Unknown Virus

View previous topic View next topic Go down

Unknown Virus

Post by KidKlassik1 on Fri Aug 13, 2010 2:53 pm

One minute my laptop is running fine, then a bunch of internet explorer windows pop up, after the pop ups it goes into a blue screen saying spyware. Need Help please!

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Fri Aug 13, 2010 3:17 pm

OTL logfile created on: 8/13/2010 10:58:09 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = c:\Users\Kristi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 8.70 Gb Free Space | 4.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICEDEPOT-PC
Current User Name: Kristi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/11 15:22:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- c:\Users\Kristi\Downloads\OTL.exe
PRC - [2010/08/10 13:52:54 | 000,184,320 | ---- | M] (ApexDC++ Development Team) -- C:\Users\Kristi\AppData\Local\Temp\Fz0.exe
PRC - [2010/08/10 13:52:48 | 000,192,000 | ---- | M] (ApexDC++ Development Team) -- C:\Users\Kristi\AppData\Local\Temp\Fzz.exe
PRC - [2010/07/30 20:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/06/13 16:59:51 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/16 13:02:38 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\mcuicnt.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
PRC - [2009/10/19 14:21:01 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2009/10/19 14:21:00 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/04 09:33:28 | 002,944,736 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/24 14:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 14:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/03/03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2007/10/10 19:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/20 13:23:16 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/09/20 13:05:10 | 000,550,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/09/19 08:20:05 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/09/05 13:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 23:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2010/08/11 15:22:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- c:\Users\Kristi\Downloads\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/19 14:21:00 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/02/04 09:33:28 | 002,944,736 | ---- | M] (Bradford Networks) [Auto | Running] -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/24 14:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 14:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/06/13 02:26:54 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/23 15:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 21:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 13:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/05 13:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 04:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 11:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 11:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/12 23:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 20:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 05:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 05:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 04:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/09 11:34:19 | 000,781,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2010/07/13 12:28:09 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/22 02:13:37 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009/12/17 18:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/14 10:07:28 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100119.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/14 10:07:28 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100119.008\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/19 23:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20100119.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/09 17:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/18 16:52:25 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/09/30 08:11:56 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MovRVDrv32.sys -- (MovRVDrv32)
DRV - [2008/09/30 08:11:54 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2008/09/08 13:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/07/07 14:42:52 | 000,164,480 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2008/07/07 14:42:52 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/07/07 14:42:50 | 000,149,000 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008/07/07 14:42:42 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/13 17:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008/01/19 01:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/12 16:04:40 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/09/19 16:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 08:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 08:24:49 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/09/19 08:24:45 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/09/19 08:24:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/09/19 08:24:37 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/19 08:19:52 | 001,776,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/09/18 23:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/01 10:08:23 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/28 21:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/07/27 20:28:28 | 000,020,792 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/06/29 17:33:30 | 000,520,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt931a.sys -- (SQ931)
DRV - [2007/06/08 08:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 08:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 20:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/28 08:05:36 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/01/09 18:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 18:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 18:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 18:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/01/09 18:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 18:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files\InboxDollars\Helper.dll ()
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://bing.zugo.com/?cfg=2-80-0-1AeU3"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.14908
FF - prefs.js..extensions.enabledItems: {0CA8283E-056B-40D7-A343-83C84105CE78}:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.10.01
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {771f3037-9885-4423-b50f-a5ede4854e26}:1.300.306
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {fa3d1246-250b-4212-a2be-f1387ccca2e7}:1.0.12
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.%(version)s
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid=#netassistant_id#&Version=#netassistant_version#&Vintage=20100521&Defaultbrowserid=16&Productid=2193&Vendorid=3852&Offerid=6693&searchterm="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/11 21:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/07 20:42:43 | 000,000,000 | ---D | M]

[2009/11/23 14:53:13 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\mozilla\Extensions
[2009/02/08 12:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristi\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010/08/13 00:59:02 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions
[2010/06/22 10:44:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 12:10:14 | 000,000,000 | ---D | M] (Shop to Win) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2010/05/18 12:10:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/09 02:28:49 | 000,000,000 | ---D | M] (InboxDollars) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
[2010/02/04 13:53:07 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/23 19:01:24 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/04/03 08:30:45 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2010/08/09 11:17:40 | 000,000,000 | ---D | M] (Shop to Win8) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}
[2010/04/03 08:30:38 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\plugin@yontoo.com
[2010/06/09 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\abd9smz8.default\extensions\toolbar@ask.com
[2010/08/11 15:08:35 | 000,002,556 | ---- | M] () -- C:\Users\Kristi\AppData\Roaming\Mozilla\FireFox\Profiles\abd9smz8.default\searchplugins\askcom.xml
[2010/07/23 19:01:25 | 000,002,267 | ---- | M] () -- C:\Users\Kristi\AppData\Roaming\Mozilla\FireFox\Profiles\abd9smz8.default\searchplugins\bing-zugo.xml
[2010/03/24 16:12:32 | 000,000,919 | ---- | M] () -- C:\Users\Kristi\AppData\Roaming\Mozilla\FireFox\Profiles\abd9smz8.default\searchplugins\conduit.xml
[2010/07/09 02:29:36 | 000,001,734 | ---- | M] () -- C:\Users\Kristi\AppData\Roaming\Mozilla\FireFox\Profiles\abd9smz8.default\searchplugins\search-the-web.xml
[2010/08/09 11:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/23 04:13:32 | 000,000,000 | ---D | M] (Wyyo) -- C:\Program Files\Mozilla Firefox\extensions\{0CA8283E-056B-40D7-A343-83C84105CE78}
[2010/08/13 00:58:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/09/09 16:57:20 | 000,359,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\fpnyztwrlyxiuor.dll
[2009/04/17 18:20:50 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/05/15 17:52:25 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll (eGames, inc. )
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Freecause Toolbar BHO) - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files\InboxDollars\Toolbar.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll (eGames, inc. )
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll (eGames, inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\Kristi\AppData\Local\Temp\Fz0.exe (ApexDC++ Development Team)
O4 - Startup: C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.74,93.188.166.224
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58a4b475-6983-11dd-a92f-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{58a4b475-6983-11dd-a92f-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{70d51c44-f163-11de-9810-00038a000015}\Shell\Auto\command - "" = H:\launcher.exe -- File not found
O33 - MountPoints2\{f573bd56-8e9e-11df-a238-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f573bd56-8e9e-11df-a238-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/13 00:39:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/13 00:38:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/13 00:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/12 14:35:16 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\fgvhwrtns
[2010/08/11 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Malwarebytes_Anti-Malware_1.44
[2010/08/11 14:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\mswd
[2010/08/10 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Sakura
[2010/08/10 18:31:46 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\vlc
[2010/08/10 18:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/08/10 14:56:48 | 001,554,944 | ---- | C] (HMS [You must be registered and logged in to see this link.] -- C:\Windows\System32\vorbis.acm
[2010/08/10 14:44:14 | 000,668,668 | ---- | C] ( ) -- C:\Windows\System\regsrv.exe
[2010/08/10 14:20:39 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Desktop\FL Studio 9.1 XXL Producer Signature Bundle
[2010/08/10 14:10:21 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Desktop\Packs
[2010/08/09 16:01:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010/08/09 16:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/08/09 16:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/08/09 16:01:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010/08/09 16:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/08/09 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/09 12:42:32 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\MigWiz
[2010/08/09 11:34:14 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\tragwcxtl
[2010/08/09 11:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/09 11:01:21 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\WinRAR
[2010/08/08 18:22:12 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Microsoft Corporation
[2010/08/07 22:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010/08/07 19:14:21 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Ableton
[2010/08/07 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Desktop\ModernBeats-Free-Samples-Loops
[2010/08/07 00:17:14 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Desktop\HHISVOL22
[2010/08/04 15:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/08/03 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Cycling '74
[2010/08/03 19:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\AkaiPro
[2010/07/23 19:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2010/07/21 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Harmless
[2010/07/19 23:29:32 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Blitware
[2010/07/19 12:14:02 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\IrfanView
[2010/07/19 12:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010/07/19 12:04:24 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Desktop\FL Studio 9
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kristi\Documents\*.tmp files -> C:\Users\Kristi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/13 11:11:34 | 004,456,448 | -HS- | M] () -- C:\Users\Kristi\ntuser.dat
[2010/08/13 11:09:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/13 11:03:22 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/13 10:46:33 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/13 10:46:33 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/13 10:46:33 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/13 10:44:20 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/13 10:44:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/13 10:43:57 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/08/13 10:41:38 | 000,000,104 | ---- | M] () -- C:\SBCurrentSetting.xml
[2010/08/13 10:41:04 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/08/13 10:40:55 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/13 10:40:55 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/13 10:40:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/13 10:40:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/13 10:39:30 | 000,524,288 | -HS- | M] () -- C:\Users\Kristi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/13 10:39:30 | 000,065,536 | -HS- | M] () -- C:\Users\Kristi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/13 01:05:13 | 000,001,356 | ---- | M] () -- C:\Users\Kristi\AppData\Local\d3d9caps.dat
[2010/08/13 00:39:09 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 17:08:50 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Kristi.job
[2010/08/10 14:58:24 | 000,000,895 | ---- | M] () -- C:\Users\Kristi\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2010/08/10 14:44:14 | 000,668,668 | ---- | M] ( ) -- C:\Windows\System\regsrv.exe
[2010/08/10 14:09:24 | 000,077,312 | ---- | M] () -- C:\Users\Kristi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/09 16:01:32 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010/08/09 16:01:25 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/09 15:48:36 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/08/09 15:48:36 | 000,001,673 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/08/09 14:07:30 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\eduwiroz.dll
[2010/08/09 13:02:39 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\ewovuniw.dll
[2010/08/09 12:39:02 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\ipokoxevokoxa.dll
[2010/08/09 12:25:32 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\igitifef.dll
[2010/08/09 12:10:04 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\elibugojud.dll
[2010/08/09 11:50:52 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\owipezupe.dll
[2010/08/09 11:45:36 | 000,000,134 | ---- | M] () -- C:\Users\Kristi\Desktop\Windows Defender - Shortcut.lnk
[2010/08/09 11:40:45 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\aqojunehohi.dll
[2010/08/09 11:34:29 | 000,781,824 | ---- | M] () -- C:\Windows\System32\drivers\couhdj.sys
[2010/08/09 11:34:19 | 000,781,824 | ---- | M] () -- C:\Windows\System32\drivers\afc.sys
[2010/08/09 11:33:47 | 001,180,672 | ---- | M] () -- C:\Users\Kristi\AppData\Local\66308.exe
[2010/08/09 11:33:47 | 001,180,672 | ---- | M] () -- C:\Users\Kristi\AppData\Local\3536251.exe
[2010/08/08 12:11:28 | 000,279,164 | ---- | M] () -- C:\Users\Kristi\Documents\Document 3.rns
[2010/08/06 18:41:31 | 000,013,099 | ---- | M] () -- C:\Users\Kristi\Documents\mathweek 2.docx
[2010/08/06 12:33:51 | 000,002,601 | ---- | M] () -- C:\Users\Kristi\Desktop\r-freak.nfo
[2010/08/05 22:39:14 | 000,461,856 | ---- | M] () -- C:\Users\Kristi\Documents\Document 2.rns
[2010/08/05 14:04:43 | 000,000,167 | ---- | M] () -- C:\Users\Kristi\A bank 2
[2010/08/05 14:00:59 | 000,000,168 | ---- | M] () -- C:\Users\Kristi\Abank
[2010/08/04 18:31:32 | 000,000,150 | ---- | M] () -- C:\Users\Kristi\2
[2010/08/04 16:26:26 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/08/04 13:08:17 | 000,000,165 | ---- | M] () -- C:\Users\Kristi\Untitled
[2010/08/03 19:00:25 | 000,000,951 | ---- | M] () -- C:\Users\Kristi\Desktop\LPD8 Editor.lnk
[2010/07/20 23:31:46 | 000,001,797 | ---- | M] () -- C:\Users\Kristi\Desktop\Collab.lnk
[2010/07/20 19:33:36 | 000,001,512 | ---- | M] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\alchemist snare 2.wav - Shortcut.lnk
[2010/07/19 12:24:26 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 9.lnk
[2010/07/19 12:14:04 | 000,000,807 | ---- | M] () -- C:\Users\Kristi\Desktop\IrfanView.lnk
[2010/07/18 04:35:14 | 001,174,798 | ---- | M] () -- C:\Users\Kristi\AppData\Roaming\setup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kristi\Documents\*.tmp files -> C:\Users\Kristi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/13 00:39:09 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 14:57:17 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 9.lnk
[2010/08/10 13:53:00 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/10 13:50:45 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/09 16:01:35 | 000,000,476 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Kristi.job
[2010/08/09 16:01:32 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010/08/09 16:01:25 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/09 15:24:19 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/08/09 15:24:19 | 000,001,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/08/09 14:07:30 | 000,002,848 | ---- | C] () -- C:\Users\Kristi\AppData\Local\eduwiroz.dll
[2010/08/09 13:02:39 | 000,002,848 | ---- | C] () -- C:\Users\Kristi\AppData\Local\ewovuniw.dll
[2010/08/09 12:39:02 | 000,002,848 | ---- | C] () -- C:\Users\Kristi\AppData\Local\ipokoxevokoxa.dll
[2010/08/09 12:25:32 | 000,002,848 | ---- | C] () -- C:\Users\Kristi\AppData\Local\igitifef.dll
[2010/08/09 12:10:04 | 000,002,848 | ---- | C] () -- C:\Users\Kristi\AppData\Local\elibugojud.dll
[2010/08/09 11:50:52 | 000,002,848 | ---- | C] () -- C:\Users\Kristi\AppData\Local\owipezupe.dll
[2010/08/09 11:45:36 | 000,000,134 | ---- | C] () -- C:\Users\Kristi\Desktop\Windows Defender - Shortcut.lnk
[2010/08/09 11:40:45 | 000,002,848 | ---- | C] () -- C:\Users\Kristi\AppData\Local\aqojunehohi.dll
[2010/08/09 11:34:29 | 000,781,824 | ---- | C] () -- C:\Windows\System32\drivers\couhdj.sys
[2010/08/09 11:33:47 | 001,180,672 | ---- | C] () -- C:\Users\Kristi\AppData\Local\66308.exe
[2010/08/09 11:33:47 | 001,180,672 | ---- | C] () -- C:\Users\Kristi\AppData\Local\3536251.exe
[2010/08/06 18:41:29 | 000,013,099 | ---- | C] () -- C:\Users\Kristi\Documents\mathweek 2.docx
[2010/08/05 22:39:01 | 000,279,164 | ---- | C] () -- C:\Users\Kristi\Documents\Document 3.rns
[2010/08/05 14:04:43 | 000,000,167 | ---- | C] () -- C:\Users\Kristi\A bank 2
[2010/08/05 14:00:59 | 000,000,168 | ---- | C] () -- C:\Users\Kristi\Abank
[2010/08/04 18:31:32 | 000,000,150 | ---- | C] () -- C:\Users\Kristi\2
[2010/08/04 16:26:26 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/08/04 13:08:17 | 000,000,165 | ---- | C] () -- C:\Users\Kristi\Untitled
[2010/08/04 12:47:53 | 000,461,856 | ---- | C] () -- C:\Users\Kristi\Documents\Document 2.rns
[2010/08/03 19:00:25 | 000,000,951 | ---- | C] () -- C:\Users\Kristi\Desktop\LPD8 Editor.lnk
[2010/07/20 19:33:36 | 000,001,512 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\alchemist snare 2.wav - Shortcut.lnk
[2010/07/19 12:14:04 | 000,000,807 | ---- | C] () -- C:\Users\Kristi\Desktop\IrfanView.lnk
[2010/07/18 04:35:14 | 001,174,798 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\setup.exe
[2010/07/13 12:28:08 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/06/15 18:07:39 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/09/14 13:10:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/12 00:10:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009/04/12 00:09:51 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/04/12 00:06:15 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/11 19:17:37 | 000,781,824 | ---- | C] () -- C:\Windows\System32\drivers\afc.sys
[2008/07/07 14:42:52 | 000,024,840 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/06/21 13:52:05 | 000,520,960 | ---- | C] () -- C:\Windows\System32\drivers\Capt931a.sys
[2008/06/21 13:52:05 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\Camd931a.sys
[2008/06/13 12:04:28 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\3B31AC07F6.sys
[2008/06/13 12:04:27 | 000,003,764 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/05/29 17:32:23 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2007/11/15 06:53:39 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/15 06:52:15 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/10/31 14:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/10/30 23:28:59 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/30 23:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/30 23:28:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/10/25 23:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Fri Aug 13, 2010 9:47 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.order.2: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.6.117
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\Kristi\AppData\Local\Temp\Fz0.exe (ApexDC++ Development Team)
    [2010/08/13 11:03:22 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/08/13 10:44:20 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/08/09 14:07:30 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\eduwiroz.dll
    [2010/08/09 13:02:39 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\ewovuniw.dll
    [2010/08/09 12:39:02 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\ipokoxevokoxa.dll
    [2010/08/09 12:25:32 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\igitifef.dll
    [2010/08/09 12:10:04 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\elibugojud.dll
    [2010/08/09 11:50:52 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\owipezupe.dll
    [2010/08/09 11:40:45 | 000,002,848 | ---- | M] () -- C:\Users\Kristi\AppData\Local\aqojunehohi.dll
    [2010/08/09 11:34:29 | 000,781,824 | ---- | M] () -- C:\Windows\System32\drivers\couhdj.sys
    [2010/08/09 11:34:19 | 000,781,824 | ---- | M] () -- C:\Windows\System32\drivers\afc.sys
    [2010/08/09 11:33:47 | 001,180,672 | ---- | M] () -- C:\Users\Kristi\AppData\Local\66308.exe
    [2010/08/09 11:33:47 | 001,180,672 | ---- | M] () -- C:\Users\Kristi\AppData\Local\3536251.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Sat Aug 14, 2010 2:38 am

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.order.2
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: [You must be registered and logged in to see this link.]:3.6.6.117 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Program Files\Search Toolbar\tbcore3.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ZE18MW23GY deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\Fz0.exe moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Users\Kristi\AppData\Local\eduwiroz.dll moved successfully.
C:\Users\Kristi\AppData\Local\ewovuniw.dll moved successfully.
C:\Users\Kristi\AppData\Local\ipokoxevokoxa.dll moved successfully.
C:\Users\Kristi\AppData\Local\igitifef.dll moved successfully.
C:\Users\Kristi\AppData\Local\elibugojud.dll moved successfully.
C:\Users\Kristi\AppData\Local\owipezupe.dll moved successfully.
C:\Users\Kristi\AppData\Local\aqojunehohi.dll moved successfully.
C:\Windows\System32\drivers\couhdj.sys moved successfully.
C:\Windows\System32\drivers\afc.sys moved successfully.
C:\Users\Kristi\AppData\Local\66308.exe moved successfully.
C:\Users\Kristi\AppData\Local\3536251.exe moved successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08132010_223510

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Sat Aug 14, 2010 3:27 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Sat Aug 14, 2010 7:31 pm

ComboFix 10-08-12.03 - Kristi 08/14/2010 15:04:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.839 [GMT -4:00]
Running from: c:\users\Kristi\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 19:18 . 2010-08-14 19:18 -------- d-----w- c:\users\Kristi\AppData\Local\temp
2010-08-14 19:18 . 2010-08-14 19:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-14 19:18 . 2010-08-14 19:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-14 19:18 . 2010-08-14 19:18 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-08-14 19:18 . 2010-08-14 19:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-14 19:18 . 2010-08-14 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-14 02:35 . 2010-08-14 02:35 -------- dc----w- C:\_OTL
2010-08-13 04:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 04:38 . 2010-08-13 04:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 04:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 18:21 . 2010-08-11 18:36 -------- d-----w- c:\programdata\mswd
2010-08-11 02:20 . 2010-08-11 02:20 -------- d-----w- c:\users\Kristi\AppData\Roaming\Sakura
2010-08-10 22:31 . 2010-08-10 22:31 -------- d-----w- c:\users\Kristi\AppData\Roaming\vlc
2010-08-10 22:29 . 2010-08-10 22:29 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-08-10 18:13 . 2010-08-10 18:27 4494481 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\simsynth_install.exe
2010-08-10 18:10 . 2010-08-10 18:27 8945170 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\slicex_install.exe
2010-08-10 18:09 . 2010-08-10 18:26 5709174 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\maximus_install.exe
2010-08-10 18:09 . 2010-08-10 18:26 8374854 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\vocodex_install.exe
2010-08-10 18:09 . 2010-08-10 18:27 4436430 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\sakura_install.exe
2010-08-10 18:08 . 2010-08-10 18:27 1733300 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\dx-10_install.exe
2010-08-10 18:08 . 2010-08-10 18:26 1453698 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\drumsynthlive_install.exe
2010-08-10 18:08 . 2010-08-10 18:26 4954994 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\sawer_install.exe
2010-08-10 18:08 . 2010-08-10 18:27 5539512 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\directwavevst_install.exe
2010-08-10 18:08 . 2010-08-10 18:26 6801647 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\ogun_install.exe
2010-08-10 18:08 . 2010-08-10 18:26 8241888 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\juicepack_install.exe
2010-08-10 18:07 . 2010-08-10 18:27 11152860 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\edison_install.exe
2010-08-10 18:07 . 2010-08-10 18:27 5617869 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\autogun_install.exe
2010-08-10 18:06 . 2010-08-10 18:27 2535676 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\hardcore_install.exe
2010-08-10 18:06 . 2010-08-10 18:27 6636049 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\sytrus_install.exe
2010-08-10 18:06 . 2010-08-10 18:27 8947835 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\harmless_install.exe
2010-08-10 18:05 . 2010-08-10 18:23 5593790 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\grossbeat_install.exe
2010-08-10 18:04 . 2010-08-10 18:27 4283095 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\Drumaxx_install.exe
2010-08-10 18:04 . 2010-08-10 18:27 3323940 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\poizone_install.exe
2010-08-10 18:04 . 2010-08-10 18:28 40827956 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\deckadance.exe
2010-08-10 18:04 . 2010-08-10 18:28 207199929 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\flstudio_9.1.Setup.exe
2010-08-10 18:04 . 2010-08-10 18:27 5691033 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\toxicbiohazard_install.exe
2010-08-10 18:04 . 2010-08-10 18:27 56066280 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\morphine_install.exe
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\programdata\Norton
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\windows\system32\drivers\NSS
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\program files\Norton Security Scan
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\programdata\NortonInstaller
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\program files\NortonInstaller
2010-08-09 16:42 . 2010-08-09 16:42 -------- d-----w- c:\users\Kristi\AppData\Local\MigWiz
2010-08-09 15:34 . 2010-08-09 18:32 -------- d-----w- c:\users\Kristi\AppData\Local\tragwcxtl
2010-08-09 15:33 . 2010-08-14 18:30 -------- d-----w- c:\programdata\Update
2010-08-08 22:22 . 2010-08-08 22:22 -------- d-----w- c:\users\Kristi\AppData\Local\Microsoft Corporation
2010-08-08 02:34 . 2010-08-08 02:34 -------- d-----w- c:\programdata\Ableton
2010-08-07 23:14 . 2010-08-08 02:34 -------- d-----w- c:\users\Kristi\AppData\Roaming\Ableton
2010-08-04 19:05 . 2010-08-04 19:05 -------- d-----w- c:\program files\Elaborate Bytes
2010-08-04 17:09 . 2010-08-04 17:09 741372 ----a-w- c:\programdata\mswd\scss.exe
2010-08-04 17:06 . 2010-08-11 18:31 2536085 ----a-w- c:\programdata\mswd\mswd.exe
2010-08-03 23:00 . 2010-08-03 23:00 -------- d-----w- c:\users\Kristi\AppData\Roaming\Cycling '74
2010-08-03 23:00 . 2010-08-03 23:00 -------- d-----w- c:\program files\AkaiPro
2010-07-23 23:01 . 2010-07-23 23:01 84480 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
2010-07-23 23:01 . 2010-07-23 23:01 56832 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\update.exe
2010-07-23 23:01 . 2010-07-23 23:01 42496 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\uninstall.exe
2010-07-23 23:01 . 2010-07-23 23:01 301568 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbhelper.dll
2010-07-23 23:01 . 2010-07-23 23:01 152664 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\setup_widget_serv.exe
2010-07-23 23:01 . 2010-07-23 23:01 2767360 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbcore3.dll
2010-07-23 23:01 . 2010-07-23 23:01 41984 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\SearchToolbar.dll
2010-07-21 16:40 . 2010-07-21 16:40 -------- d-----w- c:\users\Kristi\AppData\Roaming\Harmless
2010-07-20 03:29 . 2010-07-20 03:29 5394208 ----a-w- c:\users\Kristi\AppData\Roaming\Blitware\DriverRobot\updates\abc95191a45adb07e02bfed478ab2665\driverrobot_setup.exe
2010-07-20 03:29 . 2010-07-20 03:29 -------- d-----w- c:\users\Kristi\AppData\Roaming\Blitware
2010-07-19 16:14 . 2010-07-19 16:14 -------- d-----w- c:\users\Kristi\AppData\Roaming\IrfanView
2010-07-19 16:14 . 2010-07-19 16:14 -------- d-----w- c:\program files\IrfanView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 19:13 . 2010-06-13 20:59 -------- d-----w- c:\users\Kristi\AppData\Roaming\uTorrent
2010-08-14 02:36 . 2010-05-07 01:41 -------- d-----w- c:\program files\Ask.com
2010-08-13 21:48 . 2009-09-12 15:31 -------- d-----w- c:\users\Kristi\AppData\Roaming\U3
2010-08-13 05:05 . 2009-05-08 21:28 1356 ----a-w- c:\users\Kristi\AppData\Local\d3d9caps.dat
2010-08-11 16:06 . 2010-06-24 23:03 -------- d-----w- c:\program files\Propellerhead
2010-08-10 20:04 . 2008-05-29 21:38 -------- d-----w- c:\program files\Tencent
2010-08-10 18:58 . 2010-06-24 04:55 -------- d-----w- c:\program files\ASIO4ALL v2
2010-08-10 18:56 . 2009-04-09 15:10 -------- d-----w- c:\program files\VstPlugins
2010-08-10 18:56 . 2009-04-09 15:07 -------- d-----w- c:\program files\Image-Line
2010-08-09 20:01 . 2007-11-15 11:00 -------- d-----w- c:\programdata\Symantec
2010-08-09 19:48 . 2009-09-20 00:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-06 16:56 . 2010-04-05 00:35 -------- d-----w- c:\programdata\DivX
2010-08-06 16:56 . 2009-02-08 04:31 -------- d-----w- c:\program files\DivX
2010-08-04 20:04 . 2010-06-25 16:46 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-08-04 19:51 . 2010-06-25 16:50 -------- d-----w- c:\users\Kristi\AppData\Roaming\Cakewalk
2010-08-04 19:38 . 2007-10-31 18:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 18:18 . 2009-04-11 23:17 -------- d-----w- c:\program files\ArcSoft
2010-08-02 03:34 . 2010-07-12 00:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-21 20:46 . 2009-03-22 04:01 -------- d-----w- c:\users\Kristi\AppData\Roaming\FrostWire
2010-07-15 00:42 . 2010-07-09 06:27 -------- d-----w- c:\program files\InboxDollars
2010-07-13 18:41 . 2010-06-24 23:04 -------- d-----w- c:\programdata\Propellerhead Software
2010-07-13 18:41 . 2010-06-24 23:04 -------- d-----w- c:\users\Kristi\AppData\Roaming\Propellerhead Software
2010-07-13 17:07 . 2010-07-13 16:27 -------- d-----w- c:\users\Kristi\AppData\Roaming\DAEMON Tools Pro
2010-07-13 16:28 . 2010-07-13 16:27 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-07-13 16:28 . 2010-07-13 16:28 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-13 16:27 . 2010-07-13 16:27 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-07-13 15:34 . 2010-07-13 15:32 164352 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Propellerhead Reason 4\crack\KEYGEN.EXE
2010-07-13 11:27 . 2010-07-13 11:27 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-07-12 03:25 . 2010-07-12 03:22 -------- d-----w- c:\program files\Spectrasonics
2010-07-12 02:19 . 2009-02-08 15:38 128952 ----a-w- c:\users\Kristi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-10 20:01 . 2010-07-10 20:01 249856 ------w- c:\windows\Setup1.exe
2010-07-10 20:01 . 2010-07-10 20:01 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-10 17:08 . 2010-07-10 17:08 -------- d-----w- c:\program files\Steinberg
2010-07-08 19:41 . 2010-07-08 19:41 -------- d-----w- c:\programdata\WorldWinner.com
2010-07-08 03:11 . 2009-05-20 15:53 -------- d-----w- c:\users\Kristi\AppData\Roaming\Skype
2010-07-01 20:18 . 2009-05-19 16:41 -------- d-----w- c:\program files\VideoLAN
2010-06-26 01:51 . 2010-06-26 01:51 -------- d-----w- c:\program files\Antares Audio Technologies
2010-06-26 01:12 . 2010-06-26 01:11 -------- d-----w- c:\users\Kristi\AppData\Roaming\OpenCandy
2010-06-26 01:12 . 2010-06-26 01:11 9542615 ----a-w- c:\users\Kristi\AppData\Roaming\OpenCandy\p1v1RMinstall-OpenCandy(225.2)Wrapped.exe
2010-06-26 01:11 . 2010-06-26 01:11 298440 ----a-w- c:\users\Kristi\AppData\Roaming\OpenCandy\DLMgr_3_1.5.47.exe
2010-06-25 16:46 . 2010-06-25 16:46 -------- d-----w- c:\program files\Common Files\Digidesign
2010-06-24 23:04 . 2010-06-24 23:04 233472 ----a-w- c:\users\Kristi\AppData\Roaming\REX Shared Library.dll
2010-06-24 23:04 . 2010-06-24 23:04 233472 ----a-w- c:\users\Kristi\AppData\Roaming\REX Shared Library.dll
2010-06-24 23:04 . 2010-06-24 23:04 225280 ----a-w- c:\users\Kristi\AppData\Roaming\Rewire.dll
2010-06-24 23:04 . 2010-06-24 23:04 225280 ----a-w- c:\users\Kristi\AppData\Roaming\Rewire.dll
2010-06-24 17:50 . 2010-06-24 17:50 -------- d-----w- c:\program files\7-Zip
2010-06-24 17:46 . 2010-06-24 17:44 -------- d-----w- c:\program files\File Extension Finder
2010-06-24 17:46 . 2010-06-24 17:46 -------- d-----w- c:\program files\Driver Robot
2010-06-24 15:00 . 2010-06-24 15:00 -------- d-----w- c:\program files\BeatModel T1
2010-06-24 02:04 . 2010-06-24 02:04 -------- d-----w- c:\users\Kristi\AppData\Roaming\Titanium Gears
2010-06-23 15:41 . 2007-10-31 18:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-22 06:13 . 2010-06-22 06:13 10344 -c--a-w- c:\windows\system32\drivers\symlcbrd.sys
2010-06-16 14:18 . 2010-06-16 02:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-06-16 01:48 . 2009-11-30 00:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-15 22:19 . 2010-06-15 22:19 -------- d-----w- c:\program files\InterLok
2010-06-11 02:51 . 2010-06-11 02:51 10134 ----a-r- c:\users\Kristi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-10 20:35 . 2010-07-09 06:28 65536 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\components\Engine.dll
2010-06-05 03:50 . 2010-06-05 03:50 135680 --sha-r- c:\users\Kristi\AppData\Roaming\powercfgl.dll
2010-06-05 03:50 . 2010-06-05 03:50 135680 --sha-r- c:\users\Kristi\AppData\Roaming\powercfgl.dll
2010-05-26 17:06 . 2010-06-12 00:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 00:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 23:01 . 2009-03-05 03:43 84 ----a-w- c:\users\Kristi\AppData\Roaming\wklnhst.dat
2010-05-21 18:14 . 2009-10-02 17:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 16:12 . 2010-05-18 16:12 18944 ----a-r- c:\users\Kristi\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2009-09-09 20:57 . 2009-09-09 20:57 359424 ----a-w- c:\program files\mozilla firefox\components\fpnyztwrlyxiuor.dll
2009-12-25 15:01 . 2008-06-13 16:04 88 --sh--r- c:\windows\System32\3B31AC07F6.sys
2009-12-25 15:02 . 2008-06-13 16:04 3764 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4219427b-0228-4356-a78b-eb7668d37d07}"= "c:\program files\InboxDollars\Helper.dll" [2010-07-15 243200]

[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2010-07-15 00:42 1497600 ----a-w- c:\program files\InboxDollars\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-03-18 19:13 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2010-07-15 1497600]

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2010-07-15 1497600]

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-13 322352]

c:\users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 297240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):17,da,32,33,8b,39,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3976001711-3613479640-1474261615-1001]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9c07e15bd6e9;Google Update Service (gupdate1c9c07e15bd6e9);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-09-30 3768]
R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys [2007-06-29 520960]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-13 697328]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20100119.001\IDSvix86.sys [2009-11-20 286768]
S2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [2009-02-04 2944736]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 23:32]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 23:32]

2010-08-10 c:\windows\Tasks\Norton Security Scan for Kristi.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-09 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:6522
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\components\Engine.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-14 15:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3144)
c:\ddi\overicon.dll
.
Completion time: 2010-08-14 15:23:00
ComboFix-quarantined-files.txt 2010-08-14 19:22
ComboFix2.txt 2010-08-14 18:41

Pre-Run: 17,736,822,784 bytes free
Post-Run: 17,725,919,232 bytes free

- - End Of File - - 497BAB622CF89DCBBE24379AE8CD481D

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Sat Aug 14, 2010 8:12 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\programdata\mswd\scss.exe
    c:\programdata\mswd\mswd.exe

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Sat Aug 14, 2010 9:42 pm

ComboFix 10-08-12.03 - Kristi 08/14/2010 17:22:40.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1069 [GMT -4:00]
Running from: c:\users\Kristi\Downloads\ComboFix.exe
Command switches used :: c:\users\Kristi\Documents\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\mswd\mswd.exe"
"c:\programdata\mswd\scss.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\mswd\mswd.exe
c:\programdata\mswd\scss.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 21:35 . 2010-08-14 21:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-14 21:35 . 2010-08-14 21:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-14 21:35 . 2010-08-14 21:35 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-08-14 21:35 . 2010-08-14 21:35 -------- d-----w- c:\users\Kristi\AppData\Local\temp
2010-08-14 21:35 . 2010-08-14 21:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-14 21:35 . 2010-08-14 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-14 02:35 . 2010-08-14 02:35 -------- dc----w- C:\_OTL
2010-08-13 04:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 04:38 . 2010-08-13 04:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 04:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 18:21 . 2010-08-14 21:35 -------- d-----w- c:\programdata\mswd
2010-08-11 02:20 . 2010-08-11 02:20 -------- d-----w- c:\users\Kristi\AppData\Roaming\Sakura
2010-08-10 22:31 . 2010-08-10 22:31 -------- d-----w- c:\users\Kristi\AppData\Roaming\vlc
2010-08-10 22:29 . 2010-08-10 22:29 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-08-10 18:13 . 2010-08-10 18:27 4494481 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\simsynth_install.exe
2010-08-10 18:10 . 2010-08-10 18:27 8945170 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\slicex_install.exe
2010-08-10 18:09 . 2010-08-10 18:26 5709174 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\maximus_install.exe
2010-08-10 18:09 . 2010-08-10 18:26 8374854 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\vocodex_install.exe
2010-08-10 18:09 . 2010-08-10 18:27 4436430 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\sakura_install.exe
2010-08-10 18:08 . 2010-08-10 18:27 1733300 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\dx-10_install.exe
2010-08-10 18:08 . 2010-08-10 18:26 1453698 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\drumsynthlive_install.exe
2010-08-10 18:08 . 2010-08-10 18:26 4954994 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\sawer_install.exe
2010-08-10 18:08 . 2010-08-10 18:27 5539512 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\directwavevst_install.exe
2010-08-10 18:08 . 2010-08-10 18:26 6801647 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\ogun_install.exe
2010-08-10 18:08 . 2010-08-10 18:26 8241888 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\juicepack_install.exe
2010-08-10 18:07 . 2010-08-10 18:27 11152860 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\edison_install.exe
2010-08-10 18:07 . 2010-08-10 18:27 5617869 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\autogun_install.exe
2010-08-10 18:06 . 2010-08-10 18:27 2535676 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\hardcore_install.exe
2010-08-10 18:06 . 2010-08-10 18:27 6636049 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\sytrus_install.exe
2010-08-10 18:06 . 2010-08-10 18:27 8947835 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\harmless_install.exe
2010-08-10 18:05 . 2010-08-10 18:23 5593790 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\grossbeat_install.exe
2010-08-10 18:04 . 2010-08-10 18:27 4283095 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\Drumaxx_install.exe
2010-08-10 18:04 . 2010-08-10 18:27 3323940 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\poizone_install.exe
2010-08-10 18:04 . 2010-08-10 18:28 40827956 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\deckadance.exe
2010-08-10 18:04 . 2010-08-10 18:28 207199929 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\flstudio_9.1.Setup.exe
2010-08-10 18:04 . 2010-08-10 18:27 5691033 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\toxicbiohazard_install.exe
2010-08-10 18:04 . 2010-08-10 18:27 56066280 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\ILFRUCTS91AIRCOMPLETE[1]\Image.Line.FL.Studio.XXL.Signature.Bundle.Complete.v9.1-AiR\Complete Extras\morphine_install.exe
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\programdata\Norton
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\windows\system32\drivers\NSS
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\program files\Norton Security Scan
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\programdata\NortonInstaller
2010-08-09 20:01 . 2010-08-09 20:01 -------- d-----w- c:\program files\NortonInstaller
2010-08-09 16:42 . 2010-08-09 16:42 -------- d-----w- c:\users\Kristi\AppData\Local\MigWiz
2010-08-09 15:34 . 2010-08-09 18:32 -------- d-----w- c:\users\Kristi\AppData\Local\tragwcxtl
2010-08-09 15:33 . 2010-08-14 18:30 -------- d-----w- c:\programdata\Update
2010-08-08 22:22 . 2010-08-08 22:22 -------- d-----w- c:\users\Kristi\AppData\Local\Microsoft Corporation
2010-08-08 02:34 . 2010-08-08 02:34 -------- d-----w- c:\programdata\Ableton
2010-08-07 23:14 . 2010-08-08 02:34 -------- d-----w- c:\users\Kristi\AppData\Roaming\Ableton
2010-08-04 19:05 . 2010-08-04 19:05 -------- d-----w- c:\program files\Elaborate Bytes
2010-08-03 23:00 . 2010-08-03 23:00 -------- d-----w- c:\users\Kristi\AppData\Roaming\Cycling '74
2010-08-03 23:00 . 2010-08-03 23:00 -------- d-----w- c:\program files\AkaiPro
2010-07-23 23:01 . 2010-07-23 23:01 84480 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
2010-07-23 23:01 . 2010-07-23 23:01 56832 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\update.exe
2010-07-23 23:01 . 2010-07-23 23:01 42496 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\uninstall.exe
2010-07-23 23:01 . 2010-07-23 23:01 301568 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbhelper.dll
2010-07-23 23:01 . 2010-07-23 23:01 152664 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\setup_widget_serv.exe
2010-07-23 23:01 . 2010-07-23 23:01 2767360 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbcore3.dll
2010-07-23 23:01 . 2010-07-23 23:01 41984 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\SearchToolbar.dll
2010-07-21 16:40 . 2010-07-21 16:40 -------- d-----w- c:\users\Kristi\AppData\Roaming\Harmless
2010-07-20 03:29 . 2010-07-20 03:29 5394208 ----a-w- c:\users\Kristi\AppData\Roaming\Blitware\DriverRobot\updates\abc95191a45adb07e02bfed478ab2665\driverrobot_setup.exe
2010-07-20 03:29 . 2010-07-20 03:29 -------- d-----w- c:\users\Kristi\AppData\Roaming\Blitware
2010-07-19 16:14 . 2010-07-19 16:14 -------- d-----w- c:\users\Kristi\AppData\Roaming\IrfanView
2010-07-19 16:14 . 2010-07-19 16:14 -------- d-----w- c:\program files\IrfanView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 20:25 . 2010-06-13 20:59 -------- d-----w- c:\users\Kristi\AppData\Roaming\uTorrent
2010-08-14 02:36 . 2010-05-07 01:41 -------- d-----w- c:\program files\Ask.com
2010-08-13 21:48 . 2009-09-12 15:31 -------- d-----w- c:\users\Kristi\AppData\Roaming\U3
2010-08-13 05:05 . 2009-05-08 21:28 1356 ----a-w- c:\users\Kristi\AppData\Local\d3d9caps.dat
2010-08-11 16:06 . 2010-06-24 23:03 -------- d-----w- c:\program files\Propellerhead
2010-08-10 20:04 . 2008-05-29 21:38 -------- d-----w- c:\program files\Tencent
2010-08-10 18:58 . 2010-06-24 04:55 -------- d-----w- c:\program files\ASIO4ALL v2
2010-08-10 18:56 . 2009-04-09 15:10 -------- d-----w- c:\program files\VstPlugins
2010-08-10 18:56 . 2009-04-09 15:07 -------- d-----w- c:\program files\Image-Line
2010-08-09 20:01 . 2007-11-15 11:00 -------- d-----w- c:\programdata\Symantec
2010-08-09 19:48 . 2009-09-20 00:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-06 16:56 . 2010-04-05 00:35 -------- d-----w- c:\programdata\DivX
2010-08-06 16:56 . 2009-02-08 04:31 -------- d-----w- c:\program files\DivX
2010-08-04 20:04 . 2010-06-25 16:46 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-08-04 19:51 . 2010-06-25 16:50 -------- d-----w- c:\users\Kristi\AppData\Roaming\Cakewalk
2010-08-04 19:38 . 2007-10-31 18:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 18:18 . 2009-04-11 23:17 -------- d-----w- c:\program files\ArcSoft
2010-08-02 03:34 . 2010-07-12 00:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-21 20:46 . 2009-03-22 04:01 -------- d-----w- c:\users\Kristi\AppData\Roaming\FrostWire
2010-07-15 00:42 . 2010-07-09 06:27 -------- d-----w- c:\program files\InboxDollars
2010-07-13 18:41 . 2010-06-24 23:04 -------- d-----w- c:\programdata\Propellerhead Software
2010-07-13 18:41 . 2010-06-24 23:04 -------- d-----w- c:\users\Kristi\AppData\Roaming\Propellerhead Software
2010-07-13 17:07 . 2010-07-13 16:27 -------- d-----w- c:\users\Kristi\AppData\Roaming\DAEMON Tools Pro
2010-07-13 16:28 . 2010-07-13 16:27 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-07-13 16:28 . 2010-07-13 16:28 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-13 16:27 . 2010-07-13 16:27 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-07-13 15:34 . 2010-07-13 15:32 164352 ----a-w- c:\users\Kristi\AppData\Roaming\uTorrent\Propellerhead Reason 4\crack\KEYGEN.EXE
2010-07-13 11:27 . 2010-07-13 11:27 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-07-12 03:25 . 2010-07-12 03:22 -------- d-----w- c:\program files\Spectrasonics
2010-07-12 02:19 . 2009-02-08 15:38 128952 ----a-w- c:\users\Kristi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-10 20:01 . 2010-07-10 20:01 249856 ------w- c:\windows\Setup1.exe
2010-07-10 20:01 . 2010-07-10 20:01 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-10 17:08 . 2010-07-10 17:08 -------- d-----w- c:\program files\Steinberg
2010-07-08 19:41 . 2010-07-08 19:41 -------- d-----w- c:\programdata\WorldWinner.com
2010-07-08 03:11 . 2009-05-20 15:53 -------- d-----w- c:\users\Kristi\AppData\Roaming\Skype
2010-07-01 20:18 . 2009-05-19 16:41 -------- d-----w- c:\program files\VideoLAN
2010-06-26 01:51 . 2010-06-26 01:51 -------- d-----w- c:\program files\Antares Audio Technologies
2010-06-26 01:12 . 2010-06-26 01:11 -------- d-----w- c:\users\Kristi\AppData\Roaming\OpenCandy
2010-06-26 01:12 . 2010-06-26 01:11 9542615 ----a-w- c:\users\Kristi\AppData\Roaming\OpenCandy\p1v1RMinstall-OpenCandy(225.2)Wrapped.exe
2010-06-26 01:11 . 2010-06-26 01:11 298440 ----a-w- c:\users\Kristi\AppData\Roaming\OpenCandy\DLMgr_3_1.5.47.exe
2010-06-25 16:46 . 2010-06-25 16:46 -------- d-----w- c:\program files\Common Files\Digidesign
2010-06-24 23:04 . 2010-06-24 23:04 233472 ----a-w- c:\users\Kristi\AppData\Roaming\REX Shared Library.dll
2010-06-24 23:04 . 2010-06-24 23:04 233472 ----a-w- c:\users\Kristi\AppData\Roaming\REX Shared Library.dll
2010-06-24 23:04 . 2010-06-24 23:04 225280 ----a-w- c:\users\Kristi\AppData\Roaming\Rewire.dll
2010-06-24 23:04 . 2010-06-24 23:04 225280 ----a-w- c:\users\Kristi\AppData\Roaming\Rewire.dll
2010-06-24 17:50 . 2010-06-24 17:50 -------- d-----w- c:\program files\7-Zip
2010-06-24 17:46 . 2010-06-24 17:44 -------- d-----w- c:\program files\File Extension Finder
2010-06-24 17:46 . 2010-06-24 17:46 -------- d-----w- c:\program files\Driver Robot
2010-06-24 15:00 . 2010-06-24 15:00 -------- d-----w- c:\program files\BeatModel T1
2010-06-24 02:04 . 2010-06-24 02:04 -------- d-----w- c:\users\Kristi\AppData\Roaming\Titanium Gears
2010-06-23 15:41 . 2007-10-31 18:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-22 06:13 . 2010-06-22 06:13 10344 -c--a-w- c:\windows\system32\drivers\symlcbrd.sys
2010-06-16 14:18 . 2010-06-16 02:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-06-16 01:48 . 2009-11-30 00:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-15 22:19 . 2010-06-15 22:19 -------- d-----w- c:\program files\InterLok
2010-06-11 02:51 . 2010-06-11 02:51 10134 ----a-r- c:\users\Kristi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-10 20:35 . 2010-07-09 06:28 65536 ----a-w- c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\components\Engine.dll
2010-06-05 03:50 . 2010-06-05 03:50 135680 --sha-r- c:\users\Kristi\AppData\Roaming\powercfgl.dll
2010-06-05 03:50 . 2010-06-05 03:50 135680 --sha-r- c:\users\Kristi\AppData\Roaming\powercfgl.dll
2010-05-26 17:06 . 2010-06-12 00:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 00:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 23:01 . 2009-03-05 03:43 84 ----a-w- c:\users\Kristi\AppData\Roaming\wklnhst.dat
2010-05-21 18:14 . 2009-10-02 17:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 16:12 . 2010-05-18 16:12 18944 ----a-r- c:\users\Kristi\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2009-09-09 20:57 . 2009-09-09 20:57 359424 ----a-w- c:\program files\mozilla firefox\components\fpnyztwrlyxiuor.dll
2009-12-25 15:01 . 2008-06-13 16:04 88 --sh--r- c:\windows\System32\3B31AC07F6.sys
2009-12-25 15:02 . 2008-06-13 16:04 3764 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4219427b-0228-4356-a78b-eb7668d37d07}"= "c:\program files\InboxDollars\Helper.dll" [2010-07-15 243200]

[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2010-07-15 00:42 1497600 ----a-w- c:\program files\InboxDollars\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-03-18 19:13 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2010-07-15 1497600]

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2010-07-15 1497600]

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-13 322352]

c:\users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 297240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):17,da,32,33,8b,39,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3976001711-3613479640-1474261615-1001]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9c07e15bd6e9;Google Update Service (gupdate1c9c07e15bd6e9);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-09-30 3768]
R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys [2007-06-29 520960]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-13 697328]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20100119.001\IDSvix86.sys [2009-11-20 286768]
S2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [2009-02-04 2944736]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 23:32]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 23:32]

2010-08-10 c:\windows\Tasks\Norton Security Scan for Kristi.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-09 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\components\Engine.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\abd9smz8.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-14 17:40:35
ComboFix-quarantined-files.txt 2010-08-14 21:40
ComboFix2.txt 2010-08-14 19:23
ComboFix3.txt 2010-08-14 18:41

Pre-Run: 19,604,492,288 bytes free
Post-Run: 17,077,227,520 bytes free

- - End Of File - - A22AECA9CE36406A07DF27CEFD51D03D

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Sat Aug 14, 2010 10:19 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Sat Aug 14, 2010 10:26 pm

DSound Simple Audio Pack 1 v2.4 - OxYGeN
µTorrent
32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player
AIM Toolbar
Alps Pointing-device for VAIO
Antares Autotune VST RTAS TDM v5.08
ANWIDA Soft DX Modulation Pack 1.0
AOL Uninstaller (Choose which Products to Remove)
AppCore
ArcSoft MediaImpression 2
ArcSoft Panorama Maker 4
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio Darkroom 2
ArcSoft RAW Thumbnail Viewer
ArcSoft Video Downloader
ArcSoft VideoImpression 2
ASIO4ALL
Ask Toolbar
AV
BlackBerry Desktop Software 4.5
BlackBerry Desktop Software 4.5
BlackBerry Device Software Updater
Bonjour
Bonjour Core for Windows
Bradford Persistent Agent
CA Yahoo! Anti-Spy (remove only)
ccCommon
CDDRV_Installer
Click to Disc
Click to Disc Editor
Collab
Compatibility Pack for the 2007 Office system
DigiTech RP150 Drivers
DigiTech RP150 Drivers
DigiTech X-Edit 2.4.1
DivX Setup
Download Updater (AOL LLC)
Driver Robot 1.0.9.13
Drumaxx
eGames Toolbar
File Extension Finder
FL Studio 8
FL Studio 9
FrostWire 4.18.6
GearDrvs
Google Chrome
Google Update Helper
Hardcore
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
IL Autogun
IL Download Manager
IL Gross Beat
IL Harmless
InboxDollars
Intel(R) Graphics Media Accelerator Driver
Interlok driver setup x32
IrfanView (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
KhalInstallWrapper
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LocationFree Player
Logitech Desktop Messenger
Logitech SetPoint
Logitech Updater
LPD8 Editor
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Megatetris Havingfunonline
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
Nero BackItUp 4 Essentials
Norton 360
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Norton Security Scan
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
OpenOffice.org Installer 1.0
PoiZone
Prosoniq Ambisone v1.3
QuickBooks Simple Start 2008
QuickTime
RealArcade
Realtek High Definition Audio Driver
Reason 4.0
reFX Slayer Demo 2.6.0
Roxio Activation Module
Roxio Media Manager
RTC Client API v1.2
SafeConnect
Sakura
Sawer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Setting Utility Series
Setup 1.0
Shop for HP Supplies
Skype™ 4.0
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Video Shared Library
SPBBC 32bit
Sprint Desktop Sync
SupportSoft Assisted Service
SuppSoft
Symantec Technical Support Controls
SymNet
TheLotron BeatModel T1 Plug-in Pack v1.2
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
USB 2.0 Video Camera
VAIO Center Access Bar
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO DVD Menu Data Basic
VAIO Entertainment Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.2
VAIO Media Redistribution 6.0
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO OOBE and Welcome Center
VAIO PC Wireless LAN Wizard
VAIO Power Management
VAIO Productivity Center
VAIO Security Center
VAIO Service Utility
VAIO Smart Network
VAIO Startup Assistant
VAIO Survey
VAIO Update 3
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Virtuadrum
VirtualCloneDrive
Waldorf D-Pole v1.5
Windows Media Player Firefox Plugin
WinDVD for VAIO
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Client 1.10.01

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Sat Aug 14, 2010 10:31 pm

Hello.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    Ask Toolbar
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) 6 Update 13
    Viewpoint Media Player

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Sat Aug 14, 2010 10:49 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4430

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/14/2010 6:48:19 PM
mbam-log-2010-08-14 (18-48-19).txt

Scan type: Quick scan
Objects scanned: 162669
Time elapsed: 12 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Sun Aug 15, 2010 12:39 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Sun Aug 15, 2010 4:34 am

It cleaned 12 files

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Mon Aug 16, 2010 12:42 am

Did you get a log? Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Mon Aug 16, 2010 4:43 am

no

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Mon Aug 16, 2010 10:16 pm

Oh okay, how is the machine running anyway?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Unknown Virus

Post by KidKlassik1 on Mon Aug 16, 2010 11:29 pm

Its running smooth Thank You

KidKlassik1
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-08-09
OS : Vista

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on Mon Aug 16, 2010 11:44 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum