Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Likely Google Redirect Virus


  • This topic is locked This topic is locked
26 replies to this topic

#1 hyperphonicfemale

hyperphonicfemale

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:50 PM

Posted 02 October 2011 - 01:04 AM

Hello, my name is Dylan, I'm assisting my friend Leah (owner of this account) with her infected computer. From what I can tell it's an internet redirect virus and I'm outside my area of expertise. I'll attach a Hijack This log in hopes of expediting this process for my friend. She knows how to use a computer well but knows little about viruses/malware/etc... Any help is greatly appreciated. If there is something more complicated than installing a program, running it, posting results on bleepingcomputer.com, just reference my name in a post and she'll let me know. Please and thank you.Attached File  hijackthis.log   10.04KB   0 downloads

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 07 October 2011 - 01:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421523 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 hyperphonicfemale

hyperphonicfemale
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:50 PM

Posted 09 October 2011 - 12:08 AM

Hello,

To briefly sum up my problem like the HelpBot said, I believe I have a google redirect virus. When I do a google search for anything, every other search is redirected to an ad page. As a result, I've found I'm getting more trojans and rogue malware infections (example: OpenCloud AV) which I was able to remove. I ran MalwareBytes and HitMan Pro scans but they weren't able to fix the redirect problem. I'm running a Windows 32 bit and do not have an original Windows CD available. I attached the DDS attach file and the gmer file.

Thank you in advance

DDS results:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_23
Run by Leah at 20:07:06 on 2011-10-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1144 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ndsu.edu/undergraduate/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: FroggyBoss Class: {539f76fd-084e-4858-86d5-62f02f54ae86} - c:\program files\minibar\Froggy.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: MrFroggy Class: {856e12b5-22d7-4e22-9aca-ea9a008dd65b} - c:\program files\minibar\Froggy.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - c:\program files\minibar\Kango.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjA1NjQzNjM3LUJBKzEtWEwrMS1UMy1GUDkrNi1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtRjEwTTEwRCsyLVgyMDEwKzItTElDKzc3LUZMMTArMS1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1UVUcrMy1ERFQrMA"&"prod=90"&"ver=10.0.1390
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files\minibar\MinibarButton.dll
LSP: mswsock.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{0B85F634-3FEA-44AD-A93A-8DE2C2BC4365} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{C8E7E969-11DE-4EBC-B87A-AFA18A9F4AAC} : DhcpNameServer = 64.21.232.212 76.10.67.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leah\appdata\roaming\mozilla\firefox\profiles\ld185dya.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59798
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\citrix\secure access client\npagee.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\leah\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\leah\appdata\roaming\mozilla\plugins\npagee.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-29 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-5 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-5 320856]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslb1dc4ee1;MpKslb1dc4ee1;c:\programdata\microsoft\microsoft antimalware\definition updates\{9c9d6d45-8c9e-45e8-ace2-55ceee990924}\MpKslb1dc4ee1.sys [2011-10-8 28752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-5 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-5 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-5 44768]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-8 24652]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-9-28 23624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-3 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f9da5658d9a0;Google Update Service (gupdate1c9f9da5658d9a0);c:\program files\google\update\GoogleUpdate.exe [2009-6-30 133104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-3 366152]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-30 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-10-08 20:48:12 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c9d6d45-8c9e-45e8-ace2-55ceee990924}\MpKslb1dc4ee1.sys
2011-10-08 20:47:31 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c9d6d45-8c9e-45e8-ace2-55ceee990924}\offreg.dll
2011-10-08 20:47:21 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c9d6d45-8c9e-45e8-ace2-55ceee990924}\mpengine.dll
2011-10-06 16:09:00 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-05 06:56:06 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62e74032-a396-4f27-bd99-66e935da1183}\gapaengine.dll
2011-10-05 06:43:26 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-05 06:03:41 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-05 06:03:40 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-05 05:28:53 -------- d-----w- c:\users\leah\appdata\local\{3BFC359D-4C4F-4253-BFFE-E07CAA1B3310}
2011-10-05 05:28:23 -------- d-----w- c:\users\leah\appdata\local\{74E7F29C-3430-443C-9151-BE1FE44C2D33}
2011-10-05 05:13:26 -------- d-----w- c:\users\leah\appdata\local\{E2B7E336-B5E0-419B-A76A-7889AA7C8A49}
2011-10-05 05:12:51 -------- d-----w- c:\users\leah\appdata\local\{82B30923-8E24-40B2-B5AA-894D8138BFB8}
2011-10-05 04:58:00 -------- d-----w- c:\users\leah\appdata\local\{0D1D04B2-19DE-4D75-BD64-BE801612B4EC}
2011-10-05 04:57:15 -------- d-----w- c:\users\leah\appdata\local\{280A0B7F-0ECD-4E80-A329-0603754CF64D}
2011-10-05 01:10:02 -------- d-----w- c:\program files\Minibar
2011-10-05 01:10:00 -------- d-----w- c:\program files\FaceSmooch Smileys
2011-10-05 01:01:32 -------- d-----w- c:\users\leah\appdata\local\{E2505141-F735-4CAB-9CCB-FB6792A69741}
2011-10-05 01:01:11 -------- d-----w- c:\users\leah\appdata\local\{2E324461-9144-48CE-8CFD-E2541C542890}
2011-10-05 00:14:26 -------- d-----w- c:\users\leah\appdata\local\{E4BA8B48-7F13-4063-B11A-E82959D0F1FD}
2011-10-05 00:13:54 -------- d-----w- c:\users\leah\appdata\local\{741811E4-00A9-4D49-9452-ACFBFD2C0117}
2011-10-04 07:15:57 -------- d-----w- c:\users\leah\appdata\local\{A243D257-9565-4EEB-A6DC-3F5096064FC6}
2011-10-04 07:15:37 -------- d-----w- c:\users\leah\appdata\local\{D510F0B2-9220-408E-9EB9-684EB3FA6D33}
2011-10-04 06:49:19 -------- d-----w- c:\users\leah\appdata\local\{75803AEB-CCB0-44DC-9EFD-9117BDCE6D8F}
2011-10-04 06:48:58 -------- d-----w- c:\users\leah\appdata\local\{2ECA7C12-909A-4425-B335-22AEB5F10FAF}
2011-10-04 02:45:27 41184 ----a-w- c:\windows\avastSS.scr
2011-10-04 02:36:34 0 ---ha-w- c:\windows\system32\pxvrptulec.tmp
2011-10-04 02:16:09 -------- d-----w- c:\users\leah\appdata\local\{69C7FF25-3965-4A09-B5FF-A835DD32AA50}
2011-10-04 02:15:40 -------- d-----w- c:\users\leah\appdata\local\{CEFD9F50-06B9-4A9D-9F52-4705002EBA3A}
2011-10-04 01:48:08 -------- d-----w- c:\users\leah\appdata\local\Apple
2011-10-04 01:39:28 -------- d-----w- c:\users\leah\appdata\local\{0CC5E626-4C87-431B-B277-60FE4755E9B1}
2011-10-04 01:38:51 -------- d-----w- c:\users\leah\appdata\local\{11B18925-C1DA-43FA-B303-DE288FE7EBA0}
2011-10-03 22:30:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 22:25:44 -------- d-----w- c:\users\leah\appdata\local\{24761A38-A199-4903-A4A4-BFA98E5EE65F}
2011-10-03 22:25:01 -------- d-----w- c:\users\leah\appdata\roaming\lycA1uvD2
2011-10-03 22:25:01 -------- d-----w- c:\users\leah\appdata\roaming\d8gRZ9hYXjVP
2011-10-03 22:06:26 -------- d-----w- c:\users\leah\appdata\roaming\k000uccS1ibDon
2011-10-03 22:06:26 -------- d-----w- c:\users\leah\appdata\roaming\arrrlOONtx
2011-10-03 22:06:20 -------- d-----w- c:\users\leah\appdata\roaming\hqqjjYCeekVrONx
2011-10-03 01:16:03 -------- d-----w- c:\users\leah\appdata\local\{986B6FF7-45A8-47BD-A2CC-BD650869CD77}
2011-10-03 01:15:34 -------- d-----w- c:\users\leah\appdata\local\{410C6DFE-1B40-4D23-BC05-5F20B54D7CDC}
2011-10-03 00:51:02 -------- d-----w- c:\users\leah\appdata\local\{053767B7-E8C9-4B02-AC9E-02C59FBBAF61}
2011-10-03 00:50:29 -------- d-----w- c:\users\leah\appdata\local\{4295BB2A-18D7-4E6D-B5C2-FA3F44CBCAFF}
2011-10-02 06:12:16 -------- d-----w- c:\users\leah\appdata\local\{80435B04-74DC-4C88-B218-52D1A21979B2}
2011-10-02 06:11:49 -------- d-----w- c:\users\leah\appdata\local\{93E51CB3-BF7A-4D0C-A5B3-ED28B79E3D3B}
2011-10-02 06:00:31 -------- d-----w- c:\users\leah\appdata\local\{CB804E6C-FC37-4EC9-BB6F-60D583A4240C}
2011-10-02 06:00:00 -------- d-----w- c:\users\leah\appdata\local\{110E02CA-951E-49BE-BF4B-38929D2B89D1}
2011-10-02 05:34:28 -------- d-----w- c:\users\leah\appdata\local\{6A5A6F8C-5E20-4974-95C9-AFC342EAE218}
2011-10-02 05:34:07 -------- d-----w- c:\users\leah\appdata\local\{8E1714D0-4FB0-4D03-8657-1AC4FE6C62F9}
2011-10-02 05:15:07 388096 ----a-r- c:\users\leah\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-02 05:15:06 -------- d-----w- c:\program files\Trend Micro
2011-10-02 04:43:56 -------- d-----w- c:\users\leah\appdata\local\{2220F9AC-5CF9-4CEF-83D6-8AC7D563A6CB}
2011-10-02 04:43:21 -------- d-----w- c:\users\leah\appdata\local\{BA4511C3-222E-4B90-BF71-177343ABD4CE}
2011-10-02 04:32:07 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-02 04:26:37 -------- d-----w- c:\users\leah\appdata\local\{6E7B672A-B91B-4CC8-BCD4-12639F266685}
2011-10-02 04:25:58 -------- d-----w- c:\users\leah\appdata\local\{845B808E-0AF9-401F-9050-9FFD4F11465C}
2011-10-02 04:16:43 -------- d-----w- c:\program files\CCleaner
2011-09-30 05:44:23 7269712 ------w- c:\programdata\microsoft\windows defender\definition updates\{14109141-7897-4666-8819-d6389acf9a19}\mpengine.dll
2011-09-30 05:38:28 -------- d-----w- c:\users\leah\appdata\local\{909EC3BF-CEF1-4044-9854-5CD42D3F1921}
2011-09-30 05:37:57 -------- d-----w- c:\users\leah\appdata\local\{C0192604-6CB9-47D8-A9C3-DE01AB6FAD4B}
2011-09-29 19:16:39 -------- d-----w- c:\users\leah\appdata\local\{75CB9C48-3EEC-49D3-A5B7-FAE8EED1420C}
2011-09-29 19:16:13 -------- d-----w- c:\users\leah\appdata\local\{12C8C56B-81B0-43E5-A783-A8D753F01677}
2011-09-29 16:28:38 -------- d-----w- c:\users\leah\appdata\roaming\PNNyyxA11uS2oFp
2011-09-29 16:28:38 -------- d-----w- c:\users\leah\appdata\roaming\gGG55aQQJ6WK8RL
2011-09-29 16:28:24 -------- d-----w- c:\users\leah\appdata\roaming\OCCCekkIVrzOtx0
2011-09-29 06:12:52 -------- d-----w- c:\users\leah\appdata\local\{5C9195AD-C52F-4467-92AD-C5531548418F}
2011-09-29 06:12:34 -------- d-----w- c:\users\leah\appdata\local\{C3D95BB9-DB99-4282-9F32-A49A2BEEA1A7}
2011-09-28 07:20:46 -------- d-----w- c:\users\leah\appdata\local\{667F3C0D-E5EF-48D3-A500-EF392CB6F853}
2011-09-28 07:20:23 -------- d-----w- c:\users\leah\appdata\local\{174233FB-68C4-472C-AB48-AD406DDDD82F}
2011-09-28 07:00:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-28 07:00:39 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-28 07:00:03 -------- d-----w- c:\programdata\Hitman Pro
2011-09-26 06:17:07 -------- d-----w- c:\users\leah\appdata\local\{D708EE2A-F1A0-44CA-8FB3-74D82674D2D9}
2011-09-26 06:16:31 -------- d-----w- c:\users\leah\appdata\local\{C0E11689-46CF-4342-AD04-41EFEB661C44}
2011-09-25 22:10:46 -------- d-----w- c:\users\leah\appdata\local\{16E77D9D-43B7-409A-9190-668026B3DA33}
2011-09-25 22:10:25 -------- d-----w- c:\users\leah\appdata\local\{48FA41D5-361D-40CA-A4A1-FFC7E6BB3C07}
2011-09-25 17:35:37 -------- d-----w- c:\users\leah\appdata\local\{90510A3A-2C88-4E97-81E7-5437643A5052}
2011-09-25 17:35:26 -------- d-----w- c:\users\leah\appdata\local\{B2D4A227-F927-4972-8578-E5F17A62B825}
2011-09-19 04:00:09 -------- d-----w- c:\users\leah\appdata\local\{531BC6A6-8A8C-4B4B-B272-17DDD52631DD}
2011-09-19 03:59:47 -------- d-----w- c:\users\leah\appdata\local\{01BE7A37-2FF8-4948-9AC9-547DB4B06384}
2011-09-17 15:40:19 -------- d-----w- c:\users\leah\appdata\local\{503B139E-4BFE-4725-9BDA-2B0880B869BC}
2011-09-17 15:39:56 -------- d-----w- c:\users\leah\appdata\local\{A281143B-AE95-4478-A7F5-4007D5CE5D9D}
2011-09-17 03:52:31 -------- d-----w- c:\users\leah\appdata\local\{A69DE050-56A7-4316-9560-05917FCC69BA}
2011-09-17 03:52:06 -------- d-----w- c:\users\leah\appdata\local\{0E9946CC-2201-4795-A67A-E250393F36B1}
2011-09-16 05:48:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-12 05:01:03 -------- d-----w- c:\users\leah\appdata\local\{6DBA68E5-0D67-4995-8A36-0B2894E21697}
2011-09-12 05:00:53 -------- d-----w- c:\users\leah\appdata\local\{8F806619-EF81-4630-BA0A-B81A787D8C73}
2011-09-12 04:55:29 -------- d-----w- c:\users\leah\appdata\local\{593885A7-CD4A-48AE-BB4C-4F6D699B3529}
2011-09-12 04:54:54 -------- d-----w- c:\users\leah\appdata\local\{9B637471-F7C4-4932-B8A7-A6D93A560D26}
2011-09-10 22:11:11 -------- d-----w- c:\users\leah\appdata\local\{CCAA366C-3921-44EF-99A1-E8E2025B7BA4}
2011-09-09 16:37:06 -------- d-----w- c:\users\leah\appdata\local\{FFD74307-24AE-41B7-9113-2FB89B484092}
2011-09-09 16:30:06 -------- d-----w- c:\users\leah\appdata\local\{38028D04-E068-421A-8D33-9028AB59A57C}
.
==================== Find3M ====================
.
2011-10-04 02:23:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 20:10:10.98 ===============

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 09 October 2011 - 05:54 AM

Hello, hyperphonicfemale.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case FrostWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578


Viewpoint (foistware) Warning"

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.
Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.

Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Avast!.





Step 1

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

Ask Toolbar
Celebrity Toolbar
FaceSmooch Smileys




Be sure to reboot when done.



Step 2



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 hyperphonicfemale

hyperphonicfemale
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:50 PM

Posted 09 October 2011 - 03:14 PM

While running combo fix I got a notification stating: "The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin? Y/N" I didn't know what this meant so I chose "no" for the time being.




ComboFix 11-10-09.01 - Leah 10/09/2011 14:43:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1780 [GMT -5:00]
Running from: c:\users\Leah\Desktop\etavaresCF.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Minibar\FrOGgy.dll
c:\program files\Minibar\KaNGo.dll
c:\program files\Minibar\MiNIbarbutton.dll
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Leah\AppData\Roaming\app
c:\users\Leah\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Leah\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Leah\AppData\Roaming\gGG55aQQJ6WK8RLOpenCloud Security.ico
c:\users\Leah\AppData\Roaming\k000uccS1ibDonOpen Cloud AV.ico
c:\users\Leah\AppData\Roaming\lycA1uvD2Open Cloud AV.ico
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{756f2b57-cf86-4297-9a57-a8725012926d}
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{756f2b57-cf86-4297-9a57-a8725012926d}\chrome.manifest
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{756f2b57-cf86-4297-9a57-a8725012926d}\chrome\xulcache.jar
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{756f2b57-cf86-4297-9a57-a8725012926d}\defaults\preferences\xulcache.js
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{756f2b57-cf86-4297-9a57-a8725012926d}\install.rdf
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{ce29e499-74b3-49e0-a4b2-ffe597d52019}
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{ce29e499-74b3-49e0-a4b2-ffe597d52019}\chrome.manifest
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{ce29e499-74b3-49e0-a4b2-ffe597d52019}\chrome\xulcache.jar
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{ce29e499-74b3-49e0-a4b2-ffe597d52019}\defaults\preferences\xulcache.js
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{ce29e499-74b3-49e0-a4b2-ffe597d52019}\install.rdf
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{e17a4e68-7196-41f3-8db2-c4d268582dfd}
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{e17a4e68-7196-41f3-8db2-c4d268582dfd}\chrome.manifest
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{e17a4e68-7196-41f3-8db2-c4d268582dfd}\chrome\xulcache.jar
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{e17a4e68-7196-41f3-8db2-c4d268582dfd}\defaults\preferences\xulcache.js
c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{e17a4e68-7196-41f3-8db2-c4d268582dfd}\install.rdf
c:\windows\$NtUninstallKB51093$
c:\windows\$NtUninstallKB51093$\185848510
c:\windows\$NtUninstallKB51093$\658972461\@
c:\windows\$NtUninstallKB51093$\658972461\bckfg.tmp
c:\windows\$NtUninstallKB51093$\658972461\cfg.ini
c:\windows\$NtUninstallKB51093$\658972461\Desktop.ini
c:\windows\$NtUninstallKB51093$\658972461\keywords
c:\windows\$NtUninstallKB51093$\658972461\kwrd.dll
c:\windows\$NtUninstallKB51093$\658972461\L\qnbwvoto
c:\windows\$NtUninstallKB51093$\658972461\lsflt7.ver
c:\windows\$NtUninstallKB51093$\658972461\U\00000001.@
c:\windows\$NtUninstallKB51093$\658972461\U\00000002.@
c:\windows\$NtUninstallKB51093$\658972461\U\80000000.@
c:\windows\$NtUninstallKB51093$\658972461\U\80000032.@
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 19:54 . 2011-10-09 19:56 -------- d-----w- c:\users\Leah\AppData\Local\temp
2011-10-09 19:54 . 2011-10-09 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 19:39 . 2011-10-09 19:39 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD46CC3C-A5CE-4141-AAAE-7B401658B350}\offreg.dll
2011-10-09 06:51 . 2011-09-12 21:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD46CC3C-A5CE-4141-AAAE-7B401658B350}\mpengine.dll
2011-10-06 16:09 . 2011-09-12 21:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-05 06:56 . 2011-10-05 06:51 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62E74032-A396-4F27-BD99-66E935DA1183}\gapaengine.dll
2011-10-05 06:43 . 2011-10-05 06:44 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-05 01:19 . 2011-10-05 01:19 -------- d-----w- c:\programdata\Yahoo! Companion
2011-10-05 01:10 . 2011-10-09 19:54 -------- d-----w- c:\program files\Minibar
2011-10-04 02:36 . 2011-10-04 02:36 0 ---ha-w- c:\windows\system32\pxvrptulec.tmp
2011-10-04 01:48 . 2011-10-04 01:48 -------- d-----w- c:\users\Leah\AppData\Local\Apple
2011-10-03 22:30 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Leah\AppData\Roaming\lycA1uvD2
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Leah\AppData\Roaming\d8gRZ9hYXjVP
2011-10-03 22:06 . 2011-10-03 22:06 -------- d-----w- c:\users\Leah\AppData\Roaming\k000uccS1ibDon
2011-10-03 22:06 . 2011-10-03 22:06 -------- d-----w- c:\users\Leah\AppData\Roaming\arrrlOONtx
2011-10-03 22:06 . 2011-10-03 22:06 -------- d-----w- c:\users\Leah\AppData\Roaming\hqqjjYCeekVrONx
2011-10-03 22:02 . 2011-10-03 22:02 -------- d-----w- c:\windows\Sun
2011-10-02 05:15 . 2011-10-02 05:15 388096 ----a-r- c:\users\Leah\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-02 05:15 . 2011-10-02 05:15 -------- d-----w- c:\program files\Trend Micro
2011-10-02 04:32 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-02 04:16 . 2011-10-02 04:16 -------- d-----w- c:\program files\CCleaner
2011-09-30 05:44 . 2011-09-21 14:00 7269712 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14109141-7897-4666-8819-D6389ACF9A19}\mpengine.dll
2011-09-29 16:28 . 2011-09-29 16:28 -------- d-----w- c:\users\Leah\AppData\Roaming\PNNyyxA11uS2oFp
2011-09-29 16:28 . 2011-09-29 16:28 -------- d-----w- c:\users\Leah\AppData\Roaming\gGG55aQQJ6WK8RL
2011-09-29 16:28 . 2011-09-29 16:28 -------- d-----w- c:\users\Leah\AppData\Roaming\OCCCekkIVrzOtx0
2011-09-28 07:00 . 2011-10-05 05:26 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-28 07:00 . 2011-09-28 07:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-28 07:00 . 2011-09-28 07:15 -------- d-----w- c:\programdata\Hitman Pro
2011-09-16 05:48 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 02:23 . 2011-06-04 16:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 11:04 . 2011-08-10 05:38 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00 . 2011-08-10 05:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 05:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 05:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59 . 2011-08-10 05:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03 . 2011-08-10 05:38 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27 . 2011-08-10 05:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 05:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-10-02 21:22 . 2011-05-10 00:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA1NjQzNjM3LUJBKzEtWEwrMS1UMy1GUDkrNi1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtRjEwTTEwRCsyLVgyMDEwKzItTElDKzc3LUZMMTArMS1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1UVUcrMy1ERFQrMA&prod=90&ver=10.0.1390" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f9da5658d9a0;Google Update Service (gupdate1c9f9da5658d9a0);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-05 23624]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-06-20 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-06-20 64512]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 23:27]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ndsu.edu/undergraduate/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59798
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-29073722.sys
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 14:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-10-09 14:59:59
ComboFix-quarantined-files.txt 2011-10-09 19:59
.
Pre-Run: 155,732,348,928 bytes free
Post-Run: 156,737,171,456 bytes free
.
- - End Of File - - 85F579A93DF34BD1E2C59D769B07B829

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 09 October 2011 - 05:41 PM

Hello, hyperphonicfemale.

The redirect should be gone, can you please confirm?



Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

Folder::
c:\program files\Minibar
c:\users\Leah\AppData\Roaming\lycA1uvD2
c:\users\Leah\AppData\Roaming\d8gRZ9hYXjVP
c:\users\Leah\AppData\Roaming\k000uccS1ibDon
c:\users\Leah\AppData\Roaming\arrrlOONtx
c:\users\Leah\AppData\Roaming\hqqjjYCeekVrONx
c:\users\Leah\AppData\Roaming\PNNyyxA11uS2oFp
c:\users\Leah\AppData\Roaming\gGG55aQQJ6WK8RL
c:\users\Leah\AppData\Roaming\OCCCekkIVrzOtx0
File::
c:\windows\system32\pxvrptulec.tmp
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
Firefox::
FF - ProfilePath - c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59798
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares

Edited by etavares, 09 October 2011 - 05:43 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 hyperphonicfemale

hyperphonicfemale
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:50 PM

Posted 09 October 2011 - 07:17 PM

Yes the redirect appears to be gone!



ComboFix 11-10-09.01 - Leah 10/09/2011 19:02:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1688 [GMT -5:00]
Running from: c:\users\Leah\Desktop\etavaresCF.exe
Command switches used :: c:\users\Leah\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\pxvrptulec.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Minibar
c:\program files\Minibar\config.xml
c:\program files\Minibar\extension_info.json
c:\program files\Minibar\icons\icon128.png
c:\program files\Minibar\icons\icon16.ico
c:\program files\Minibar\icons\icon19.ico
c:\program files\Minibar\icons\icon19.png
c:\program files\Minibar\icons\icon32.png
c:\program files\Minibar\icons\icon48.png
c:\program files\Minibar\kango-ui\browser_button.js
c:\program files\Minibar\kango-ui\commandbar_button.js
c:\program files\Minibar\kango-ui\theme\bubble\bottom-left.png
c:\program files\Minibar\kango-ui\theme\bubble\bottom-middle.png
c:\program files\Minibar\kango-ui\theme\bubble\bottom-right.png
c:\program files\Minibar\kango-ui\theme\bubble\middle-left.png
c:\program files\Minibar\kango-ui\theme\bubble\middle-right.png
c:\program files\Minibar\kango-ui\theme\bubble\tail-bottom.png
c:\program files\Minibar\kango-ui\theme\bubble\tail-left.png
c:\program files\Minibar\kango-ui\theme\bubble\tail-right.png
c:\program files\Minibar\kango-ui\theme\bubble\tail-top.png
c:\program files\Minibar\kango-ui\theme\bubble\top-left.png
c:\program files\Minibar\kango-ui\theme\bubble\top-middle.png
c:\program files\Minibar\kango-ui\theme\bubble\top-right.png
c:\program files\Minibar\kango-ui\ui.js
c:\program files\Minibar\kango\browser.js
c:\program files\Minibar\kango\console.js
c:\program files\Minibar\kango\event_listener.js
c:\program files\Minibar\kango\initialize.js
c:\program files\Minibar\kango\io.js
c:\program files\Minibar\kango\json.js
c:\program files\Minibar\kango\jsonstorage.js
c:\program files\Minibar\kango\kango.js
c:\program files\Minibar\kango\lang.js
c:\program files\Minibar\kango\md5.js
c:\program files\Minibar\kango\messaging.js
c:\program files\Minibar\kango\storage.js
c:\program files\Minibar\kango\userscript_engine.js
c:\program files\Minibar\kango\utils.js
c:\program files\Minibar\kango\xhr.js
c:\program files\Minibar\minibar\actions.js
c:\program files\Minibar\minibar\cachedxhr.js
c:\program files\Minibar\minibar\config.js
c:\program files\Minibar\minibar\config.json
c:\program files\Minibar\minibar\macros.js
c:\program files\Minibar\minibar\minibar.js
c:\users\Leah\AppData\Roaming\arrrlOONtx
c:\users\Leah\AppData\Roaming\d8gRZ9hYXjVP
c:\users\Leah\AppData\Roaming\gGG55aQQJ6WK8RL
c:\users\Leah\AppData\Roaming\hqqjjYCeekVrONx
c:\users\Leah\AppData\Roaming\k000uccS1ibDon
c:\users\Leah\AppData\Roaming\lycA1uvD2
c:\users\Leah\AppData\Roaming\OCCCekkIVrzOtx0
c:\users\Leah\AppData\Roaming\PNNyyxA11uS2oFp
c:\windows\system32\pxvrptulec.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-10 00:10 . 2011-10-10 00:10 -------- d-----w- c:\users\Leah\AppData\Local\temp
2011-10-10 00:10 . 2011-10-10 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 19:39 . 2011-10-09 19:39 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD46CC3C-A5CE-4141-AAAE-7B401658B350}\offreg.dll
2011-10-09 06:51 . 2011-09-12 21:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD46CC3C-A5CE-4141-AAAE-7B401658B350}\mpengine.dll
2011-10-06 16:09 . 2011-09-12 21:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-05 06:56 . 2011-10-05 06:51 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62E74032-A396-4F27-BD99-66E935DA1183}\gapaengine.dll
2011-10-05 06:43 . 2011-10-05 06:44 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-05 01:19 . 2011-10-05 01:19 -------- d-----w- c:\programdata\Yahoo! Companion
2011-10-04 01:48 . 2011-10-04 01:48 -------- d-----w- c:\users\Leah\AppData\Local\Apple
2011-10-03 22:30 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 22:02 . 2011-10-03 22:02 -------- d-----w- c:\windows\Sun
2011-10-02 05:15 . 2011-10-02 05:15 388096 ----a-r- c:\users\Leah\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-02 05:15 . 2011-10-02 05:15 -------- d-----w- c:\program files\Trend Micro
2011-10-02 04:32 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-02 04:16 . 2011-10-02 04:16 -------- d-----w- c:\program files\CCleaner
2011-09-30 05:44 . 2011-09-21 14:00 7269712 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14109141-7897-4666-8819-D6389ACF9A19}\mpengine.dll
2011-09-28 07:00 . 2011-10-05 05:26 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-28 07:00 . 2011-09-28 07:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-28 07:00 . 2011-09-28 07:15 -------- d-----w- c:\programdata\Hitman Pro
2011-09-16 05:48 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 02:23 . 2011-06-04 16:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 11:04 . 2011-08-10 05:38 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00 . 2011-08-10 05:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 05:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 05:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59 . 2011-08-10 05:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03 . 2011-08-10 05:38 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27 . 2011-08-10 05:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 05:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-10-02 21:22 . 2011-05-10 00:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA1NjQzNjM3LUJBKzEtWEwrMS1UMy1GUDkrNi1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtRjEwTTEwRCsyLVgyMDEwKzItTElDKzc3LUZMMTArMS1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1UVUcrMy1ERFQrMA&prod=90&ver=10.0.1390" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f9da5658d9a0;Google Update Service (gupdate1c9f9da5658d9a0);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-05 23624]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-06-20 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-06-20 64512]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 23:27]
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ndsu.edu/undergraduate/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-09 19:12:23
ComboFix-quarantined-files.txt 2011-10-10 00:12
ComboFix2.txt 2011-10-09 20:00
.
Pre-Run: 156,721,156,096 bytes free
Post-Run: 158,139,908,096 bytes free
.
- - End Of File - - 36E168B87EC1D25A4A70E05B7F691AC8

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 10 October 2011 - 05:41 PM

Hello, hyperphonicfemale.


Step 1

Your OpenOffice is out of date. You're using 3.1 and I believe the current version is 3.3. Please launch any Open Office program and select Help --> Check for updates nad let it update to clolse known security holes that viruses take advantage of.



Step 2

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 26 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 6
    Java 6 Update 23
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




Step 3

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/download/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 4

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=0
    :commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 5

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 hyperphonicfemale

hyperphonicfemale
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:50 PM

Posted 11 October 2011 - 02:23 AM

I uninstalled Open Office as I no longer use it. I updated both Java and Adobe Reader.
Here are the log results.

All processes killed
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\\"AntiVirusOverride"|0 /E!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Leah
->Temp folder emptied: 139132 bytes
->Temporary Internet Files folder emptied: 573175 bytes
->Java cache emptied: 53601524 bytes
->FireFox cache emptied: 55381260 bytes
->Flash cache emptied: 1051256 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82319 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10112011_013649

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL Logfile

OTL logfile created on: 10/11/2011 1:45:55 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Leah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 59.45% Memory free
5.94 Gb Paging File | 4.81 Gb Available in Paging File | 80.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.53 Gb Total Space | 147.44 Gb Free Space | 50.92% Space Free | Partition Type: NTFS

Computer Name: LEAH-LAPTOP | User Name: Leah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 01:35:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Leah\Desktop\OTL.exe
PRC - [2011/10/02 16:22:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/28 07:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/02 16:22:49 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 22:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/13 15:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/10/11 01:40:26 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA192450-244F-49E2-8AC2-3D793C486562}\MpKsl6e655297.sys -- (MpKsl6e655297)
DRV - [2011/10/11 01:11:06 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA192450-244F-49E2-8AC2-3D793C486562}\MpKslb8f7c881.sys -- (MpKslb8f7c881)
DRV - [2011/10/05 00:26:50 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 22:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/15 20:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB


IE - HKU\.DEFAULT\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 61 3B 02 B2 DE 62 44 9A 78 32 F7 01 11 0A F8 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 61 3B 02 B2 DE 62 44 9A 78 32 F7 01 11 0A F8 [binary data]

IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ndsu.edu/undergraduate/
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 61 3B 02 B2 DE 62 44 9A 78 32 F7 01 11 0A F8 [binary data]
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {33A8946C-B859-4f7d-8382-ADAB29623DEE}:3.6
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.1.103.9: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Leah\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/25 16:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 16:22:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/11 01:23:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Leah\AppData\Roaming\Move Networks [2009/11/25 01:15:07 | 000,000,000 | ---D | M]

[2009/06/11 23:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leah\AppData\Roaming\Mozilla\Extensions
[2009/06/11 23:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leah\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/09 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions
[2010/06/08 16:16:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/11 01:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/21 20:54:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/26 19:29:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/18 16:53:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/11 01:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/09 13:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2011/10/02 16:22:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/11 01:15:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 16:22:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/09 19:10:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B85F634-3FEA-44AD-A93A-8DE2C2BC4365}: DhcpNameServer = 24.116.2.50 24.116.2.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E7E969-11DE-4EBC-B87A-AFA18A9F4AAC}: DhcpNameServer = 64.21.232.212 76.10.67.2
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Leah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Leah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 01:42:01 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{7BAE0CD8-0BEB-4174-B095-2C8C06F02B5D}
[2011/10/11 01:41:39 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{975F9FDB-2482-4E3A-BB7D-3AF52A12BFA2}
[2011/10/11 01:36:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/11 01:35:29 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Leah\Desktop\OTL.exe
[2011/10/11 01:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/11 01:16:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/11 01:16:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/11 01:16:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/11 01:12:57 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{D00B5AA2-5507-42D5-9AD7-6D74D8B5D901}
[2011/10/11 01:12:26 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{EC8205C3-AB1E-4DF5-A466-DFF18C45C5B4}
[2011/10/11 01:05:49 | 016,852,768 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Leah\Desktop\jre-6u26-windows-i586-s.exe
[2011/10/11 00:37:00 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{F9539B38-B54F-400A-BDC8-1E2D7A014BD6}
[2011/10/11 00:36:05 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{4EC18D4E-FCA0-4475-9EE8-5B9D25AD42AC}
[2011/10/09 19:12:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/09 19:12:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/09 19:12:24 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\temp
[2011/10/09 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{4982EA61-1E68-4D62-A3EE-2B2884465D9C}
[2011/10/09 15:16:15 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{20C1B1CF-EB39-45DB-A6C1-41CA2F600E3A}
[2011/10/09 13:11:27 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A4303CE4-1052-44A7-B680-BE165B495B0F}
[2011/10/09 13:10:55 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{514DF81D-C06F-4982-B118-2149BF359E98}
[2011/10/09 13:10:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/09 13:10:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/09 13:10:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/09 13:10:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/09 13:10:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 13:07:45 | 004,250,556 | R--- | C] (Swearware) -- C:\Users\Leah\Desktop\etavaresCF.exe
[2011/10/09 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A39DE2F7-3DF3-49B7-A4B2-461A1FC2A41D}
[2011/10/09 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{127640E1-B4AB-4539-B449-BC8BDBFAE1D1}
[2011/10/09 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{32CF8B45-54FC-4712-B094-357525D81F07}
[2011/10/09 12:42:04 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{9C36BDA3-F826-4070-A8B4-C7ABBA533B39}
[2011/10/08 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Leah\Desktop\gmer
[2011/10/05 01:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/05 00:28:53 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{3BFC359D-4C4F-4253-BFFE-E07CAA1B3310}
[2011/10/05 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{74E7F29C-3430-443C-9151-BE1FE44C2D33}
[2011/10/05 00:13:26 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{E2B7E336-B5E0-419B-A76A-7889AA7C8A49}
[2011/10/05 00:12:51 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{82B30923-8E24-40B2-B5AA-894D8138BFB8}
[2011/10/04 23:58:00 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{0D1D04B2-19DE-4D75-BD64-BE801612B4EC}
[2011/10/04 23:57:15 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{280A0B7F-0ECD-4E80-A329-0603754CF64D}
[2011/10/04 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/10/04 20:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/10/04 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{E2505141-F735-4CAB-9CCB-FB6792A69741}
[2011/10/04 20:01:11 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{2E324461-9144-48CE-8CFD-E2541C542890}
[2011/10/04 19:14:26 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{E4BA8B48-7F13-4063-B11A-E82959D0F1FD}
[2011/10/04 19:13:54 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{741811E4-00A9-4D49-9452-ACFBFD2C0117}
[2011/10/04 02:15:57 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A243D257-9565-4EEB-A6DC-3F5096064FC6}
[2011/10/04 02:15:37 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{D510F0B2-9220-408E-9EB9-684EB3FA6D33}
[2011/10/04 01:49:19 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{75803AEB-CCB0-44DC-9EFD-9117BDCE6D8F}
[2011/10/04 01:48:58 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{2ECA7C12-909A-4425-B335-22AEB5F10FAF}
[2011/10/03 21:16:09 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{69C7FF25-3965-4A09-B5FF-A835DD32AA50}
[2011/10/03 21:15:40 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{CEFD9F50-06B9-4A9D-9F52-4705002EBA3A}
[2011/10/03 20:48:08 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\Apple
[2011/10/03 20:39:28 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{0CC5E626-4C87-431B-B277-60FE4755E9B1}
[2011/10/03 20:38:51 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{11B18925-C1DA-43FA-B303-DE288FE7EBA0}
[2011/10/03 17:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/03 17:30:52 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/03 17:25:44 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{24761A38-A199-4903-A4A4-BFA98E5EE65F}
[2011/10/03 17:02:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/02 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{986B6FF7-45A8-47BD-A2CC-BD650869CD77}
[2011/10/02 20:15:34 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{410C6DFE-1B40-4D23-BC05-5F20B54D7CDC}
[2011/10/02 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{053767B7-E8C9-4B02-AC9E-02C59FBBAF61}
[2011/10/02 19:50:29 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{4295BB2A-18D7-4E6D-B5C2-FA3F44CBCAFF}
[2011/10/02 01:12:16 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{80435B04-74DC-4C88-B218-52D1A21979B2}
[2011/10/02 01:11:49 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{93E51CB3-BF7A-4D0C-A5B3-ED28B79E3D3B}
[2011/10/02 01:00:31 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{CB804E6C-FC37-4EC9-BB6F-60D583A4240C}
[2011/10/02 01:00:00 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{110E02CA-951E-49BE-BF4B-38929D2B89D1}
[2011/10/02 00:34:28 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{6A5A6F8C-5E20-4974-95C9-AFC342EAE218}
[2011/10/02 00:34:07 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{8E1714D0-4FB0-4D03-8657-1AC4FE6C62F9}
[2011/10/02 00:28:59 | 000,000,000 | ---D | C] -- C:\Users\Leah\Desktop\New Folder
[2011/10/02 00:15:07 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/02 00:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/01 23:43:56 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{2220F9AC-5CF9-4CEF-83D6-8AC7D563A6CB}
[2011/10/01 23:43:21 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{BA4511C3-222E-4B90-BF71-177343ABD4CE}
[2011/10/01 23:32:07 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/10/01 23:26:37 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{6E7B672A-B91B-4CC8-BCD4-12639F266685}
[2011/10/01 23:25:58 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{845B808E-0AF9-401F-9050-9FFD4F11465C}
[2011/10/01 23:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/01 23:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/30 00:38:28 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{909EC3BF-CEF1-4044-9854-5CD42D3F1921}
[2011/09/30 00:37:57 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{C0192604-6CB9-47D8-A9C3-DE01AB6FAD4B}
[2011/09/29 14:16:39 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{75CB9C48-3EEC-49D3-A5B7-FAE8EED1420C}
[2011/09/29 14:16:13 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{12C8C56B-81B0-43E5-A783-A8D753F01677}
[2011/09/29 01:12:52 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{5C9195AD-C52F-4467-92AD-C5531548418F}
[2011/09/29 01:12:34 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{C3D95BB9-DB99-4282-9F32-A49A2BEEA1A7}
[2011/09/28 02:20:46 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{667F3C0D-E5EF-48D3-A500-EF392CB6F853}
[2011/09/28 02:20:23 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{174233FB-68C4-472C-AB48-AD406DDDD82F}
[2011/09/28 02:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/09/28 02:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/26 01:17:07 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{D708EE2A-F1A0-44CA-8FB3-74D82674D2D9}
[2011/09/26 01:16:31 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{C0E11689-46CF-4342-AD04-41EFEB661C44}
[2011/09/25 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{16E77D9D-43B7-409A-9190-668026B3DA33}
[2011/09/25 17:10:25 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{48FA41D5-361D-40CA-A4A1-FFC7E6BB3C07}
[2011/09/25 12:35:37 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{90510A3A-2C88-4E97-81E7-5437643A5052}
[2011/09/25 12:35:26 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{B2D4A227-F927-4972-8578-E5F17A62B825}
[2011/09/18 23:00:09 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{531BC6A6-8A8C-4B4B-B272-17DDD52631DD}
[2011/09/18 22:59:47 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{01BE7A37-2FF8-4948-9AC9-547DB4B06384}
[2011/09/17 10:40:19 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{503B139E-4BFE-4725-9BDA-2B0880B869BC}
[2011/09/17 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A281143B-AE95-4478-A7F5-4007D5CE5D9D}
[2011/09/16 22:52:31 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A69DE050-56A7-4316-9560-05917FCC69BA}
[2011/09/16 22:52:06 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{0E9946CC-2201-4795-A67A-E250393F36B1}
[2011/09/12 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{6DBA68E5-0D67-4995-8A36-0B2894E21697}
[2011/09/12 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{8F806619-EF81-4630-BA0A-B81A787D8C73}
[2011/09/11 23:55:29 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{593885A7-CD4A-48AE-BB4C-4F6D699B3529}
[2011/09/11 23:54:54 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{9B637471-F7C4-4932-B8A7-A6D93A560D26}

========== Files - Modified Within 30 Days ==========

[2011/10/11 01:47:41 | 000,618,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/11 01:47:41 | 000,110,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/11 01:40:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 01:40:29 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 01:40:29 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 01:40:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/11 01:40:13 | 3082,805,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/11 01:35:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Leah\Desktop\OTL.exe
[2011/10/11 01:23:55 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/11 01:15:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/11 01:15:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/11 01:15:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/11 01:15:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/11 01:05:50 | 016,852,768 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Leah\Desktop\jre-6u26-windows-i586-s.exe
[2011/10/11 01:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 19:10:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/09 13:07:56 | 004,250,556 | R--- | M] (Swearware) -- C:\Users\Leah\Desktop\etavaresCF.exe
[2011/10/08 23:57:58 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/08 20:29:48 | 000,294,216 | ---- | M] () -- C:\Users\Leah\Desktop\gmer.zip
[2011/10/05 01:50:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/05 01:03:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/05 00:26:50 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/05 00:25:07 | 000,002,268 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/10/04 20:18:47 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/10/04 20:18:46 | 000,000,984 | ---- | M] () -- C:\Users\Leah\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/04 19:57:30 | 000,000,000 | ---- | M] () -- C:\Windows\757024551
[2011/10/04 19:19:41 | 001,089,845 | ---- | M] () -- C:\Users\Leah\Desktop\AVGInstLog.cab
[2011/10/04 08:40:54 | 000,000,882 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2011/10/04 02:07:40 | 371,263,481 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/03 21:23:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/03 17:30:56 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/02 01:04:05 | 000,002,521 | ---- | M] () -- C:\Users\Leah\Desktop\HiJackThis.lnk
[2011/10/01 23:16:43 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/28 02:00:40 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/28 01:57:25 | 000,006,648 | ---- | M] () -- C:\Users\Leah\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/10/11 01:23:55 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/11 01:23:53 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/09 13:10:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/09 13:10:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/09 13:10:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/09 13:10:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/09 13:10:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/08 20:29:43 | 000,294,216 | ---- | C] () -- C:\Users\Leah\Desktop\gmer.zip
[2011/10/05 01:43:43 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/05 00:11:03 | 3082,805,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/04 20:18:47 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/10/04 20:18:46 | 000,000,984 | ---- | C] () -- C:\Users\Leah\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/04 19:19:41 | 001,089,845 | ---- | C] () -- C:\Users\Leah\Desktop\AVGInstLog.cab
[2011/10/04 02:07:40 | 371,263,481 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/03 17:30:56 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/02 00:15:07 | 000,002,521 | ---- | C] () -- C:\Users\Leah\Desktop\HiJackThis.lnk
[2011/10/01 23:34:02 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/01 23:16:43 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/29 12:22:07 | 000,002,268 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/09/29 11:57:51 | 000,000,000 | ---- | C] () -- C:\Windows\757024551
[2011/09/28 02:00:40 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/28 02:00:40 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/07 00:44:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/07/07 00:44:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/05/10 16:11:37 | 000,000,173 | ---- | C] () -- C:\Users\Leah\AppData\Roaming\D2Info0
[2010/05/10 16:11:37 | 000,000,008 | ---- | C] () -- C:\Users\Leah\AppData\Roaming\DofusAppId0_2
[2009/12/01 14:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Leah\AppData\Local\prvlcl.dat
[2009/11/16 13:30:39 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/09/11 08:04:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 08:04:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/01 17:40:46 | 000,000,552 | ---- | C] () -- C:\Users\Leah\AppData\Local\d3d8caps.dat
[2009/08/06 21:51:14 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 20:50:51 | 000,018,432 | ---- | C] () -- C:\Users\Leah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/10 20:36:37 | 000,006,648 | ---- | C] () -- C:\Users\Leah\AppData\Local\d3d9caps.dat
[2009/06/04 23:33:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/04 18:19:33 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/06/04 18:19:31 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/01/18 02:27:03 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/01/18 02:27:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/01/18 02:27:03 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/01/18 02:27:03 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/01/18 02:00:16 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2009/01/18 02:00:16 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2009/01/18 02:00:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/01/18 02:00:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/01/18 02:00:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2009/01/18 02:00:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/08/14 14:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 14:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/14 14:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/14 14:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/14 14:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/14 14:02:18 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 21:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 21:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 21:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 21:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 21:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 21:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 21:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 21:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 21:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 21:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/02/21 00:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,416,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,618,274 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,110,892 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Leah\Documents\MOV00696 - Copy.MPG:TOC.WMV

< End of report >




OTL Extras logfile created on: 10/11/2011 1:45:55 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Leah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 59.45% Memory free
5.94 Gb Paging File | 4.81 Gb Available in Paging File | 80.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.53 Gb Total Space | 147.44 Gb Free Space | 50.92% Space Free | Partition Type: NTFS

Computer Name: LEAH-LAPTOP | User Name: Leah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10230042-933A-46E9-B1A1-CC7DDEBB7CAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DE42929-1703-4437-BCE4-A602C067B6D7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2B8BEFAF-D196-4592-B636-F97F811B4512}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3B09026C-E9B9-457D-ACAF-46A5E5180D1F}" = rport=445 | protocol=6 | dir=out | app=system |
"{422CC70B-0BA6-49A7-B84B-78F537D15D90}" = lport=137 | protocol=17 | dir=in | app=system |
"{423236BD-01DE-4B31-9861-443B2DABE7BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43CB75AC-BDC5-44B6-927C-097028E8C420}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56A3002F-0319-4A13-8C89-1EF9690C5775}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{77A35B8E-561A-4DA8-BA16-5660BC2B2832}" = rport=138 | protocol=17 | dir=out | app=system |
"{858E97EE-041A-4496-AB85-1D112D907BDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AC93388-11D9-44D8-AA71-D679C5ADFFCB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9F7291D1-97EC-46CC-8AE7-54B4E457FE24}" = rport=137 | protocol=17 | dir=out | app=system |
"{A01CB7DA-95EA-46EB-8283-A76E1BF92F88}" = lport=139 | protocol=6 | dir=in | app=system |
"{A27C1F13-2B57-41CB-8082-EF421EB56BFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A39A41C5-36BF-417C-9994-BB05A6E8F418}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A543EB40-CBC8-4E18-9E1D-8D66CDB19C09}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6006F63-D7C8-4D23-9860-433DF18F40A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B6359AC5-3533-4EE9-B27F-7C2997CFF65D}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAD8DAEE-8586-4032-AC3C-DEB3E7A2E957}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D00FE635-CAF2-4451-AEB2-717673B93040}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1F1943B-26B6-4B5E-A4C5-91F6BE670BAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDFF9F7C-B8CF-4D9D-BE6E-8FEB1533DD69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FFC3513B-4DE8-4900-A905-50B981552F46}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B4A36F-378B-4103-8749-232DA98F40B4}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{0A0DACB8-DAD7-4C3C-852C-E76D01F6D930}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19709FAF-F586-4446-ACBB-C2E71FB1BACF}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{19B80962-D2B7-4047-A5D1-352865D490EF}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{1D9DEB67-8722-48F7-B837-4B1D487FC798}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{213E42CD-3D9C-40A0-8ADB-81ABBE9E7BF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A593919-7F1E-4775-82CA-3F04BFEC100F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2D3BDD79-01DD-4FA1-B4FC-A0E6FAF30E23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30163D43-ED14-4BEE-9521-3DAABDCD830A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{31B775FB-89E7-4352-AF27-B7B8A5145588}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34BF1552-6574-4614-B9E1-30FD6F918A26}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{36BA083E-6226-48A5-B508-B68235CA546E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{37D29691-5085-49DD-8195-7D10CCDA430B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{37E430F4-5480-440F-B2D7-D711B3DDB7C7}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
"{3FD28C15-02CC-49A8-920E-60CAEF859201}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{45A2BB1E-4DD9-4589-B745-E4A1F13B00F5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4932B41A-7DBC-4179-B84F-34276E97357B}" = dir=out | app=c:\program files\citrix\secure access client\nsepa.exe |
"{49B931EB-8CF3-4C42-BBBC-71D1EBA8F565}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{513C165B-BF82-49BA-B61F-4DEF88F451FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{544E4605-C021-42AF-ADED-0175CB216FFE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{58131F4D-7BB6-4117-8899-322A2B4EC0B2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5D1C0083-4CA2-477E-AA67-FF3E6B5DC2CE}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{6FC4CF14-BBD3-4D94-9A10-19B992E13B4B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{75111DDC-E400-4C00-A853-57EC715D3D26}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7915A985-C844-4B2B-8B20-336626DA618C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7A5F7D32-F0CA-4D0B-9A85-E974AC453028}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{7FD83AD9-E505-4630-8BC4-47D1FD4286A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{85C9DA66-49FC-40C2-85A6-4C048C4AA1C8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{87FB75D2-6D10-46C8-9F72-4EEA1CFA3D97}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8B4F24EE-CAB5-44EA-869A-C0A09A3D80D4}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{8CD2ED77-F62A-4ED9-94CB-4103728A00F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{91860AFE-C241-444A-8EB9-ECA0D85ABAAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9344FFEC-994E-40BE-8B4A-CDA3AD299FAB}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{97768816-3AA1-41F5-9A14-60B318FD2AA2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9EA4DDD7-8F71-4DE7-83E8-421BE1BA3BB6}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A13461FD-C098-4178-97ED-895EAAB33DFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{A420F580-0420-4110-8013-D295207862B1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{AE87CBDF-C7A6-4D36-89B5-E9764299ED33}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
"{B19B6327-C26B-4AB4-B761-75F1CCE38089}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B32A09AA-F853-4E13-B49D-C44657C40219}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{B3E7E3C3-09B0-46B5-814B-EE9D8096767C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C4B01345-5AF9-4E3D-82A6-557203839FFA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C7ECD686-FDF8-4C95-82BA-8C86EA03FA65}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{CDA9E1B6-3B75-4C0C-9075-80DD1DBE75C6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{CE88AA12-5890-4538-97CF-06F30261A60C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D180635B-DE89-46BB-A72B-5261577D9454}" = dir=in | app=c:\program files\citrix\secure access client\nsepa.exe |
"{D7B4B12E-5E04-4E31-AD72-42B647332FA3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DF13900E-27E6-4814-A3C7-D0171361B1F2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{E167C1A3-E404-4D4C-9F96-0DC16502797B}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{EF336F82-33EE-46AA-8D63-DBE074688C20}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F89EAF0A-862C-40E8-BAA1-83627011F3C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F942B330-9F31-4BB8-8B55-942B2DC95258}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{13D362E3-B144-46C1-B050-81B2686DBD49}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{1C394972-03AD-497B-A996-001D8DDD347F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{1E0A9D01-F964-43FB-AD52-D82B2F6AF21C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{8DCAABF0-DCD1-48FC-AA47-A0C834EFD4BD}C:\users\leah\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\leah\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D7F15D8F-FC97-41AF-8B7F-B1E84FAB12AA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{DD56A9D3-D45A-4EA8-94E8-8ADB5C0691DD}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{150A4C54-323B-4ECC-AE0F-3DF63E60AB1D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{53880B0A-AF5B-4470-A3E8-9CFEF1049096}C:\users\leah\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\leah\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{79C564D2-6B88-48BF-86B9-0576A9521FAB}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{7CFF17A5-54C9-4C67-8F33-C2E9CF6B5993}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{89F5ED96-032D-4091-BDC9-29C682BA8EDD}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{CD8D329F-5F9B-4F9C-8650-00AAA449F4A4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{85195381-0426-4715-8D25-E21B9457FC00}" = Ad-Aware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FFF31F60-C5C2-4CAA-A9B8-CD2F554B8E1F}" = Citrix Access Gateway Endpoint Analysis
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.1
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2011 2:41:50 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:50 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:50 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:50 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:51 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:51 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:52 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:52 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:58 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 2:41:58 AM | Computer Name = Leah-Laptop | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 10/11/2011 2:13:15 AM | Computer Name = Leah-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/11/2011 2:19:55 AM | Computer Name = Leah-Laptop | Source = DCOM | ID = 10010
Description =

Error - 10/11/2011 2:21:11 AM | Computer Name = Leah-Laptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.113.1259.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.

Error - 10/11/2011 2:23:13 AM | Computer Name = Leah-Laptop | Source = DCOM | ID = 10005
Description =

Error - 10/11/2011 2:23:13 AM | Computer Name = Leah-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 10/11/2011 2:23:13 AM | Computer Name = Leah-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/11/2011 2:36:50 AM | Computer Name = Leah-Laptop | Source = Service Control Manager | ID = 7031
Description =

Error - 10/11/2011 2:40:40 AM | Computer Name = Leah-Laptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 10/11/2011 2:42:49 AM | Computer Name = Leah-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/11/2011 2:50:32 AM | Computer Name = Leah-Laptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.113.1259.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.


< End of report >





Malwarebytes:



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7920

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

10/11/2011 2:04:37 AM
mbam-log-2011-10-11 (02-04-37).txt

Scan type: Quick scan
Objects scanned: 181536
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 11 October 2011 - 05:16 AM

Hello, hyperphonicfemale.

Looking better. There is one setting that we couldn't change, so we'll try one more time. If that doesn't work, we'll need to change the permissions so we can change it. THis setting stops windows from letting you know when your antivirus is turned off. Viruses often change this setting so you don't know that they disabled your anitivirus. WE'll also get one final online scan to confirm you're clean.



Step 1

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2


Try to update your definitions in MSE. THere was an error in the logs that it couldn't update, I want to make sure it's working OK before we're done.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 hyperphonicfemale

hyperphonicfemale
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:50 PM

Posted 11 October 2011 - 07:36 PM

I tried again to update the MSE definitions but was met with an error message:
"Security Essentials could not check for virus and spyware definition updates due to an Internet or network connectivity issue."
"Error code 0x80096001. Error description: Security Essentials couldn't install the definition updates. Please try again later."

I tried disconnecting from my network and modem and rebooting but I got the same result.


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"AntiVirusOverride" | 0 /E!

OTL by OldTimer - Version 3.2.29.1 log created on 10112011_154124




OTL logfile created on: 10/11/2011 3:42:46 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Leah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 37.67% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.53 Gb Total Space | 148.45 Gb Free Space | 51.27% Space Free | Partition Type: NTFS

Computer Name: LEAH-LAPTOP | User Name: Leah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 15:40:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Leah\Desktop\OTL.exe
PRC - [2011/10/02 16:22:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/28 07:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/02 19:51:11 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/02 16:22:49 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 22:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/13 15:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKslb8f7c881)
DRV - [2011/10/11 02:29:33 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{366B6AD5-1AB3-4B0A-A840-9BC5F42F4468}\MpKslfe2f7b5b.sys -- (MpKslfe2f7b5b)
DRV - [2011/10/05 00:26:50 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 22:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/15 20:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB


IE - HKU\.DEFAULT\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 61 3B 02 B2 DE 62 44 9A 78 32 F7 01 11 0A F8 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 61 3B 02 B2 DE 62 44 9A 78 32 F7 01 11 0A F8 [binary data]

IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ndsu.edu/undergraduate/
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 61 3B 02 B2 DE 62 44 9A 78 32 F7 01 11 0A F8 [binary data]
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {33A8946C-B859-4f7d-8382-ADAB29623DEE}:3.6
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.1.103.9: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Leah\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/25 16:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 16:22:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/11 01:23:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Leah\AppData\Roaming\Move Networks [2009/11/25 01:15:07 | 000,000,000 | ---D | M]

[2009/06/11 23:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leah\AppData\Roaming\Mozilla\Extensions
[2009/06/11 23:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leah\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/09 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions
[2010/06/08 16:16:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/11 01:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/21 20:54:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/26 19:29:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/18 16:53:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/11 01:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/09 13:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2011/10/02 16:22:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/11 01:15:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 16:22:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/09 19:10:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B85F634-3FEA-44AD-A93A-8DE2C2BC4365}: DhcpNameServer = 24.116.2.50 24.116.2.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E7E969-11DE-4EBC-B87A-AFA18A9F4AAC}: DhcpNameServer = 64.21.232.212 76.10.67.2
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Leah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Leah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 01:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/11 01:58:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/11 01:57:55 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Leah\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/11 01:42:01 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{7BAE0CD8-0BEB-4174-B095-2C8C06F02B5D}
[2011/10/11 01:41:39 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{975F9FDB-2482-4E3A-BB7D-3AF52A12BFA2}
[2011/10/11 01:36:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/11 01:35:29 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Leah\Desktop\OTL.exe
[2011/10/11 01:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/11 01:16:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/11 01:16:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/11 01:16:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/11 01:12:57 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{D00B5AA2-5507-42D5-9AD7-6D74D8B5D901}
[2011/10/11 01:12:26 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{EC8205C3-AB1E-4DF5-A466-DFF18C45C5B4}
[2011/10/11 01:05:49 | 016,852,768 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Leah\Desktop\jre-6u26-windows-i586-s.exe
[2011/10/11 00:37:00 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{F9539B38-B54F-400A-BDC8-1E2D7A014BD6}
[2011/10/11 00:36:05 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{4EC18D4E-FCA0-4475-9EE8-5B9D25AD42AC}
[2011/10/09 19:12:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/09 19:12:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/09 19:12:24 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\temp
[2011/10/09 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{4982EA61-1E68-4D62-A3EE-2B2884465D9C}
[2011/10/09 15:16:15 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{20C1B1CF-EB39-45DB-A6C1-41CA2F600E3A}
[2011/10/09 13:11:27 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A4303CE4-1052-44A7-B680-BE165B495B0F}
[2011/10/09 13:10:55 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{514DF81D-C06F-4982-B118-2149BF359E98}
[2011/10/09 13:10:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/09 13:10:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/09 13:10:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/09 13:10:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/09 13:10:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 13:07:45 | 004,250,556 | R--- | C] (Swearware) -- C:\Users\Leah\Desktop\etavaresCF.exe
[2011/10/09 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A39DE2F7-3DF3-49B7-A4B2-461A1FC2A41D}
[2011/10/09 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{127640E1-B4AB-4539-B449-BC8BDBFAE1D1}
[2011/10/09 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{32CF8B45-54FC-4712-B094-357525D81F07}
[2011/10/09 12:42:04 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{9C36BDA3-F826-4070-A8B4-C7ABBA533B39}
[2011/10/08 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Leah\Desktop\gmer
[2011/10/05 01:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/05 00:28:53 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{3BFC359D-4C4F-4253-BFFE-E07CAA1B3310}
[2011/10/05 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{74E7F29C-3430-443C-9151-BE1FE44C2D33}
[2011/10/05 00:13:26 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{E2B7E336-B5E0-419B-A76A-7889AA7C8A49}
[2011/10/05 00:12:51 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{82B30923-8E24-40B2-B5AA-894D8138BFB8}
[2011/10/04 23:58:00 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{0D1D04B2-19DE-4D75-BD64-BE801612B4EC}
[2011/10/04 23:57:15 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{280A0B7F-0ECD-4E80-A329-0603754CF64D}
[2011/10/04 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/10/04 20:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/10/04 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{E2505141-F735-4CAB-9CCB-FB6792A69741}
[2011/10/04 20:01:11 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{2E324461-9144-48CE-8CFD-E2541C542890}
[2011/10/04 19:14:26 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{E4BA8B48-7F13-4063-B11A-E82959D0F1FD}
[2011/10/04 19:13:54 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{741811E4-00A9-4D49-9452-ACFBFD2C0117}
[2011/10/04 02:15:57 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A243D257-9565-4EEB-A6DC-3F5096064FC6}
[2011/10/04 02:15:37 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{D510F0B2-9220-408E-9EB9-684EB3FA6D33}
[2011/10/04 01:49:19 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{75803AEB-CCB0-44DC-9EFD-9117BDCE6D8F}
[2011/10/04 01:48:58 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{2ECA7C12-909A-4425-B335-22AEB5F10FAF}
[2011/10/03 21:16:09 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{69C7FF25-3965-4A09-B5FF-A835DD32AA50}
[2011/10/03 21:15:40 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{CEFD9F50-06B9-4A9D-9F52-4705002EBA3A}
[2011/10/03 20:48:08 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\Apple
[2011/10/03 20:39:28 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{0CC5E626-4C87-431B-B277-60FE4755E9B1}
[2011/10/03 20:38:51 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{11B18925-C1DA-43FA-B303-DE288FE7EBA0}
[2011/10/03 17:25:44 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{24761A38-A199-4903-A4A4-BFA98E5EE65F}
[2011/10/03 17:02:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/02 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{986B6FF7-45A8-47BD-A2CC-BD650869CD77}
[2011/10/02 20:15:34 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{410C6DFE-1B40-4D23-BC05-5F20B54D7CDC}
[2011/10/02 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{053767B7-E8C9-4B02-AC9E-02C59FBBAF61}
[2011/10/02 19:50:29 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{4295BB2A-18D7-4E6D-B5C2-FA3F44CBCAFF}
[2011/10/02 01:12:16 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{80435B04-74DC-4C88-B218-52D1A21979B2}
[2011/10/02 01:11:49 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{93E51CB3-BF7A-4D0C-A5B3-ED28B79E3D3B}
[2011/10/02 01:00:31 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{CB804E6C-FC37-4EC9-BB6F-60D583A4240C}
[2011/10/02 01:00:00 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{110E02CA-951E-49BE-BF4B-38929D2B89D1}
[2011/10/02 00:34:28 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{6A5A6F8C-5E20-4974-95C9-AFC342EAE218}
[2011/10/02 00:34:07 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{8E1714D0-4FB0-4D03-8657-1AC4FE6C62F9}
[2011/10/02 00:28:59 | 000,000,000 | ---D | C] -- C:\Users\Leah\Desktop\New Folder
[2011/10/02 00:15:07 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/02 00:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/01 23:43:56 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{2220F9AC-5CF9-4CEF-83D6-8AC7D563A6CB}
[2011/10/01 23:43:21 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{BA4511C3-222E-4B90-BF71-177343ABD4CE}
[2011/10/01 23:32:07 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/10/01 23:26:37 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{6E7B672A-B91B-4CC8-BCD4-12639F266685}
[2011/10/01 23:25:58 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{845B808E-0AF9-401F-9050-9FFD4F11465C}
[2011/10/01 23:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/01 23:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/30 00:38:28 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{909EC3BF-CEF1-4044-9854-5CD42D3F1921}
[2011/09/30 00:37:57 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{C0192604-6CB9-47D8-A9C3-DE01AB6FAD4B}
[2011/09/29 14:16:39 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{75CB9C48-3EEC-49D3-A5B7-FAE8EED1420C}
[2011/09/29 14:16:13 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{12C8C56B-81B0-43E5-A783-A8D753F01677}
[2011/09/29 01:12:52 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{5C9195AD-C52F-4467-92AD-C5531548418F}
[2011/09/29 01:12:34 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{C3D95BB9-DB99-4282-9F32-A49A2BEEA1A7}
[2011/09/28 02:20:46 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{667F3C0D-E5EF-48D3-A500-EF392CB6F853}
[2011/09/28 02:20:23 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{174233FB-68C4-472C-AB48-AD406DDDD82F}
[2011/09/28 02:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/09/28 02:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/26 01:17:07 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{D708EE2A-F1A0-44CA-8FB3-74D82674D2D9}
[2011/09/26 01:16:31 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{C0E11689-46CF-4342-AD04-41EFEB661C44}
[2011/09/25 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{16E77D9D-43B7-409A-9190-668026B3DA33}
[2011/09/25 17:10:25 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{48FA41D5-361D-40CA-A4A1-FFC7E6BB3C07}
[2011/09/25 12:35:37 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{90510A3A-2C88-4E97-81E7-5437643A5052}
[2011/09/25 12:35:26 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{B2D4A227-F927-4972-8578-E5F17A62B825}
[2011/09/18 23:00:09 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{531BC6A6-8A8C-4B4B-B272-17DDD52631DD}
[2011/09/18 22:59:47 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{01BE7A37-2FF8-4948-9AC9-547DB4B06384}
[2011/09/17 10:40:19 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{503B139E-4BFE-4725-9BDA-2B0880B869BC}
[2011/09/17 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A281143B-AE95-4478-A7F5-4007D5CE5D9D}
[2011/09/16 22:52:31 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{A69DE050-56A7-4316-9560-05917FCC69BA}
[2011/09/16 22:52:06 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{0E9946CC-2201-4795-A67A-E250393F36B1}
[2011/09/12 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{6DBA68E5-0D67-4995-8A36-0B2894E21697}
[2011/09/12 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{8F806619-EF81-4630-BA0A-B81A787D8C73}
[2011/09/11 23:55:29 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{593885A7-CD4A-48AE-BB4C-4F6D699B3529}
[2011/09/11 23:54:54 | 000,000,000 | ---D | C] -- C:\Users\Leah\AppData\Local\{9B637471-F7C4-4932-B8A7-A6D93A560D26}

========== Files - Modified Within 30 Days ==========

[2011/10/11 15:40:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Leah\Desktop\OTL.exe
[2011/10/11 15:04:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 13:52:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/11 01:58:37 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/11 01:57:55 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Leah\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/11 01:47:41 | 000,618,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/11 01:47:41 | 000,110,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/11 01:40:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 01:40:29 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 01:40:29 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 01:40:13 | 3082,805,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/11 01:23:55 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/11 01:15:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/11 01:15:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/11 01:15:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/11 01:15:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/11 01:05:50 | 016,852,768 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Leah\Desktop\jre-6u26-windows-i586-s.exe
[2011/10/09 19:10:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/09 13:07:56 | 004,250,556 | R--- | M] (Swearware) -- C:\Users\Leah\Desktop\etavaresCF.exe
[2011/10/08 23:57:58 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/08 20:29:48 | 000,294,216 | ---- | M] () -- C:\Users\Leah\Desktop\gmer.zip
[2011/10/05 01:50:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/05 01:03:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/05 00:26:50 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/05 00:25:07 | 000,002,268 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/10/04 20:18:47 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/10/04 20:18:46 | 000,000,984 | ---- | M] () -- C:\Users\Leah\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/04 19:57:30 | 000,000,000 | ---- | M] () -- C:\Windows\757024551
[2011/10/04 19:19:41 | 001,089,845 | ---- | M] () -- C:\Users\Leah\Desktop\AVGInstLog.cab
[2011/10/04 08:40:54 | 000,000,882 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2011/10/04 02:07:40 | 371,263,481 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/03 21:23:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/02 01:04:05 | 000,002,521 | ---- | M] () -- C:\Users\Leah\Desktop\HiJackThis.lnk
[2011/10/01 23:16:43 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/28 02:00:40 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/28 01:57:25 | 000,006,648 | ---- | M] () -- C:\Users\Leah\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/10/11 01:58:37 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/11 01:23:55 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/11 01:23:53 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/09 13:10:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/09 13:10:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/09 13:10:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/09 13:10:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/09 13:10:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/08 20:29:43 | 000,294,216 | ---- | C] () -- C:\Users\Leah\Desktop\gmer.zip
[2011/10/05 01:43:43 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/05 00:11:03 | 3082,805,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/04 20:18:47 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/10/04 20:18:46 | 000,000,984 | ---- | C] () -- C:\Users\Leah\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/04 19:19:41 | 001,089,845 | ---- | C] () -- C:\Users\Leah\Desktop\AVGInstLog.cab
[2011/10/04 02:07:40 | 371,263,481 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/02 00:15:07 | 000,002,521 | ---- | C] () -- C:\Users\Leah\Desktop\HiJackThis.lnk
[2011/10/01 23:34:02 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/01 23:16:43 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/29 12:22:07 | 000,002,268 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/09/29 11:57:51 | 000,000,000 | ---- | C] () -- C:\Windows\757024551
[2011/09/28 02:00:40 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/28 02:00:40 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/07 00:44:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/07/07 00:44:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/05/10 16:11:37 | 000,000,173 | ---- | C] () -- C:\Users\Leah\AppData\Roaming\D2Info0
[2010/05/10 16:11:37 | 000,000,008 | ---- | C] () -- C:\Users\Leah\AppData\Roaming\DofusAppId0_2
[2009/12/01 14:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Leah\AppData\Local\prvlcl.dat
[2009/11/16 13:30:39 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/09/11 08:04:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 08:04:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/01 17:40:46 | 000,000,552 | ---- | C] () -- C:\Users\Leah\AppData\Local\d3d8caps.dat
[2009/08/06 21:51:14 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 20:50:51 | 000,018,432 | ---- | C] () -- C:\Users\Leah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/10 20:36:37 | 000,006,648 | ---- | C] () -- C:\Users\Leah\AppData\Local\d3d9caps.dat
[2009/06/04 23:33:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/04 18:19:33 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/06/04 18:19:31 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/01/18 02:27:03 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/01/18 02:27:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/01/18 02:27:03 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/01/18 02:27:03 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/01/18 02:00:16 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2009/01/18 02:00:16 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2009/01/18 02:00:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/01/18 02:00:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/01/18 02:00:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2009/01/18 02:00:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/08/14 14:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 14:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/14 14:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/14 14:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/14 14:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/14 14:02:18 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 21:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 21:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 21:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 21:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 21:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 21:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 21:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 21:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 21:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 21:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/02/21 00:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,416,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,618,274 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,110,892 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Leah\Documents\MOV00696 - Copy.MPG:TOC.WMV

< End of report >



ESET Scan

C:\Documents and Settings\Leah\Downloads\cnet_BonjourSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{756f2b57-cf86-4297-9a57-a8725012926d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{ce29e499-74b3-49e0-a4b2-ffe597d52019}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\ld185dya.default\extensions\{e17a4e68-7196-41f3-8db2-c4d268582dfd}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 11 October 2011 - 09:21 PM

Hello, hyperphonicfemale.

OK, the ESET scan looked OK. IT appears we're dealing with the leftover permissions the rootkit changed to lock you out. We can resolve it. First, let's run Junction again.

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 hyperphonicfemale

hyperphonicfemale
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:50 PM

Posted 11 October 2011 - 11:21 PM

The log file was too large to post as text in the post, as well as too large a file to attach in as a notepad txt file. In microsoft word it ended up being 2,212 pages long. What other options can I use to post it on here?

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 12 October 2011 - 06:37 AM

Wow...that is not typical, nor good. I will PM you my email address. Please reply here letting me know you sent it.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 hyperphonicfemale

hyperphonicfemale
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:50 PM

Posted 12 October 2011 - 01:07 PM

I sent the log file as the notepad txt file via gmail.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users