ba05d-959c-439f-a01e-552179220981}
[2011/08/23 14:35:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/01 17:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/03/31 14:27:12 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\[email protected]
[2011/06/23 23:07:18 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\[email protected]
[2011/09/05 21:58:43 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\[email protected]
[2010/06/09 18:16:57 | 000,004,546 | ---- | M] () -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\searchplugins\aim-search-1.xml
[2010/02/21 00:26:52 | 000,004,546 | ---- | M] () -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\searchplugins\aim-search.xml
[2011/03/10 20:46:17 | 000,002,014 | ---- | M] () -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\searchplugins\bing-zugo.xml
[2011/07/07 16:42:12 | 000,000,879 | ---- | M] () -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\searchplugins\conduit.xml
[2011/03/29 20:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/28 01:24:52 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2010/07/09 15:03:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 18:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/16 17:21:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/16 17:20:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/06/23 23:07:37 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Clip Extractor Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Clip Extractor Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [booobFF3pmG5QJd8234A] C:\Windows\System32\nBBBrzPPNyx1.exe ()
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [CyberDefender Early Detection Center] C:\Users\scott\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas4549.exe (CyberDefender Corp.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\scott\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\scott\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011/10/01 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tF44ppmH5sQJdE8
[2011/10/01 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RelBBtzP01v
[2011/10/01 20:43:06 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tEEKK8gRZ9
[2011/10/01 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\ZivvDD2onF4pH5Q
[2011/10/01 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\sRRZZqhhwkUVlBt
[2011/10/01 20:15:11 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RyyyS1iv3onFm5W
[2011/10/01 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tdEEL8gRZqhYw
[2011/10/01 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\K8TCwUrlOBP1omW
[2011/10/01 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\h00uucSS1ib3oG4
[2011/10/01 18:56:10 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\xZZZqjYYwkIVlOt
[2011/10/01 17:41:35 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\Malwarebytes
[2011/10/01 17:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/01 17:41:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/01 17:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/01 17:35:42 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\ERRRL99hTXqUC
[2011/10/01 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\IbFFF3pmG5aQ6dK
[2011/10/01 17:23:18 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\scott\Desktop\iexplore.exe
[2011/10/01 17:16:19 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\DyyccA11ivDon4m
[2011/10/01 17:16:18 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\y77d8ZhYYXkVlBz
[2011/10/01 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\OVVVrllOBtxPyc1
[2011/10/01 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\FJ777fEL8gTZqYw
[2011/10/01 15:23:42 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\pfffRRZ9hTXwUCl
[2011/09/18 16:45:50 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Local\PackageAware
[2011/09/04 19:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/01 21:18:38 | 000,000,000 | ---D | C] -- C:\Users\scott\Desktop\Desktop Icons
[2011/08/16 15:08:20 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Local\Facebook
[2011/08/05 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\MP3Rocket
[2011/08/05 16:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Rocket
[2011/07/16 01:53:51 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Local\DDMSettings
[2011/07/16 01:50:56 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\DivX
[2011/07/16 01:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/07/16 01:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2007/07/30 19:58:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 90 Days ==========

[2011/10/01 21:07:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/01 21:06:07 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/10/01 21:06:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/10/01 21:06:05 | 003,670,016 | -HS- | M] () -- C:\Users\scott\ntuser.dat
[2011/10/01 21:06:02 | 001,554,152 | -H-- | M] () -- C:\Users\scott\AppData\Local\IconCache.db
[2011/10/01 21:04:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/01 21:03:26 | 000,015,086 | ---- | M] () -- C:\Users\scott\AppData\Roaming\tF44ppmH5sQJdE8Open Cloud AV.ico
[2011/10/01 21:03:26 | 000,001,714 | ---- | M] () -- C:\Users\scott\Desktop\Open Cloud AV.lnk
[2011/10/01 21:02:32 | 000,001,332 | ---- | M] () -- C:\Users\scott\Desktop\Clean Registry for Free!.lnk
[2011/10/01 21:02:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/01 21:02:13 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 21:02:13 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 21:02:10 | 000,000,000 | ---- | M] () -- C:\Windows\3042391979
[2011/10/01 20:43:06 | 000,015,086 | ---- | M] () -- C:\Users\scott\AppData\Roaming\tEEKK8gRZ9Open Cloud AV.ico
[2011/10/01 20:34:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/01 20:15:31 | 000,015,086 | ---- | M] () -- C:\Users\scott\AppData\Roaming\sRRZZqhhwkUVlBtOpen Cloud AV.ico
[2011/10/01 19:02:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
[2011/10/01 18:59:57 | 000,015,086 | ---- | M] () -- C:\Users\scott\AppData\Roaming\tdEEL8gRZqhYwOpen Cloud AV.ico
[2011/10/01 18:56:17 | 000,015,086 | ---- | M] () -- C:\Users\scott\AppData\Roaming\h00uucSS1ib3oG4Open Cloud AV.ico
[2011/10/01 17:39:46 | 000,000,147 | ---- | M] () -- C:\Users\scott\Desktop\rk-proxy.reg
[2011/10/01 17:35:55 | 000,015,086 | ---- | M] () -- C:\Users\scott\AppData\Roaming\ERRRL99hTXqUCOpen Cloud AV.ico
[2011/10/01 17:24:44 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\scott\Desktop\iexplore.exe
[2011/10/01 17:16:19 | 000,015,086 | ---- | M] () -- C:\Users\scott\AppData\Roaming\DyyccA11ivDon4mOpen Cloud AV.ico
[2011/10/01 17:04:05 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
[2011/10/01 17:04:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
[2011/10/01 16:45:35 | 000,000,109 | ---- | M] () -- C:\Users\scott\Desktop\fixtm.reg
[2011/10/01 15:23:55 | 000,001,207 | ---- | M] () -- C:\Users\scott\AppData\Roaming\ldr.ini
[2011/10/01 15:23:54 | 000,015,086 | ---- | M] () -- C:\Users\scott\AppData\Roaming\OVVVrllOBtxPyc1Open Cloud AV.ico
[2011/10/01 15:23:42 | 002,400,256 | ---- | M] () -- C:\Windows\System32\nBBBrzPPNyx1.exe
[2011/10/01 15:13:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
[2011/10/01 09:44:24 | 000,000,793 | ---- | M] () -- C:\Windows\System32\UltimateAIOFighter.properties
[2011/10/01 09:37:17 | 000,000,008 | ---- | M] () -- C:\Users\scott\AppData\Roaming\RSBuddy Login.ini
[2011/10/01 09:34:52 | 000,000,129 | ---- | M] () -- C:\Users\scott\jagex_runescape_preferences2.dat
[2011/10/01 09:34:52 | 000,000,046 | ---- | M] () -- C:\Users\scott\jagex_runescape_preferences.dat
[2011/10/01 09:33:59 | 001,082,893 | ---- | M] () -- C:\Windows\System32\RSBuddy.jar
[2011/09/29 20:48:16 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for scott.job
[2011/09/24 13:01:09 | 000,000,098 | ---- | M] () -- C:\Users\scott\AppData\Roaming\RSBuddy_scoot707.ini
[2011/09/17 14:59:48 | 000,119,808 | ---- | M] () -- C:\Users\scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/17 12:58:29 | 220,142,258 | ---- | M] () -- C:\Users\scott\Documents\clip0387.avi
[2011/09/16 16:14:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/09/09 16:07:37 | 000,720,952 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/09/09 16:07:37 | 000,621,314 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/09 16:07:37 | 000,104,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/06 20:48:56 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/04 19:18:31 | 000,001,772 | ---- | M] () -- C:\Users\scott\Desktop\Microsoft Security Essentials.lnk
[2011/09/04 19:10:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/05 16:11:31 | 000,001,731 | ---- | M] () -- C:\Users\scott\Desktop\MP3 Rocket 6.0.2.lnk
[2011/08/05 16:11:31 | 000,000,883 | ---- | M] () -- C:\Users\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.0.2.lnk
[2011/07/25 20:05:00 | 021,120,486 | ---- | M] () -- C:\Users\scott\Documents\clip0386.avi
[2011/07/21 23:16:47 | 041,390,646 | ---- | M] () -- C:\Users\scott\Documents\clip0385.avi
[2011/07/21 22:09:40 | 004,945,434 | ---- | M] () -- C:\Users\scott\Documents\clip0384.avi
[2011/07/21 04:06:57 | 898,991,102 | ---- | M] () -- C:\Users\scott\Documents\clip0383.avi
[2011/07/21 03:21:25 | 002,384,222 | ---- | M] () -- C:\Users\scott\Documents\clip0382.avi
[2011/07/21 03:21:03 | 000,055,588 | ---- | M] () -- C:\Users\scott\Documents\clip0381.avi
[2011/07/17 00:30:53 | 012,618,350 | ---- | M] () -- C:\Users\scott\Documents\clip0380.avi
[2011/07/14 06:14:48 | 2251,461,602 | ---- | M] () -- C:\Users\scott\Documents\clip0379.avi
[2011/07/13 21:56:25 | 2100,302,686 | ---- | M] () -- C:\Users\scott\Documents\clip0378.avi
[2011/07/13 19:04:43 | 596,008,258 | ---- | M] () -- C:\Users\scott\Documents\clip0377.avi
[2011/07/08 10:56:32 | 271,933,358 | ---- | M] () -- C:\Users\scott\Documents\clip0376.avi
[2011/07/08 09:35:28 | 065,280,270 | ---- | M] () -- C:\Users\scott\Documents\clip0375.avi
[2011/07/08 08:14:52 | 1176,634,340 | ---- | M] () -- C:\Users\scott\Documents\clip0374.avi

========== Files Created - No Company Name ==========

[2011/10/01 21:03:26 | 000,015,086 | ---- | C] () -- C:\Users\scott\AppData\Roaming\tF44ppmH5sQJdE8Open Cloud AV.ico
[2011/10/01 20:43:06 | 000,015,086 | ---- | C] () -- C:\Users\scott\AppData\Roaming\tEEKK8gRZ9Open Cloud AV.ico
[2011/10/01 20:15:39 | 000,001,714 | ---- | C] () -- C:\Users\scott\Desktop\Open Cloud AV.lnk
[2011/10/01 20:15:22 | 000,015,086 | ---- | C] () -- C:\Users\scott\AppData\Roaming\sRRZZqhhwkUVlBtOpen Cloud AV.ico
[2011/10/01 18:59:57 | 000,015,086 | ---- | C] () -- C:\Users\scott\AppData\Roaming\tdEEL8gRZqhYwOpen Cloud AV.ico
[2011/10/01 18:56:15 | 000,015,086 | ---- | C] () -- C:\Users\scott\AppData\Roaming\h00uucSS1ib3oG4Open Cloud AV.ico
[2011/10/01 17:39:46 | 000,000,147 | ---- | C] () -- C:\Users\scott\Desktop\rk-proxy.reg
[2011/10/01 17:35:44 | 000,015,086 | ---- | C] () -- C:\Users\scott\AppData\Roaming\ERRRL99hTXqUCOpen Cloud AV.ico
[2011/10/01 17:16:19 | 000,015,086 | ---- | C] () -- C:\Users\scott\AppData\Roaming\DyyccA11ivDon4mOpen Cloud AV.ico
[2011/10/01 16:45:36 | 000,000,109 | ---- | C] () -- C:\Users\scott\Desktop\fixtm.reg
[2011/10/01 15:23:54 | 000,015,086 | ---- | C] () -- C:\Users\scott\AppData\Roaming\OVVVrllOBtxPyc1Open Cloud AV.ico
[2011/10/01 15:23:54 | 000,001,207 | ---- | C] () -- C:\Users\scott\AppData\Roaming\ldr.ini
[2011/10/01 15:23:42 | 002,400,256 | ---- | C] () -- C:\Windows\System32\nBBBrzPPNyx1.exe
[2011/10/01 15:20:37 | 000,000,000 | ---- | C] () -- C:\Windows\3042391979
[2011/10/01 09:37:17 | 000,000,008 | ---- | C] () -- C:\Users\scott\AppData\Roaming\RSBuddy Login.ini
[2011/09/17 12:46:41 | 220,142,258 | ---- | C] () -- C:\Users\scott\Documents\clip0387.avi
[2011/09/08 18:14:36 | 000,000,793 | ---- | C] () -- C:\Windows\System32\UltimateAIOFighter.properties
[2011/09/06 17:19:42 | 001,082,893 | ---- | C] () -- C:\Windows\System32\RSBuddy.jar
[2011/09/04 19:18:31 | 000,001,772 | ---- | C] () -- C:\Users\scott\Desktop\Microsoft Security Essentials.lnk
[2011/09/04 19:10:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/02 14:29:50 | 000,001,332 | ---- | C] () -- C:\Users\scott\Desktop\Clean Registry for Free!.lnk
[2011/08/16 15:08:23 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
[2011/08/16 15:08:23 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
[2011/08/05 16:11:31 | 000,001,731 | ---- | C] () -- C:\Users\scott\Desktop\MP3 Rocket 6.0.2.lnk
[2011/08/05 16:11:31 | 000,000,883 | ---- | C] () -- C:\Users\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.0.2.lnk
[2011/07/25 20:00:24 | 021,120,486 | ---- | C] () -- C:\Users\scott\Documents\clip0386.avi
[2011/07/21 22:40:53 | 041,390,646 | ---- | C] () -- C:\Users\scott\Documents\clip0385.avi
[2011/07/21 22:04:54 | 004,945,434 | ---- | C] () -- C:\Users\scott\Documents\clip0384.avi
[2011/07/21 03:21:33 | 898,991,102 | ---- | C] () -- C:\Users\scott\Documents\clip0383.avi
[2011/07/21 03:21:10 | 002,384,222 | ---- | C] () -- C:\Users\scott\Documents\clip0382.avi
[2011/07/21 03:20:58 | 000,055,588 | ---- | C] () -- C:\Users\scott\Documents\clip0381.avi
[2011/07/17 00:26:10 | 012,618,350 | ---- | C] () -- C:\Users\scott\Documents\clip0380.avi
[2011/07/14 04:17:43 | 2251,461,602 | ---- | C] () -- C:\Users\scott\Documents\clip0379.avi
[2011/07/13 20:15:11 | 2100,302,686 | ---- | C] () -- C:\Users\scott\Documents\clip0378.avi
[2011/07/13 18:27:36 | 596,008,258 | ---- | C] () -- C:\Users\scott\Documents\clip0377.avi
[2011/07/08 10:24:50 | 271,933,358 | ---- | C] () -- C:\Users\scott\Documents\clip0376.avi
[2011/07/08 09:29:32 | 065,280,270 | ---- | C] () -- C:\Users\scott\Documents\clip0375.avi
[2011/07/08 06:55:59 | 1176,634,340 | ---- | C] () -- C:\Users\scott\Documents\clip0374.avi
[2010/02/26 12:53:06 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/08/14 18:10:11 | 000,000,263 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/14 17:47:40 | 000,000,055 | ---- | C] () -- C:\Windows\av_affiliate.ini
[2009/08/14 17:47:28 | 000,000,055 | ---- | C] () -- C:\Windows\as_affiliate.ini
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/12/30 14:26:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/30 14:04:29 | 000,000,018 | ---- | C] () -- C:\Windows\Epson777.ini
[2007/09/14 06:02:06 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/09/14 06:02:06 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/07/30 20:58:15 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/30 19:58:46 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/30 18:50:39 | 000,000,701 | ---- | C] () -- C:\Windows\generic.ini
[2007/07/30 18:50:38 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/30 18:50:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/05/11 16:12:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:57:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/06/13 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\.minecraft
[2010/02/19 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\acccore
[2007/12/25 11:28:15 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Acer
[2008/05/24 11:38:31 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Atari
[2011/07/28 02:51:16 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Audacity
[2008/12/11 16:31:22 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Bin
[2010/02/15 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Colasoft Packet Builder
[2010/01/17 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Datel
[2010/07/08 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Def
[2008/04/06 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Defender Pro
[2010/01/05 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\DriverCure
[2011/10/01 17:16:19 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\DyyccA11ivDon4m
[2011/10/01 17:35:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\ERRRL99hTXqUC
[2007/12/25 09:55:22 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\eSobi
[2011/10/01 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\FJ777fEL8gTZqYw
[2011/08/05 16:06:40 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\FrostWire
[2007/12/30 13:39:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\FUJIFILM
[2010/05/06 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\GameTuts
[2008/05/19 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\GetRightToGo
[2011/08/07 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\godzHell
[2011/10/01 18:56:11 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\h00uucSS1ib3oG4
[2011/10/01 17:35:41 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\IbFFF3pmG5aQ6dK
[2010/11/03 20:57:11 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\IObit
[2011/10/01 18:59:56 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\K8TCwUrlOBP1omW
[2007/12/25 11:28:14 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Leadertech
[2009/06/19 11:50:57 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\LimeWire
[2011/04/07 20:01:26 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\LolClient
[2010/12/29 23:54:27 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\ManyCam
[2011/06/23 23:06:16 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Media Get LLC
[2011/09/14 16:53:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\MP3Rocket
[2010/04/17 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Octoshape
[2010/09/04 20:06:15 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\ooVoo Details
[2011/10/01 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\OVVVrllOBtxPyc1
[2011/06/07 14:46:53 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\PeerNetworking
[2011/10/01 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\pfffRRZ9hTXwUCl
[2009/03/28 01:37:41 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Publish Providers
[2011/10/01 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\RelBBtzP01v
[2011/10/01 20:15:11 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\RyyyS1iv3onFm5W
[2009/03/31 18:58:05 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Sammsoft
[2010/03/13 00:27:22 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Sony
[2011/10/01 20:15:12 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\sRRZZqhhwkUVlBt
[2011/10/01 18:59:56 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\tdEEL8gRZqhYw
[2011/10/01 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\tEEKK8gRZ9
[2007/12/30 14:11:48 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Template
[2011/10/01 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\tF44ppmH5sQJdE8
[2009/08/14 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\VersionTracker Pro
[2010/07/26 14:25:38 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\WeatherBug
[2009/06/18 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Windows Live Writer
[2010/02/15 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Wireshark
[2011/10/01 18:56:10 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\xZZZqjYYwkIVlOt
[2011/10/01 17:16:18 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\y77d8ZhYYXkVlBz
[2011/10/01 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\ZivvDD2onF4pH5Q
[2008/06/15 17:10:23 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/10/01 17:04:05 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
[2011/10/01 15:13:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
[2011/10/01 21:06:07 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\Windows\3042391979:1422436426.exe
@Alternate Data Stream - 64 bytes -> C:\Users\scott\Documents\oovoo vid.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\scott\Documents\clip0371.avi:TOC.WMV
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >

Attached Files

  • Attached File  OTL.Txt   128.9KB   98 downloads

Edited by scoot707, 03 October 2011 - 12:25 PM.

  • 0

Advertisements

#2
maliprog
Posted 05 October 2011 - 02:47 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello drewdreworld and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

After this please continue with steps below.

Step 2

Please restart in safe mode with networking:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Run Step 3 and Step 4 in safe mode.

Step 3

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 4

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 5

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
scoot707
Posted 05 October 2011 - 12:21 PM

scoot707

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
When I logged on to my computer today the malware seemed to be gone so I want to conform that it is still safe to go ahead with this procedure.
  • 0

#4
scoot707
Posted 05 October 2011 - 05:58 PM

scoot707

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 11-10-05.02 - scott 10/05/2011 19:25:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1348 [GMT -4:00]
Running from: c:\users\scott\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Clip Extractor Toolbar\tbHElper.dll
c:\users\scott\AppData\Roaming\c00uucS1iOpen Cloud AV.ico
c:\users\scott\AppData\Roaming\DyyccA11ivDon4mOpen Cloud AV.ico
c:\users\scott\AppData\Roaming\ERRRL99hTXqUCOpen Cloud AV.ico
c:\users\scott\AppData\Roaming\F1uuvvS2obF3mGaOpen Cloud AV.ico
c:\users\scott\AppData\Roaming\h00uucSS1ib3oG4Open Cloud AV.ico
c:\users\scott\AppData\Roaming\OVVVrllOBtxPyc1Open Cloud AV.ico
c:\users\scott\AppData\Roaming\SHH66sWK7fELgTqOpen Cloud AV.ico
c:\users\scott\AppData\Roaming\sRRZZqhhwkUVlBtOpen Cloud AV.ico
c:\users\scott\AppData\Roaming\tCCCeekIBrzOyx0Open Cloud AV.ico
c:\users\scott\AppData\Roaming\tdEEL8gRZqhYwOpen Cloud AV.ico
c:\users\scott\AppData\Roaming\tEEKK8gRZ9Open Cloud AV.ico
c:\users\scott\AppData\Roaming\tF44ppmH5sQJdE8Open Cloud AV.ico
c:\users\scott\AppData\Roaming\UgggTZZqYCwIVlOpen Cloud AV.ico
c:\users\scott\AppData\Roaming\zfffRLL9hTXjCeIOpen Cloud AV.ico
c:\windows\$NtUninstallKB893$
c:\windows\$NtUninstallKB893$\1504805484
c:\windows\$NtUninstallKB893$\2872530869\@
c:\windows\$NtUninstallKB893$\2872530869\bckfg.tmp
c:\windows\$NtUninstallKB893$\2872530869\cfg.ini
c:\windows\$NtUninstallKB893$\2872530869\Desktop.ini
c:\windows\$NtUninstallKB893$\2872530869\keywords
c:\windows\$NtUninstallKB893$\2872530869\kwrd.dll
c:\windows\$NtUninstallKB893$\2872530869\L\qnbwvoto
c:\windows\$NtUninstallKB893$\2872530869\lsflt7.ver
c:\windows\$NtUninstallKB893$\2872530869\U\00000001.@
c:\windows\$NtUninstallKB893$\2872530869\U\00000002.@
c:\windows\$NtUninstallKB893$\2872530869\U\80000000.@
c:\windows\$NtUninstallKB893$\2872530869\U\80000032.@
c:\windows\system32\FF05DA0D.dll
c:\windows\XSxS
.
Infected copy of c:\windows\system32\drivers\smb.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ab3757b5
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))
.
.
2011-10-05 23:41 . 2011-10-05 23:46 -------- d-----w- c:\users\scott\AppData\Local\temp
2011-10-05 23:41 . 2011-10-05 23:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-10-05 23:41 . 2011-10-05 23:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-05 23:41 . 2011-10-05 23:41 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-05 23:41 . 2011-10-05 23:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-10-05 23:41 . 2011-10-05 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-05 23:22 . 2006-11-02 08:57 66048 ----a-w- c:\windows\system32\drivers\smb.sys
2011-10-04 20:02 . 2011-10-04 20:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 18:26 . 2011-10-04 18:31 -------- d-----w- c:\users\scott\AppData\Roaming\tCCCeekIBrzOyx0
2011-10-04 18:26 . 2011-10-04 18:26 -------- d-----w- c:\users\scott\AppData\Roaming\aJJ66dWK8fRL9Tq
2011-10-03 23:10 . 2011-10-03 23:10 -------- d-----w- c:\users\scott\AppData\Roaming\UgggTZZqYCwIVl
2011-10-03 23:10 . 2011-10-03 23:10 -------- d-----w- c:\users\scott\AppData\Roaming\RRgD3pnG4aQHsW7
2011-10-03 18:13 . 2011-10-03 18:13 -------- d-----w- c:\users\scott\AppData\Roaming\jBBrzPPNyx
2011-10-03 18:13 . 2011-10-03 18:13 -------- d-----w- c:\users\scott\AppData\Roaming\F1uuvvS2obF3mGa
2011-10-02 16:58 . 2011-10-02 16:58 -------- d-----w- c:\users\scott\AppData\Roaming\SHH66sWK7fELgTq
2011-10-02 16:58 . 2011-10-02 16:58 -------- d-----w- c:\users\scott\AppData\Roaming\i000uccS2ibDpn4
2011-10-02 15:32 . 2011-10-02 15:32 -------- d-----w- c:\users\scott\AppData\Roaming\zfffRLL9hTXjCeI
2011-10-02 15:32 . 2011-10-02 15:32 -------- d-----w- c:\users\scott\AppData\Roaming\RvvvS2obFpmGaQ6
2011-10-02 14:11 . 2011-10-02 14:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-02 01:13 . 2011-10-02 01:13 -------- d-----w- c:\users\scott\AppData\Roaming\KH6sWK7fELgTqYk
2011-10-02 01:13 . 2011-10-02 01:13 -------- d-----w- c:\users\scott\AppData\Roaming\c00uucS1i
2011-10-02 01:03 . 2011-10-02 01:03 -------- d-----w- c:\users\scott\AppData\Roaming\tF44ppmH5sQJdE8
2011-10-02 01:03 . 2011-10-02 01:03 -------- d-----w- c:\users\scott\AppData\Roaming\RelBBtzP01v
2011-10-02 00:43 . 2011-10-02 00:43 -------- d-----w- c:\users\scott\AppData\Roaming\tEEKK8gRZ9
2011-10-02 00:43 . 2011-10-02 00:43 -------- d-----w- c:\users\scott\AppData\Roaming\ZivvDD2onF4pH5Q
2011-10-02 00:15 . 2011-10-02 00:15 -------- d-----w- c:\users\scott\AppData\Roaming\sRRZZqhhwkUVlBt
2011-10-02 00:15 . 2011-10-02 00:15 -------- d-----w- c:\users\scott\AppData\Roaming\RyyyS1iv3onFm5W
2011-10-01 22:59 . 2011-10-01 22:59 -------- d-----w- c:\users\scott\AppData\Roaming\tdEEL8gRZqhYw
2011-10-01 22:59 . 2011-10-01 22:59 -------- d-----w- c:\users\scott\AppData\Roaming\K8TCwUrlOBP1omW
2011-10-01 22:56 . 2011-10-01 22:56 -------- d-----w- c:\users\scott\AppData\Roaming\h00uucSS1ib3oG4
2011-10-01 22:56 . 2011-10-01 22:56 -------- d-----w- c:\users\scott\AppData\Roaming\xZZZqjYYwkIVlOt
2011-10-01 21:41 . 2011-10-01 21:41 -------- d-----w- c:\users\scott\AppData\Roaming\Malwarebytes
2011-10-01 21:41 . 2011-10-01 21:41 -------- d-----w- c:\programdata\Malwarebytes
2011-10-01 21:41 . 2011-10-02 14:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-01 21:41 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-01 21:35 . 2011-10-01 21:35 -------- d-----w- c:\users\scott\AppData\Roaming\ERRRL99hTXqUC
2011-10-01 21:35 . 2011-10-01 21:35 -------- d-----w- c:\users\scott\AppData\Roaming\IbFFF3pmG5aQ6dK
2011-10-01 21:16 . 2011-10-01 21:16 -------- d-----w- c:\users\scott\AppData\Roaming\DyyccA11ivDon4m
2011-10-01 21:16 . 2011-10-01 21:16 -------- d-----w- c:\users\scott\AppData\Roaming\y77d8ZhYYXkVlBz
2011-10-01 19:23 . 2011-10-01 19:23 -------- d-----w- c:\users\scott\AppData\Roaming\OVVVrllOBtxPyc1
2011-10-01 19:23 . 2011-10-01 19:23 -------- d-----w- c:\users\scott\AppData\Roaming\FJ777fEL8gTZqYw
2011-10-01 19:23 . 2011-10-01 19:23 -------- d-----w- c:\users\scott\AppData\Roaming\pfffRRZ9hTXwUCl
2011-09-30 23:12 . 2011-09-30 23:12 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87050E0E-75CB-4845-B442-42AF7ABC9C27}\offreg.dll
2011-09-30 14:11 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87050E0E-75CB-4845-B442-42AF7ABC9C27}\mpengine.dll
2011-09-18 20:45 . 2011-09-18 20:45 -------- d-----w- c:\users\scott\AppData\Local\PackageAware
2011-09-06 18:32 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2011-09-03 06:03 7152464 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FC6B097-A15D-4B98-B433-7C04D1019A32}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-03-11 00:45 81920 ----a-w- c:\program files\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files\oovootoolbar\oovootoolbarX.dll" [2011-03-11 81920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Octoshape Streaming Services"="c:\users\scott\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"CyberDefender Early Detection Center"="c:\users\scott\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas4549.exe" [2010-07-08 636232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"MediaGet2"="c:\users\scott\AppData\Local\MediaGet2\mediaget.exe" [2011-09-29 8208384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2005-08-18 749568]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Defender Pro Drive Defragger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Defender Pro Drive Defragger.lnk
backup=c:\windows\pss\Defender Pro Drive Defragger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E_SPSU01.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\E_SPSU01.lnk
backup=c:\windows\pss\E_SPSU01.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk
backup=c:\windows\pss\MP3 Rocket (Minimized).lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 22:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar]
2010-11-07 09:22 286720 ----a-w- c:\program files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2001-12-17 19:18 483394 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberDefender Early Detection Center]
2010-07-08 03:22 636232 ----a-w- c:\users\scott\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas4549.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-08-16 19:08 137536 ----atw- c:\users\scott\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-15 23:34 136176 ----atw- c:\users\scott\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAntiSpy]
2007-09-05 11:06 1630208 ----a-w- c:\program files\DefenderPro\TSAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-01-25 14:07 22504120 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2007-06-22 01:33 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-10 16:01 4431872 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 06:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-02-02 00:37 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbhSystray]
2011-10-05 23:44 492840 ----a-w- c:\program files\tbh\base\bin\tbhSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 17:31 81920 ----a-w- c:\windows\System32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Runtime]
2010-02-08 22:27 24570 ---ha-w- c:\users\scott\javar.jar
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl1b4a8e8d;MpKsl1b4a8e8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74A3EE7C-BF48-4569-B8EB-2E026574BDD6}\MpKsl1b4a8e8d.sys [x]
R1 MpKsl3b1e9176;MpKsl3b1e9176;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{574771A2-4984-40B8-B0CC-4136D6F3873A}\MpKsl3b1e9176.sys [x]
R1 MpKsl3c7ffe2c;MpKsl3c7ffe2c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F56AB796-A685-425A-A4F1-588ED3B356F7}\MpKsl3c7ffe2c.sys [x]
R1 MpKsl4cd4e043;MpKsl4cd4e043;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F56AB796-A685-425A-A4F1-588ED3B356F7}\MpKsl4cd4e043.sys [x]
R1 MpKsl5f7d43ee;MpKsl5f7d43ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BC71E3C-FFC4-4285-B4BE-0BEC5E28BDF1}\MpKsl5f7d43ee.sys [x]
R1 MpKsl68cc15a2;MpKsl68cc15a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81607025-B6A1-4611-BA8D-850A743C3789}\MpKsl68cc15a2.sys [x]
R1 MpKsl9c58f8d2;MpKsl9c58f8d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC84C35E-1428-41F0-B961-3D98170E81D2}\MpKsl9c58f8d2.sys [x]
R1 MpKslbe6679db;MpKslbe6679db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC84C35E-1428-41F0-B961-3D98170E81D2}\MpKslbe6679db.sys [x]
R1 MpKslf383e588;MpKslf383e588;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEBD29B2-7D2A-4C69-AF0F-B7E554047A55}\MpKslf383e588.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 CSNPD51;CSNPD51 NDIS Protocol Driver;c:\windows\system32\Drivers\CSNPD51.sys [2007-10-17 27800]
R3 CSNPD51a64;CSNPD51a64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSNPD51a64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2009-10-20 50704]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2006-11-21 37008]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-09 207792]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 261680]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448]
S2 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2009-08-14 67424]
S2 DefenderProDriveDefraggerService;DefenderProDriveDefraggerService;c:\program files\Defender Pro\Defender Pro Drive Defragger\bin\DriveDefraggerService.exe [2007-07-24 943608]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2008-06-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
2011-10-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
- c:\users\scott\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-16 19:08]
.
2011-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
- c:\users\scott\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-16 19:08]
.
2011-10-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-21 18:23]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:21]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:21]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
- c:\users\scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 23:34]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
- c:\users\scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 23:34]
.
2011-09-30 c:\windows\Tasks\Norton Security Scan for scott.job
- c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-12 08:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{5CAF01BC-966A-41F2-80A7-26C8F57618E5}
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
FF - ProfilePath - c:\users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=fc8bd016000000000000001c250a7531&tlver=1.4.23.10&instlRef=sst&affID=19591&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-booobFF3pmG5QJd8234A - c:\windows\system32\nBBBrzPPNyx1.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 19:46
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-10-05 19:54:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-05 23:53
ComboFix2.txt 2010-07-08 20:01
.
Pre-Run: 12,064,526,336 bytes free
Post-Run: 14,511,124,480 bytes free
.
- - End Of File - - C09161CB255E7DEA8D328A5BDA03DE10
  • 0

#5
maliprog
Posted 05 October 2011 - 11:41 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi scoot707,

You are still infected. Open Cloud was part of malware you see. You also have rootkit that you don't see in standard scans. Please continue with steps to clean your system.

Step 1

Please update your Malwarebytes and do Quick Scan. Post log here for me after the scan.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#6
scoot707
Posted 06 October 2011 - 04:32 AM

scoot707

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7869

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

10/6/2011 6:25:28 AM
mbam-log-2011-10-06 (06-25-02).txt

Scan type: Quick scan
Objects scanned: 205352
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\scott\AppData\Roaming\ldr.ini (Malware.Trace) -> No action taken.
c:\Users\scott\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
  • 0

#7
scoot707
Posted 06 October 2011 - 04:33 AM

scoot707

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 10/6/2011 6:24:47 AM - Run 6
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\scott\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 13.47 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.76 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTT-PC
Current User Name: scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2011/10/06 06:02:00 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/09/29 09:33:37 | 008,208,384 | ---- | M] (MediaGet LLC) -- C:\Users\scott\AppData\Local\MediaGet2\mediaget.exe
PRC - [2011/09/08 14:29:00 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/25 22:38:51 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Users\scott\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/06 18:14:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.scr
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\scott\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/24 17:10:20 | 000,077,824 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\defragActivityMonitor.exe
PRC - [2007/07/24 16:06:56 | 000,943,608 | ---- | M] ( ) -- C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\DriveDefraggerService.exe
PRC - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/21 21:33:20 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007/06/15 19:48:02 | 000,326,440 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007/04/16 21:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/03/22 12:09:18 | 000,132,704 | ---- | M] (ashampoo Technology GmbH & Co. KG) -- C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\defragMonitorService.exe
PRC - [2006/11/21 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/21 00:43:42 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


========== Modules (SafeList) ==========

MOD - [2010/07/06 18:14:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.scr
MOD - [2006/11/02 05:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/25 23:41:17 | 001,252,232 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/12 22:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/30 19:11:27 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 16:06:56 | 000,943,608 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\DriveDefraggerService.exe -- (DefenderProDriveDefraggerService)
SRV - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/21 21:33:20 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/04/16 21:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/11/21 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/21 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/21 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/21 00:43:42 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/21 00:42:52 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/21 00:42:12 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\UimBus.sys -- (UimBus)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\Uim_IM.sys -- (Uim_IM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEBD29B2-7D2A-4C69-AF0F-B7E554047A55}\MpKslf383e588.sys -- (MpKslf383e588)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC84C35E-1428-41F0-B961-3D98170E81D2}\MpKslbe6679db.sys -- (MpKslbe6679db)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC84C35E-1428-41F0-B961-3D98170E81D2}\MpKsl9c58f8d2.sys -- (MpKsl9c58f8d2)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81607025-B6A1-4611-BA8D-850A743C3789}\MpKsl68cc15a2.sys -- (MpKsl68cc15a2)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BC71E3C-FFC4-4285-B4BE-0BEC5E28BDF1}\MpKsl5f7d43ee.sys -- (MpKsl5f7d43ee)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F56AB796-A685-425A-A4F1-588ED3B356F7}\MpKsl4cd4e043.sys -- (MpKsl4cd4e043)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F56AB796-A685-425A-A4F1-588ED3B356F7}\MpKsl3c7ffe2c.sys -- (MpKsl3c7ffe2c)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{574771A2-4984-40B8-B0CC-4136D6F3873A}\MpKsl3b1e9176.sys -- (MpKsl3b1e9176)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74A3EE7C-BF48-4569-B8EB-2E026574BDD6}\MpKsl1b4a8e8d.sys -- (MpKsl1b4a8e8d)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\CSNPD51a64.sys -- (CSNPD51a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/04/18 13:18:50 | 000,165,648 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2009/08/14 17:46:06 | 000,067,424 | ---- | M] (CyberDefender Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\CDAVFS.sys -- (CDAVFS)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/03/05 05:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080324.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/03/05 05:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080324.005\NAVENG.SYS -- (NAVENG)
DRV - [2008/02/13 12:18:22 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080314.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/01/18 05:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/10/17 18:04:58 | 000,027,800 | ---- | M] (Colasoft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CSNPD51.sys -- (CSNPD51)
DRV - [2007/07/30 20:14:43 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/07/30 19:36:12 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/04/10 15:05:38 | 001,764,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/02/01 20:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 00:45:52 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/11/21 00:45:52 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2006/11/21 00:45:52 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/11/21 00:45:50 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/11/21 00:45:50 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/11/21 00:45:50 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/11/21 00:45:42 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/21 00:45:42 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/21 00:45:42 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/21 00:45:36 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:58:52 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2006/11/02 04:57:06 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2006/11/02 04:55:22 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2006/11/02 04:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...7-26C8F57618E5}
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {038cb5c7-48ea-4af9-94e0-a1646542e62b}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: {4152e25e-6bba-49e4-9813-103a1d44c131}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {b31ba05d-959c-439f-a01e-552179220981}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {59c6f12b-f004-43e5-9997-08f2123119b6}:2.5.0.3
FF - prefs.js..keyword.URL: "http://search.babylo...affID=19591&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/18 00:50:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/16 01:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 20:52:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 20:52:05 | 000,000,000 | ---D | M]

[2008/06/22 01:17:02 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Extensions
[2011/10/04 15:30:49 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions
[2011/10/01 17:16:06 | 000,000,000 | ---D | M] (ToggleEN Community Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2010/07/23 11:46:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/04 18:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011/08/18 15:42:38 | 000,000,000 | ---D | M] (Xbox 360 modz Community Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{4152e25e-6bba-49e4-9813-103a1d44c131}
[2011/10/01 17:16:17 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/03/10 20:45:55 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
[2011/08/14 17:24:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/01 17:16:26 | 000,000,000 | ---D | M] (myBabylon EnglishBB Community Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011/08/14 17:24:21 | 000,000,000 | ---D | M] (Alexcruz00 Community Toolbar) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{b31ba05d-959c-439f-a01e-552179220981}
[2011/08/23 14:35:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/01 17:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/03/31 14:27:12 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\[email protected]
[2011/06/23 23:07:18 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\[email protected]
[2011/10/04 15:30:49 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\staged
[2011/09/05 21:58:43 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\extensions\[email protected]
[2010/06/09 18:16:57 | 000,004,546 | ---- | M] () -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\searchplugins\aim-search-1.xml
[2010/02/21 00:26:52 | 000,004,546 | ---- | M] () -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\searchplugins\aim-search.xml
[2011/03/10 20:46:17 | 000,002,014 | ---- | M] () -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\searchplugins\bing-zugo.xml
[2011/07/07 16:42:12 | 000,000,879 | ---- | M] () -- C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t0gif04g.default\searchplugins\conduit.xml
[2011/03/29 20:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/28 01:24:52 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2010/07/09 15:03:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 18:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/16 17:21:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/16 17:20:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/06/23 23:07:37 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/05 19:44:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [CyberDefender Early Detection Center] C:\Users\scott\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas4549.exe (CyberDefender Corp.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\scott\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\scott\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (maliprog @ Geekstogo)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011/10/05 19:54:21 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Local\temp
[2011/10/05 19:45:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/05 19:18:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/05 19:18:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/05 19:18:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/10/05 19:18:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/05 19:18:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/05 19:13:38 | 004,244,631 | R--- | C] (Swearware) -- C:\Users\scott\Desktop\ComboFix.exe
[2011/10/04 16:02:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/04 14:26:23 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tCCCeekIBrzOyx0
[2011/10/04 14:26:23 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\aJJ66dWK8fRL9Tq
[2011/10/03 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\UgggTZZqYCwIVl
[2011/10/03 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RRgD3pnG4aQHsW7
[2011/10/03 14:13:28 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\jBBrzPPNyx
[2011/10/03 14:13:28 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\F1uuvvS2obF3mGa
[2011/10/02 12:58:24 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\SHH66sWK7fELgTq
[2011/10/02 12:58:24 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\i000uccS2ibDpn4
[2011/10/02 11:32:42 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\zfffRLL9hTXjCeI
[2011/10/02 11:32:41 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RvvvS2obFpmGaQ6
[2011/10/02 10:11:27 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/02 10:04:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\scott\Desktop\iexplore.exe
[2011/10/01 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\KH6sWK7fELgTqYk
[2011/10/01 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\c00uucS1i
[2011/10/01 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tF44ppmH5sQJdE8
[2011/10/01 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RelBBtzP01v
[2011/10/01 20:43:06 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tEEKK8gRZ9
[2011/10/01 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\ZivvDD2onF4pH5Q
[2011/10/01 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\sRRZZqhhwkUVlBt
[2011/10/01 20:15:11 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RyyyS1iv3onFm5W
[2011/10/01 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tdEEL8gRZqhYw
[2011/10/01 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\K8TCwUrlOBP1omW
[2011/10/01 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\h00uucSS1ib3oG4
[2011/10/01 18:56:10 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\xZZZqjYYwkIVlOt
[2011/10/01 17:41:35 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\Malwarebytes
[2011/10/01 17:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/01 17:41:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/01 17:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/01 17:35:42 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\ERRRL99hTXqUC
[2011/10/01 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\IbFFF3pmG5aQ6dK
[2011/10/01 17:16:19 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\DyyccA11ivDon4m
[2011/10/01 17:16:18 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\y77d8ZhYYXkVlBz
[2011/10/01 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\OVVVrllOBtxPyc1
[2011/10/01 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\FJ777fEL8gTZqYw
[2011/10/01 15:23:42 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\pfffRRZ9hTXwUCl
[2011/09/18 16:45:50 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Local\PackageAware
[2011/09/04 19:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/01 21:18:38 | 000,000,000 | ---D | C] -- C:\Users\scott\Desktop\Desktop Icons
[2011/08/16 15:08:20 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Local\Facebook
[2011/08/05 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\MP3Rocket
[2011/08/05 16:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Rocket
[2011/07/16 01:53:51 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Local\DDMSettings
[2011/07/16 01:50:56 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\DivX
[2011/07/16 01:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/07/16 01:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2007/07/30 19:58:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 90 Days ==========

[2011/10/06 06:27:28 | 003,670,016 | -HS- | M] () -- C:\Users\scott\ntuser.dat
[2011/10/06 06:24:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/06 06:18:13 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/06 06:13:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
[2011/10/06 06:03:00 | 000,001,332 | ---- | M] () -- C:\Users\scott\Desktop\Clean Registry for Free!.lnk
[2011/10/06 06:02:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
[2011/10/06 06:01:59 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/10/06 06:01:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/06 06:01:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/10/06 06:01:44 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/06 06:01:44 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/06 06:01:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/06 06:01:33 | 2137,513,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/05 22:08:55 | 001,385,930 | -H-- | M] () -- C:\Users\scott\AppData\Local\IconCache.db
[2011/10/05 21:34:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 19:45:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011/10/05 19:44:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/05 19:13:46 | 004,244,631 | R--- | M] (Swearware) -- C:\Users\scott\Desktop\ComboFix.exe
[2011/10/05 19:04:50 | 269,788,058 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/04 15:46:45 | 000,000,129 | ---- | M] () -- C:\Users\scott\jagex_runescape_preferences2.dat
[2011/10/04 15:46:45 | 000,000,046 | ---- | M] () -- C:\Users\scott\jagex_runescape_preferences.dat
[2011/10/02 10:14:17 | 000,121,856 | ---- | M] () -- C:\Users\scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/02 10:04:38 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\scott\Desktop\iexplore.exe
[2011/10/01 17:04:05 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
[2011/10/01 17:04:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
[2011/10/01 09:44:24 | 000,000,793 | ---- | M] () -- C:\Windows\System32\UltimateAIOFighter.properties
[2011/10/01 09:37:17 | 000,000,008 | ---- | M] () -- C:\Users\scott\AppData\Roaming\RSBuddy Login.ini
[2011/10/01 09:33:59 | 001,082,893 | ---- | M] () -- C:\Windows\System32\RSBuddy.jar
[2011/09/29 20:48:16 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for scott.job
[2011/09/24 13:01:09 | 000,000,098 | ---- | M] () -- C:\Users\scott\AppData\Roaming\RSBuddy_scoot707.ini
[2011/09/17 12:58:29 | 220,142,258 | ---- | M] () -- C:\Users\scott\Documents\clip0387.avi
[2011/09/16 16:14:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/09/09 16:07:37 | 000,720,952 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/09/09 16:07:37 | 000,621,314 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/09 16:07:37 | 000,104,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/06 20:48:56 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/04 19:18:31 | 000,001,772 | ---- | M] () -- C:\Users\scott\Desktop\Microsoft Security Essentials.lnk
[2011/09/04 19:10:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/05 16:11:31 | 000,001,731 | ---- | M] () -- C:\Users\scott\Desktop\MP3 Rocket 6.0.2.lnk
[2011/08/05 16:11:31 | 000,000,883 | ---- | M] () -- C:\Users\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.0.2.lnk
[2011/07/25 20:05:00 | 021,120,486 | ---- | M] () -- C:\Users\scott\Documents\clip0386.avi
[2011/07/21 23:16:47 | 041,390,646 | ---- | M] () -- C:\Users\scott\Documents\clip0385.avi
[2011/07/21 22:09:40 | 004,945,434 | ---- | M] () -- C:\Users\scott\Documents\clip0384.avi
[2011/07/21 04:06:57 | 898,991,102 | ---- | M] () -- C:\Users\scott\Documents\clip0383.avi
[2011/07/21 03:21:25 | 002,384,222 | ---- | M] () -- C:\Users\scott\Documents\clip0382.avi
[2011/07/21 03:21:03 | 000,055,588 | ---- | M] () -- C:\Users\scott\Documents\clip0381.avi
[2011/07/17 00:30:53 | 012,618,350 | ---- | M] () -- C:\Users\scott\Documents\clip0380.avi
[2011/07/14 06:14:48 | 2251,461,602 | ---- | M] () -- C:\Users\scott\Documents\clip0379.avi
[2011/07/13 21:56:25 | 2100,302,686 | ---- | M] () -- C:\Users\scott\Documents\clip0378.avi
[2011/07/13 19:04:43 | 596,008,258 | ---- | M] () -- C:\Users\scott\Documents\clip0377.avi
[2011/07/08 10:56:32 | 271,933,358 | ---- | M] () -- C:\Users\scott\Documents\clip0376.avi
[2011/07/08 09:35:28 | 065,280,270 | ---- | M] () -- C:\Users\scott\Documents\clip0375.avi
[2011/07/08 08:14:52 | 1176,634,340 | ---- | M] () -- C:\Users\scott\Documents\clip0374.avi

========== Files Created - No Company Name ==========

[2011/10/05 19:23:48 | 2137,513,984 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/05 19:18:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/05 19:18:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/05 19:18:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/05 19:18:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/05 19:18:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/01 09:37:17 | 000,000,008 | ---- | C] () -- C:\Users\scott\AppData\Roaming\RSBuddy Login.ini
[2011/09/17 12:46:41 | 220,142,258 | ---- | C] () -- C:\Users\scott\Documents\clip0387.avi
[2011/09/08 18:14:36 | 000,000,793 | ---- | C] () -- C:\Windows\System32\UltimateAIOFighter.properties
[2011/09/06 17:19:42 | 001,082,893 | ---- | C] () -- C:\Windows\System32\RSBuddy.jar
[2011/09/04 19:18:31 | 000,001,772 | ---- | C] () -- C:\Users\scott\Desktop\Microsoft Security Essentials.lnk
[2011/09/04 19:10:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/02 14:29:50 | 000,001,332 | ---- | C] () -- C:\Users\scott\Desktop\Clean Registry for Free!.lnk
[2011/08/16 15:08:23 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
[2011/08/16 15:08:23 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
[2011/08/05 16:11:31 | 000,001,731 | ---- | C] () -- C:\Users\scott\Desktop\MP3 Rocket 6.0.2.lnk
[2011/08/05 16:11:31 | 000,000,883 | ---- | C] () -- C:\Users\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.0.2.lnk
[2011/07/25 20:00:24 | 021,120,486 | ---- | C] () -- C:\Users\scott\Documents\clip0386.avi
[2011/07/21 22:40:53 | 041,390,646 | ---- | C] () -- C:\Users\scott\Documents\clip0385.avi
[2011/07/21 22:04:54 | 004,945,434 | ---- | C] () -- C:\Users\scott\Documents\clip0384.avi
[2011/07/21 03:21:33 | 898,991,102 | ---- | C] () -- C:\Users\scott\Documents\clip0383.avi
[2011/07/21 03:21:10 | 002,384,222 | ---- | C] () -- C:\Users\scott\Documents\clip0382.avi
[2011/07/21 03:20:58 | 000,055,588 | ---- | C] () -- C:\Users\scott\Documents\clip0381.avi
[2011/07/17 00:26:10 | 012,618,350 | ---- | C] () -- C:\Users\scott\Documents\clip0380.avi
[2011/07/14 04:17:43 | 2251,461,602 | ---- | C] () -- C:\Users\scott\Documents\clip0379.avi
[2011/07/13 20:15:11 | 2100,302,686 | ---- | C] () -- C:\Users\scott\Documents\clip0378.avi
[2011/07/13 18:27:36 | 596,008,258 | ---- | C] () -- C:\Users\scott\Documents\clip0377.avi
[2011/07/08 10:24:50 | 271,933,358 | ---- | C] () -- C:\Users\scott\Documents\clip0376.avi
[2011/07/08 09:29:32 | 065,280,270 | ---- | C] () -- C:\Users\scott\Documents\clip0375.avi
[2011/07/08 06:55:59 | 1176,634,340 | ---- | C] () -- C:\Users\scott\Documents\clip0374.avi
[2010/02/26 12:53:06 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/08/14 18:10:11 | 000,000,263 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/14 17:47:40 | 000,000,055 | ---- | C] () -- C:\Windows\av_affiliate.ini
[2009/08/14 17:47:28 | 000,000,055 | ---- | C] () -- C:\Windows\as_affiliate.ini
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/12/30 14:26:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/30 14:04:29 | 000,000,018 | ---- | C] () -- C:\Windows\Epson777.ini
[2007/09/14 06:02:06 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/09/14 06:02:06 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/07/30 20:58:15 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/30 19:58:46 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/30 18:50:39 | 000,000,701 | ---- | C] () -- C:\Windows\generic.ini
[2007/07/30 18:50:38 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/30 18:50:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/05/11 16:12:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/06/13 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\.minecraft
[2010/02/19 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\acccore
[2007/12/25 11:28:15 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Acer
[2011/10/04 14:26:23 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\aJJ66dWK8fRL9Tq
[2008/05/24 11:38:31 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Atari
[2011/07/28 02:51:16 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Audacity
[2008/12/11 16:31:22 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Bin
[2011/10/01 21:13:25 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\c00uucS1i
[2010/02/15 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Colasoft Packet Builder
[2010/01/17 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Datel
[2010/07/08 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Def
[2008/04/06 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Defender Pro
[2010/01/05 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\DriverCure
[2011/10/01 17:16:19 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\DyyccA11ivDon4m
[2011/10/01 17:35:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\ERRRL99hTXqUC
[2007/12/25 09:55:22 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\eSobi
[2011/10/03 14:13:28 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\F1uuvvS2obF3mGa
[2011/10/01 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\FJ777fEL8gTZqYw
[2011/08/05 16:06:40 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\FrostWire
[2007/12/30 13:39:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\FUJIFILM
[2010/05/06 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\GameTuts
[2008/05/19 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\GetRightToGo
[2011/08/07 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\godzHell
[2011/10/01 18:56:11 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\h00uucSS1ib3oG4
[2011/10/02 12:58:24 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\i000uccS2ibDpn4
[2011/10/01 17:35:41 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\IbFFF3pmG5aQ6dK
[2010/11/03 20:57:11 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\IObit
[2011/10/03 14:13:28 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\jBBrzPPNyx
[2011/10/01 18:59:56 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\K8TCwUrlOBP1omW
[2011/10/01 21:13:25 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\KH6sWK7fELgTqYk
[2007/12/25 11:28:14 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Leadertech
[2009/06/19 11:50:57 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\LimeWire
[2011/04/07 20:01:26 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\LolClient
[2010/12/29 23:54:27 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\ManyCam
[2011/06/23 23:06:16 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Media Get LLC
[2011/09/14 16:53:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\MP3Rocket
[2010/04/17 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Octoshape
[2010/09/04 20:06:15 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\ooVoo Details
[2011/10/01 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\OVVVrllOBtxPyc1
[2011/06/07 14:46:53 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\PeerNetworking
[2011/10/01 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\pfffRRZ9hTXwUCl
[2009/03/28 01:37:41 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Publish Providers
[2011/10/01 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\RelBBtzP01v
[2011/10/03 19:10:43 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\RRgD3pnG4aQHsW7
[2011/10/02 11:32:41 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\RvvvS2obFpmGaQ6
[2011/10/01 20:15:11 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\RyyyS1iv3onFm5W
[2009/03/31 18:58:05 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Sammsoft
[2011/10/02 12:58:24 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\SHH66sWK7fELgTq
[2010/03/13 00:27:22 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Sony
[2011/10/01 20:15:12 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\sRRZZqhhwkUVlBt
[2011/10/04 14:31:38 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\tCCCeekIBrzOyx0
[2011/10/01 18:59:56 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\tdEEL8gRZqhYw
[2011/10/01 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\tEEKK8gRZ9
[2007/12/30 14:11:48 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Template
[2011/10/01 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\tF44ppmH5sQJdE8
[2011/10/03 19:10:43 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\UgggTZZqYCwIVl
[2009/08/14 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\VersionTracker Pro
[2010/07/26 14:25:38 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\WeatherBug
[2009/06/18 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Windows Live Writer
[2010/02/15 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\Wireshark
[2011/10/01 18:56:10 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\xZZZqjYYwkIVlOt
[2011/10/01 17:16:18 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\y77d8ZhYYXkVlBz
[2011/10/02 11:32:42 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\zfffRLL9hTXjCeI
[2011/10/01 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\scott\AppData\Roaming\ZivvDD2onF4pH5Q
[2008/06/15 17:10:23 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/10/01 17:04:05 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000Core.job
[2011/10/06 06:13:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3358501491-2779034593-4107227010-1000UA.job
[2011/10/05 22:09:07 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\scott\Documents\oovoo vid.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\scott\Documents\clip0371.avi:TOC.WMV
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >
  • 0

#8
maliprog
Posted 06 October 2011 - 04:47 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's remove leftovers.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/10/04 14:26:23 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tCCCeekIBrzOyx0
    [2011/10/04 14:26:23 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\aJJ66dWK8fRL9Tq
    [2011/10/03 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\UgggTZZqYCwIVl
    [2011/10/03 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RRgD3pnG4aQHsW7
    [2011/10/03 14:13:28 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\jBBrzPPNyx
    [2011/10/03 14:13:28 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\F1uuvvS2obF3mGa
    [2011/10/02 12:58:24 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\SHH66sWK7fELgTq
    [2011/10/02 12:58:24 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\i000uccS2ibDpn4
    [2011/10/02 11:32:42 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\zfffRLL9hTXjCeI
    [2011/10/02 11:32:41 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RvvvS2obFpmGaQ6
    [2011/10/01 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\KH6sWK7fELgTqYk
    [2011/10/01 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\c00uucS1i
    [2011/10/01 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tF44ppmH5sQJdE8
    [2011/10/01 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RelBBtzP01v
    [2011/10/01 20:43:06 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tEEKK8gRZ9
    [2011/10/01 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\ZivvDD2onF4pH5Q
    [2011/10/01 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\sRRZZqhhwkUVlBt
    [2011/10/01 20:15:11 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\RyyyS1iv3onFm5W
    [2011/10/01 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\tdEEL8gRZqhYw
    [2011/10/01 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\K8TCwUrlOBP1omW
    [2011/10/01 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\h00uucSS1ib3oG4
    [2011/10/01 18:56:10 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\xZZZqjYYwkIVlOt
    [2011/10/01 17:35:42 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\ERRRL99hTXqUC
    [2011/10/01 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\IbFFF3pmG5aQ6dK
    [2011/10/01 17:16:19 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\DyyccA11ivDon4m
    [2011/10/01 17:16:18 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\y77d8ZhYYXkVlBz
    [2011/10/01 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\OVVVrllOBtxPyc1
    [2011/10/01 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\FJ777fEL8gTZqYw
    [2011/10/01 15:23:42 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\pfffRRZ9hTXwUCl

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#9
scoot707
Posted 06 October 2011 - 12:49 PM

scoot707

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
All processes killed
========== OTL ==========
C:\Users\scott\AppData\Roaming\tCCCeekIBrzOyx0 folder moved successfully.
C:\Users\scott\AppData\Roaming\aJJ66dWK8fRL9Tq folder moved successfully.
C:\Users\scott\AppData\Roaming\UgggTZZqYCwIVl folder moved successfully.
C:\Users\scott\AppData\Roaming\RRgD3pnG4aQHsW7 folder moved successfully.
C:\Users\scott\AppData\Roaming\jBBrzPPNyx folder moved successfully.
C:\Users\scott\AppData\Roaming\F1uuvvS2obF3mGa folder moved successfully.
C:\Users\scott\AppData\Roaming\SHH66sWK7fELgTq folder moved successfully.
C:\Users\scott\AppData\Roaming\i000uccS2ibDpn4 folder moved successfully.
C:\Users\scott\AppData\Roaming\zfffRLL9hTXjCeI folder moved successfully.
C:\Users\scott\AppData\Roaming\RvvvS2obFpmGaQ6 folder moved successfully.
C:\Users\scott\AppData\Roaming\KH6sWK7fELgTqYk folder moved successfully.
C:\Users\scott\AppData\Roaming\c00uucS1i folder moved successfully.
C:\Users\scott\AppData\Roaming\tF44ppmH5sQJdE8 folder moved successfully.
C:\Users\scott\AppData\Roaming\RelBBtzP01v folder moved successfully.
C:\Users\scott\AppData\Roaming\tEEKK8gRZ9 folder moved successfully.
C:\Users\scott\AppData\Roaming\ZivvDD2onF4pH5Q folder moved successfully.
C:\Users\scott\AppData\Roaming\sRRZZqhhwkUVlBt folder moved successfully.
C:\Users\scott\AppData\Roaming\RyyyS1iv3onFm5W folder moved successfully.
C:\Users\scott\AppData\Roaming\tdEEL8gRZqhYw folder moved successfully.
C:\Users\scott\AppData\Roaming\K8TCwUrlOBP1omW folder moved successfully.
C:\Users\scott\AppData\Roaming\h00uucSS1ib3oG4 folder moved successfully.
C:\Users\scott\AppData\Roaming\xZZZqjYYwkIVlOt folder moved successfully.
C:\Users\scott\AppData\Roaming\ERRRL99hTXqUC folder moved successfully.
C:\Users\scott\AppData\Roaming\IbFFF3pmG5aQ6dK folder moved successfully.
C:\Users\scott\AppData\Roaming\DyyccA11ivDon4m folder moved successfully.
C:\Users\scott\AppData\Roaming\y77d8ZhYYXkVlBz folder moved successfully.
C:\Users\scott\AppData\Roaming\OVVVrllOBtxPyc1 folder moved successfully.
C:\Users\scott\AppData\Roaming\FJ777fEL8gTZqYw folder moved successfully.
C:\Users\scott\AppData\Roaming\pfffRRZ9hTXwUCl folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22941166 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1050 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: scott
->Temp folder emptied: 1108530 bytes
->Temporary Internet Files folder emptied: 1903450 bytes
->Java cache emptied: 80525401 bytes
->FireFox cache emptied: 64213690 bytes
->Google Chrome cache emptied: 225740383 bytes
->Apple Safari cache emptied: 23243178 bytes
->Flash cache emptied: 2702007 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108640 bytes
RecycleBin emptied: 468 bytes

Total Files Cleaned = 403.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Public

User: scott
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.7.1 log created on 10062011_144339

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#10
scoot707
Posted 06 October 2011 - 06:18 PM

scoot707

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Status: Deleted (events: 2)
10/6/2011 3:48:32 PM Deleted malware HackTool.MSIL.KKFinder.bp C:\Documents and Settings\scott\Desktop\Xbox 360\Programs\Container Edits V2-USSR.rar Medium
10/6/2011 3:48:32 PM Deleted malware HackTool.MSIL.KKFinder.bp C:\Documents and Settings\scott\Desktop\Xbox 360\Programs\Container Edits V2-USSR.rar//Container Edits V2.exe Medium
  • 0

#11
maliprog
Posted 06 October 2011 - 11:30 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi scoot707,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
scoot707
Posted 07 October 2011 - 12:34 PM

scoot707

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks Maliprog, I really appreciate you helping me remove and clean my computer from harmful virus's and also thank you for the tips to stay safe in the future.

Many thanks, Scoot707
  • 0

#13
maliprog
Posted 07 October 2011 - 12:52 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP