Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Ultimate 64 consrv not found


  • This topic is locked This topic is locked
24 replies to this topic

#1 wjason777

wjason777

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 30 October 2011 - 03:54 AM

My computer is in an infinite reboot loop. Can't get in with Safe Mode or Last Known Good Configuration. All flash a blue screen that says "This application has failed to start because consrv was not found. By accident I reinstalled windows, The computer started working fine but all my old programs and files was stored in windows.old folder. I did some research and found out how to recover windows from the windows.old folder and it worked. But im still have this consrv not found error when loading. I tried repairing with the windows disc and I'm still getting the same thing.

Sn: If you guy instruct me to boot a file from a usb drive how do I find out what letter than usb drive is?

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:51 AM

Posted 30 October 2011 - 11:38 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 30 October 2011 - 12:46 PM

I followed the prep guide but i am unable to get to my desktop to download those files and install them. The far I can go is the windows loading screen.

#4 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 30 October 2011 - 05:26 PM

Nevermind that last post I followed the same directions from this topic http://www.bleepingcomputer.com/forums/topic418997.html
Here is a copy of the log
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.7
Ran by SYSTEM at 2011-10-30 18:20:21
Running from F:\
Windows Vista ™ Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2004-12-13] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-18] (Apple Inc.)
HKU\Administrator\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Jason\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun [691656 2009-04-23] (DT Soft Ltd)
HKU\Jason\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Jason\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [954880 2009-12-06] (Ares Development Group)
HKU\Jason\...\Run: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-05-01] (Google Inc.)
HKU\Jason\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Jason\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Jason\...\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2495056 2011-07-26] (Plex, Inc.)
HKU\Jason\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANQAwADcAMwA2ADYANgA2ADMALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0AQwBJAFAAKwAyAA"&"prod=54"&"ver=9.0.894 [x]
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe [28160 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [28160 2008-01-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: acaptuser64.dll
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [69632 2011-05-16] (Adobe Systems)
2 ASKService; C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [464264 2009-04-02] ()
2 ASKUpgrade; C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [234888 2009-04-02] ()
3 DFSR; C:\Windows\System32\DFSR.exe [3433472 2009-04-10] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [268288 2009-04-10] (Microsoft Corporation)
2 ehstart; C:\Windows\ehome\ehstart.dll [15360 2006-11-02] (Microsoft Corporation)
2 EMDMgmt; C:\Windows\System32\emdmgmt.dll [399360 2009-04-10] (Microsoft Corporation)
2 gooersvc; C:\Program Files (x86)\Gooer\Gooer Remote Desktop RDP Client\GooerSvc.exe [675840 2007-09-29] (Gooer)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 Mp3Tube Toolbar Service; C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe [227840 2011-04-29] (Mp3Tube)
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2008-09-29] (Nero AG)
2 NitroReaderDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe" [341296 2011-01-14] (Nitro PDF Software)
3 p2pimsvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
3 PNRPAutoReg; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [211968 2008-01-20] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 slsvc; C:\Windows\System32\SLsvc.exe [2582016 2009-04-10] (Microsoft Corporation)
3 SLUINotify; C:\Windows\System32\SLUINotify.dll [73216 2009-04-10] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [302080 2009-07-10] (Microsoft Corporation)
2 Viewpoint Manager Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [428544 2008-01-20] (Microsoft Corporation)
2 WinVNC4; "C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service [439248 2006-05-12] (RealVNC Ltd.)
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [1020768 2010-03-18] (Microsoft Corporation)
2 XobniService; "C:\Program Files (x86)\Xobni\XobniService.exe" [46824 2009-10-15] (Xobni Corporation)
2 EraserSvc11013; "C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe" /h ccCommon [x]
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]
2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

========================== Drivers (Whitelisted) =============

4 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [126520 2008-01-20] (Adaptec, Inc.)
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-02] ()
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110929.001\BHDrvx64.sys [1152632 2011-09-29] (Symantec Corporation)
0 Ecache; C:\Windows\System32\drivers\ecache.sys [155112 2009-04-10] (Microsoft Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-10-09] (Symantec Corporation)
3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2009-05-07] (VSO Software)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [12800 2007-03-08] (GARMIN Corp.)
4 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [47672 2008-01-20] (Hewlett-Packard Company)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2009-06-10] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
4 i2omp; C:\Windows\System32\drivers\i2omp.sys [35896 2008-01-20] (Microsoft Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111012.034\IDSvia64.sys [488568 2011-10-07] (Symantec Corporation)
4 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\System32\drivers\iteraid.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [95584 2008-09-30] (JMicron Technology Corp.)
1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-02] ()
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [39016 2006-11-02] (LSI Logic Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111012.017\ENG64.SYS [117880 2011-10-09] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111012.017\EX64.SYS [2048632 2011-10-09] (Symantec Corporation)
3 rt70x64; C:\Windows\System32\DRIVERS\netr7064.sys [388448 2010-04-27] (Ralink Technology Corp.)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [174592 2008-08-06] (Realtek Corporation )
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [45624 2008-01-20] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-05-01] (Duplex Secure Ltd.)
3 SRTSP; C:\Windows\System32\drivers\N360x64\0500000.07D\SRTSP64.SYS [735864 2010-11-22] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0501000.01D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
4 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [49256 2006-11-02] (LSI Logic)
0 SymDS; C:\Windows\System32\drivers\N360x64\0501000.01D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-10-09] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
3 SYMTDIv; C:\Windows\System32\drivers\N360x64\0500000.07D\SYMTDIV.SYS [432760 2010-11-30] (Symantec Corporation)
4 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [44648 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [48232 2006-11-02] (LSI Logic)
3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [18432 2008-01-20] (Microsoft Corporation)
3 ubloxusb; C:\Windows\System32\DRIVERS\ubloxusb.sys [95232 2008-09-11] (u-blox AG)
4 uliahci; C:\Windows\System32\drivers\uliahci.sys [284728 2008-01-20] (ULi Electronics Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [148072 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [174696 2008-01-20] (Promise Technology, Inc.)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19456 2009-04-10] (Microsoft Corporation)
3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [46592 2009-09-30] (Microsoft Corporation)
3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [903168 2008-01-20] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
4 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [x]
4 KLIF; C:\Windows\System32\DRIVERS\klif.sys [x]
4 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
0 sr; [x]
2 srservice; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-30 18:20 - 2011-10-30 18:20 - 0000000 ____D C:\FRST
2011-10-29 20:58 - 2011-10-29 20:59 - 0000000 ____D C:\Users(2438)
2011-10-29 20:03 - 2011-10-29 21:27 - 0000000 ____D C:\Windows.old
2011-10-09 10:14 - 2011-10-09 10:14 - 0000000 ____D C:\Windows\system64
2011-10-09 10:12 - 2011-10-29 23:43 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-10-09 10:12 - 2011-10-29 23:42 - 0000000 ____D C:\Program Files (x86)\Norton Security Suite
2011-10-09 10:12 - 2011-10-29 22:17 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2011-10-09 10:12 - 2011-10-09 10:15 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2011-10-09 10:12 - 2011-10-09 10:15 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2011-10-09 10:12 - 2011-10-09 10:15 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2011-10-09 10:12 - 2011-10-09 10:15 - 0000000 ____D C:\Program Files\Symantec
2011-10-09 10:12 - 2011-10-09 10:14 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2011-10-09 10:12 - 2011-10-09 10:12 - 0002296 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2011-10-09 10:10 - 2011-10-29 23:43 - 0000000 ___SD C:\Users\Jason\Documents\Passwords Database
2011-10-08 15:12 - 2009-12-14 08:44 - 0085048 ____A (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2011-10-08 15:12 - 2009-12-14 08:44 - 0066104 ____A (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2011-10-08 15:02 - 2011-10-08 15:02 - 0920384 ____A C:\Users\Jason\Downloads\Norton_Removal_Tool.exe
2011-10-08 14:28 - 2011-10-08 14:29 - 126918424 ____A (Kaspersky Lab) C:\Users\Jason\Downloads\pure9.1.0.124-1862EN-INT.exe
2011-10-04 21:15 - 2011-10-04 21:15 - 0000495 ____A C:\Users\Public\Desktop\Rage.lnk
2011-10-03 11:04 - 2011-08-03 03:50 - 8355944 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 7254632 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 5404776 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 2532456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 24692840 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 2391656 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 22470248 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 2222184 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 2090088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 17193576 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 16595560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 1519720 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 1453160 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 12909672 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2011-10-03 11:04 - 2011-08-03 03:50 - 0067176 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2011-10-03 11:04 - 2011-08-03 03:50 - 0057960 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2011-10-03 10:58 - 2011-10-03 11:02 - 144591688 ____A (NVIDIA Corporation) C:\Users\Jason\Downloads\280.26-desktop-win7-winvista-64bit-english-whql.exe

============ 3 Months Modified Files and Folders =============

2011-10-30 18:20 - 2011-10-30 18:20 - 0000000 ____D C:\FRST
2011-10-29 23:57 - 2011-06-12 20:45 - 0000000 ____D C:\users\Administrator
2011-10-29 23:57 - 2011-05-09 19:21 - 0000000 ____D C:\users\UpdatusUser
2011-10-29 23:57 - 2009-04-29 17:44 - 0000000 ____D C:\users\Jason
2011-10-29 23:57 - 2006-11-02 04:33 - 82575360 ____A C:\Windows\System32\config\software_previous
2011-10-29 23:49 - 2009-12-14 00:16 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-10-29 23:49 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-10-29 23:49 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files (x86)\Windows Photo Gallery
2011-10-29 23:49 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2011-10-29 23:49 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files (x86)\Windows Collaboration
2011-10-29 23:49 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files (x86)\Windows Calendar
2011-10-29 23:44 - 2009-12-12 20:04 - 0000000 ____D C:\Windows\System32\SPReview
2011-10-29 23:44 - 2009-12-12 16:27 - 0000000 ____D C:\Windows\System32\EventProviders
2011-10-29 23:44 - 2009-09-09 15:00 - 0000000 ____D C:\Windows\SysWOW64\xlive
2011-10-29 23:44 - 2009-05-17 10:46 - 0000000 ____D C:\Windows\SysWOW64\%BlstFolder%
2011-10-29 23:44 - 2009-04-30 04:10 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2011-10-29 23:44 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\WindowsMobile
2011-10-29 23:44 - 2006-11-02 07:06 - 0000000 ____D C:\Windows\System32\restore
2011-10-29 23:44 - 2006-11-02 05:34 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2011-10-29 23:44 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\tapi
2011-10-29 23:44 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2011-10-29 23:44 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2011-10-29 23:43 - 2011-10-09 10:12 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-10-29 23:43 - 2011-10-09 10:10 - 0000000 ___SD C:\Users\Jason\Documents\Passwords Database
2011-10-29 23:43 - 2011-09-19 09:43 - 0000000 ____D C:\Program Files\iTunes
2011-10-29 23:43 - 2011-08-30 19:01 - 0000000 ____D C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2011-10-29 23:43 - 2011-08-30 15:11 - 0000000 ____D C:\Users\Jason\Desktop\Borderlands-RELOADED
2011-10-29 23:43 - 2011-08-23 17:01 - 0000000 ____D C:\Users\Jason\Desktop\Lavell.Crawford.Can.a.Brother.Get.Some.Love.2011.HDTV.XviD-FQM
2011-10-29 23:43 - 2011-08-18 16:39 - 0000000 ____D C:\Users\Jason\Desktop\Bastion-TiNYiSO
2011-10-29 23:43 - 2011-07-29 13:00 - 0000000 ____D C:\Program Files\Bonjour
2011-10-29 23:43 - 2011-06-22 16:05 - 0000000 ____D C:\Users\Jason\Desktop\Witcher.2.CRACK ONLY-SKIDROW
2011-10-29 23:43 - 2011-06-12 20:45 - 0000000 ____D C:\Users\Administrator\AppData\LocalLow
2011-10-29 23:43 - 2011-05-29 17:09 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-10-29 23:43 - 2011-05-16 21:13 - 0000000 ____D C:\Users\Jason\Desktop\Adobe Acrobat X
2011-10-29 23:43 - 2011-05-16 15:39 - 0000000 ____D C:\Users\Jason\AppData\Roaming\GetRightToGo
2011-10-29 23:43 - 2011-05-12 15:36 - 0000000 ____D C:\Windows\CATALOG
2011-10-29 23:43 - 2011-05-12 15:32 - 0000000 ____D C:\Windows\Driver Cache
2011-10-29 23:43 - 2011-05-02 20:31 - 0000000 ____D C:\Users\Jason\Desktop\Android USB Driver
2011-10-29 23:43 - 2011-05-02 19:36 - 0000000 ____D C:\Users\Jason\Desktop\New Folder
2011-10-29 23:43 - 2010-12-27 21:43 - 0000000 ____D C:\Windows\pss
2011-10-29 23:43 - 2010-12-26 17:48 - 0000000 ____D C:\Users\Jason\AppData\Roaming\kikin
2011-10-29 23:43 - 2010-10-26 05:48 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Thunderbird
2011-10-29 23:43 - 2010-08-06 15:20 - 0000000 ____D C:\ProgramData\FLEXnet
2011-10-29 23:43 - 2010-06-29 14:26 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2011-10-29 23:43 - 2010-02-17 17:20 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-10-29 23:43 - 2010-02-17 16:44 - 0000000 ____D C:\Users\Jason\AppData\Roaming\SystemRequirementsLab
2011-10-29 23:43 - 2010-02-16 19:18 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Bioshock2
2011-10-29 23:43 - 2009-10-07 07:41 - 0000000 ____D C:\Program Files (x86)\Xobni
2011-10-29 23:43 - 2009-10-02 06:14 - 0000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2011-10-29 23:43 - 2009-09-19 23:19 - 0000000 ____D C:\Users\Jason\AppData\Roaming\vlc
2011-10-29 23:43 - 2009-09-12 17:36 - 0000000 ____D C:\Windows\Left 4 Dead
2011-10-29 23:43 - 2009-06-27 15:00 - 0000000 ____D C:\Users\Jason\Desktop\New Folder (2)
2011-10-29 23:43 - 2009-06-23 18:48 - 0000000 ____D C:\Users\Jason\AppData\Local\Microsoft Help
2011-10-29 23:43 - 2009-06-23 18:48 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-10-29 23:43 - 2009-05-29 02:56 - 0000000 ____D C:\Windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2011-10-29 23:43 - 2009-05-24 11:30 - 0000000 ____D C:\Users\Jason\AppData\Roaming\dvdcss
2011-10-29 23:43 - 2009-05-17 10:45 - 0000000 ____D C:\Windows\Minidump
2011-10-29 23:43 - 2009-05-07 00:05 - 0000000 ____D C:\Users\Jason\Documents\gothic3
2011-10-29 23:43 - 2009-05-01 21:37 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Azureus
2011-10-29 23:43 - 2009-05-01 05:45 - 0000000 ____D C:\ProgramData\Media Center Programs
2011-10-29 23:43 - 2009-05-01 00:58 - 0000000 ____D C:\Program Files\WinRAR
2011-10-29 23:43 - 2009-04-30 04:31 - 0000000 ____D C:\ProgramData\NVIDIA
2011-10-29 23:43 - 2009-04-30 04:14 - 0000000 ____D C:\Windows\RaidTool
2011-10-29 23:43 - 2009-04-29 17:44 - 0000000 ____D C:\Users\Jason\AppData\LocalLow
2011-10-29 23:43 - 2006-11-02 07:06 - 0000000 ____D C:\Windows\ShellNew
2011-10-29 23:43 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-10-29 23:43 - 2006-11-02 05:33 - 0000000 __RSD C:\Windows\Media
2011-10-29 23:43 - 2006-11-02 05:33 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-10-29 23:43 - 2006-11-02 05:33 - 0000000 ___RD C:\users\Public
2011-10-29 23:43 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-10-29 23:42 - 2011-10-09 10:12 - 0000000 ____D C:\Program Files (x86)\Norton Security Suite
2011-10-29 23:42 - 2011-09-06 04:19 - 0000000 ____D C:\Program Files (x86)\ChatVibes Toolbar
2011-10-29 23:42 - 2011-07-29 13:00 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-10-29 23:42 - 2011-07-29 10:34 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-10-29 23:42 - 2011-07-05 04:02 - 0000000 ____D C:\Program Files (x86)\CDL Pass
2011-10-29 23:42 - 2011-07-02 16:07 - 0000000 ____D C:\Program Files (x86)\Ultra Video Splitter
2011-10-29 23:42 - 2011-06-25 04:14 - 0000000 ____D C:\Program Files (x86)\QuestScan
2011-10-29 23:42 - 2011-06-25 04:14 - 0000000 ____D C:\Program Files (x86)\Mp3Tube Toolbar
2011-10-29 23:42 - 2011-05-29 17:09 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-29 23:42 - 2011-05-16 21:12 - 0000000 ____D C:\Program Files (x86)\Adobe Acrobat
2011-10-29 23:42 - 2011-02-23 21:25 - 0000000 ____D C:\Program Files (x86)\Search Toolbar
2011-10-29 23:42 - 2011-02-23 21:25 - 0000000 ____D C:\Program Files (x86)\AcidX Games
2011-10-29 23:42 - 2010-12-26 18:20 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-10-29 23:42 - 2010-12-26 17:48 - 0000000 ____D C:\Program Files (x86)\kikin
2011-10-29 23:42 - 2010-12-01 22:31 - 0000000 ____D C:\Program Files (x86)\FrostWire
2011-10-29 23:42 - 2010-11-07 08:56 - 0000000 ____D C:\Program Files (x86)\Ares
2011-10-29 23:42 - 2010-06-29 14:26 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2011-10-29 23:42 - 2010-06-24 16:31 - 0000000 ____D C:\Program Files (x86)\ABBYY PDF Transformer 2.0
2011-10-29 23:42 - 2010-05-23 14:53 - 0000000 ____D C:\Program Files (x86)\AIM
2011-10-29 23:42 - 2010-04-18 11:19 - 0000000 ____D C:\Program Files (x86)\GreedyTorrent
2011-10-29 23:42 - 2010-02-17 16:44 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2011-10-29 23:42 - 2009-10-08 11:11 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2011-10-29 23:42 - 2009-10-07 07:39 - 0000000 ____D C:\Program Files (x86)\AskBarDis
2011-10-29 23:42 - 2009-10-01 13:46 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2011-10-29 23:42 - 2009-07-06 17:35 - 0000000 ____D C:\Program Files (x86)\HP
2011-10-29 23:42 - 2009-07-01 17:48 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-10-29 23:42 - 2009-05-29 02:56 - 0000000 ____D C:\Program Files (x86)\OpenAL
2011-10-29 23:42 - 2009-05-24 10:58 - 0000000 ____D C:\Program Files (x86)\DVD Decrypter
2011-10-29 23:42 - 2009-05-13 23:08 - 0000000 ____D C:\Program Files (x86)\CCleaner
2011-10-29 23:42 - 2009-05-12 17:30 - 0000000 ____D C:\Program Files (x86)\PFConfig
2011-10-29 23:42 - 2009-05-06 19:38 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-10-29 23:42 - 2009-05-01 20:10 - 0000000 ____D C:\Program Files (x86)\Vuze
2011-10-29 23:42 - 2009-04-30 04:37 - 0000000 ____D C:\Program Files (x86)\Aspell
2011-10-29 23:42 - 2009-04-30 04:25 - 0000000 ____D C:\Program Files (x86)\Opera
2011-10-29 23:42 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files (x86)\MSBuild
2011-10-29 23:42 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\config\TxR
2011-10-29 23:30 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2011-10-29 23:30 - 2006-11-02 04:33 - 41156608 ____A C:\Windows\System32\config\system_previous
2011-10-29 23:28 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\SysWOW64\winrm
2011-10-29 23:28 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\SysWOW64\WCN
2011-10-29 23:28 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2011-10-29 23:28 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2011-10-29 23:28 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\winrm
2011-10-29 23:28 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\WCN
2011-10-29 23:28 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\slmgr
2011-10-29 23:28 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Windows\SysWOW64\XPSViewer
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Windows\DigitalLocker
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files\Windows Photo Gallery
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files\Windows Journal
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files\Windows Defender
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files\Windows Collaboration
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files\Windows Calendar
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files\Movie Maker
2011-10-29 23:28 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files\Microsoft Games
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\Web
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\Speech
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\networklist
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\MUI
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\licensing
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\IME
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\com
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\sysprep
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Speech
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\SMI
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\RemInst
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\oobe
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\MUI
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\migwiz
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\licensing
2011-10-29 23:28 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\IME
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\com
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Speech
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\servicing
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\schemas
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Resources
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Provisioning
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PLA
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\MSAgent64
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\MSAgent
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\IME
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Help
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Branding
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Windows NT
2011-10-29 23:28 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\System
2011-10-29 23:27 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2011-10-29 23:27 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-10-29 22:24 - 2006-11-02 07:06 - 0000000 ____D C:\Users\Public\Recorded TV
2011-10-29 22:23 - 2011-07-09 03:16 - 0000000 ____D C:\Users\Public\Downloads\Norton
2011-10-29 22:23 - 2010-06-21 02:20 - 0000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2011-10-29 22:22 - 2011-08-30 20:21 - 0000000 ____D C:\Users\Jason\Desktop\Tools
2011-10-29 22:22 - 2011-08-30 20:08 - 0000000 ____D C:\Users\Jason\Desktop\mkvtoolnix-4.9.1
2011-10-29 22:22 - 2011-06-22 16:31 - 0000000 ____D C:\Users\Jason\Documents\The Witcher 2
2011-10-29 22:22 - 2011-05-24 17:12 - 0000000 ____D C:\Users\Jason\Documents\Witcher 2
2011-10-29 22:22 - 2011-05-21 07:35 - 0000000 ____D C:\Users\Jason\Documents\Ableton
2011-10-29 22:22 - 2011-05-21 06:04 - 0000000 ____D C:\Users\Jason\Documents\VirtualDJ
2011-10-29 22:22 - 2011-02-08 16:49 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Real
2011-10-29 22:22 - 2010-12-26 17:48 - 0000000 ____D C:\Users\Jason\AppData\Roaming\OpenCandy
2011-10-29 22:22 - 2010-12-01 22:33 - 0000000 ____D C:\Users\Jason\Documents\FrostWire
2011-10-29 22:22 - 2010-12-01 22:33 - 0000000 ____D C:\Users\Jason\AppData\Roaming\FrostWire
2011-10-29 22:22 - 2009-12-13 15:08 - 0000000 ____D C:\Users\Jason\Documents\BioWare
2011-10-29 22:22 - 2009-09-10 17:16 - 0000000 ____D C:\Users\Jason\Documents\Eidos
2011-10-29 22:22 - 2009-08-31 15:58 - 0000000 ____D C:\Users\Jason\Documents\Raven Squad
2011-10-29 22:22 - 2009-06-24 15:31 - 0000000 ____D C:\Users\Jason\Documents\LimeWire
2011-10-29 22:22 - 2009-06-03 16:18 - 0000000 ____D C:\Users\Jason\Documents\Electronic Arts
2011-10-29 22:22 - 2009-05-31 08:33 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Red Alert 3
2011-10-29 22:22 - 2009-05-06 19:38 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Mozilla
2011-10-29 22:22 - 2009-05-01 06:36 - 0000000 ____D C:\Users\Jason\Documents\My Games
2011-10-29 22:22 - 2009-04-30 04:31 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Macromedia
2011-10-29 22:22 - 2009-04-30 04:25 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Opera
2011-10-29 22:22 - 2009-04-30 04:12 - 0000000 ____D C:\Users\Jason\AppData\Roaming\InstallShield
2011-10-29 22:21 - 2011-09-29 06:57 - 0000000 ____D C:\Users\Jason\.swt
2011-10-29 22:21 - 2011-08-06 14:57 - 0000000 ____D C:\Users\Jason\AppData\Local\Microsoft Games
2011-10-29 22:21 - 2011-07-31 11:36 - 0000000 ____D C:\Users\Jason\AppData\Local\Plex Media Server
2011-10-29 22:21 - 2011-05-21 07:35 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Ableton
2011-10-29 22:21 - 2011-05-02 19:45 - 0000000 ____D C:\Users\Jason\AppData\Local\Downloaded Installations
2011-10-29 22:21 - 2011-02-08 16:49 - 0000000 ____D C:\ProgramData\Real
2011-10-29 22:21 - 2010-10-26 05:48 - 0000000 ____D C:\Users\Jason\AppData\Local\Thunderbird
2011-10-29 22:21 - 2010-08-24 18:34 - 0000000 ____D C:\Users\Jason\AppData\Local\2K Games
2011-10-29 22:21 - 2010-07-28 17:05 - 0000000 ____D C:\Users\Jason\AppData\Roaming\AVG9
2011-10-29 22:21 - 2010-04-18 06:53 - 0000000 ____D C:\Users\Jason\AppData\Local\Yahoo
2011-10-29 22:21 - 2010-04-18 06:51 - 0000000 ____D C:\ProgramData\Yahoo!
2011-10-29 22:21 - 2010-04-05 15:32 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-29 22:21 - 2010-03-22 15:54 - 0000000 ____D C:\Users\Jason\AppData\Local\4A Games
2011-10-29 22:21 - 2010-03-18 08:33 - 0000000 ____D C:\Users\Jason\AppData\Local\Tific
2011-10-29 22:21 - 2010-03-17 18:46 - 0000000 ____D C:\ProgramData\Norton
2011-10-29 22:21 - 2009-10-07 07:41 - 0000000 ____D C:\Users\Jason\AppData\Local\Xobni
2011-10-29 22:21 - 2009-05-30 12:35 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2011-10-29 22:21 - 2009-05-28 14:46 - 0000000 ____D C:\Users\Jason\AppData\Local\Adobe
2011-10-29 22:21 - 2009-05-17 11:50 - 0000000 ____D C:\ProgramData\Nero
2011-10-29 22:21 - 2009-05-03 02:13 - 0000000 ____D C:\Users\Jason\AppData\Local\Activision
2011-10-29 22:21 - 2009-05-01 20:10 - 0000000 ____D C:\Users\Jason\AppData\Local\AOL
2011-10-29 22:21 - 2009-05-01 00:50 - 0000000 ____D C:\Users\Jason\AppData\Local\Google
2011-10-29 22:21 - 2009-04-30 04:31 - 0000000 ____D C:\Users\Jason\AppData\Roaming\Adobe
2011-10-29 22:21 - 2009-04-30 04:25 - 0000000 ____D C:\Users\Jason\AppData\Local\Opera
2011-10-29 22:21 - 2006-11-02 05:33 - 0000000 __RHD C:\users\Default
2011-10-29 22:20 - 2010-07-28 16:47 - 0000000 ____D C:\ProgramData\avg9
2011-10-29 22:20 - 2010-06-29 14:26 - 0000000 ____D C:\ProgramData\McAfee
2011-10-29 22:20 - 2010-06-22 11:54 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-10-29 22:20 - 2010-05-23 14:53 - 0000000 ____D C:\ProgramData\AOL Downloads
2011-10-29 22:20 - 2009-08-26 13:06 - 0000000 ____D C:\ProgramData\InstallShield
2011-10-29 22:20 - 2009-07-06 17:34 - 0000000 ____D C:\ProgramData\HP
2011-10-29 22:20 - 2009-07-01 17:48 - 0000000 ____D C:\ProgramData\Apple Computer
2011-10-29 22:20 - 2009-07-01 17:47 - 0000000 ____D C:\ProgramData\Apple
2011-10-29 22:20 - 2009-05-28 15:13 - 0000000 ____D C:\ProgramData\Adobe
2011-10-29 22:20 - 2009-05-28 05:30 - 0000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2011-10-29 22:20 - 2009-05-01 20:10 - 0000000 ____D C:\ProgramData\AOL OCP
2011-10-29 22:20 - 2009-05-01 20:10 - 0000000 ____D C:\ProgramData\acccore
2011-10-29 22:18 - 2010-04-18 06:50 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2011-10-29 22:17 - 2011-10-09 10:12 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2011-10-29 22:17 - 2011-09-20 03:50 - 0000000 ____D C:\Program Files (x86)\Virtools
2011-10-29 22:17 - 2011-07-31 11:34 - 0000000 ____D C:\Program Files (x86)\Plex
2011-10-29 22:17 - 2011-05-16 17:46 - 0000000 ____D C:\Program Files (x86)\Nsasoft
2011-10-29 22:17 - 2010-08-24 15:03 - 0000000 ____D C:\Program Files (x86)\Spirent Communications
2011-10-29 22:17 - 2010-04-23 22:23 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2011-10-29 22:17 - 2010-02-17 17:21 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2011-10-29 22:17 - 2009-05-14 11:13 - 0000000 ____D C:\Program Files (x86)\RealVNC
2011-10-29 22:17 - 2009-05-01 20:10 - 0000000 ____D C:\Program Files (x86)\Viewpoint
2011-10-29 22:17 - 2009-05-01 00:57 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2011-10-29 22:17 - 2009-04-30 04:10 - 0000000 ____D C:\Program Files (x86)\Realtek
2011-10-29 22:17 - 2006-11-02 07:06 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2011-10-29 22:17 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files (x86)\Windows NT
2011-10-29 22:16 - 2011-05-16 18:45 - 0000000 ____D C:\Program Files (x86)\Nitro PDF
2011-10-29 22:16 - 2009-05-17 11:51 - 0000000 ____D C:\Program Files (x86)\Nero
2011-10-29 22:15 - 2009-10-08 11:11 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2011-10-29 22:15 - 2009-10-08 11:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2011-10-29 22:15 - 2009-09-09 15:00 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-10-29 22:15 - 2009-06-23 18:48 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-10-29 22:15 - 2009-06-03 14:43 - 0000000 ____D C:\Program Files (x86)\Microsoft WSE
2011-10-29 22:14 - 2011-06-25 04:14 - 0000000 ____D C:\Program Files (x86)\FREEzeFrog
2011-10-29 22:14 - 2011-05-12 15:34 - 0000000 ____D C:\Program Files (x86)\Google
2011-10-29 22:14 - 2011-05-12 15:32 - 0000000 ____D C:\Program Files (x86)\LandAirSea Systems
2011-10-29 22:14 - 2010-08-24 15:02 - 0000000 ____D C:\Program Files (x86)\HTC
2011-10-29 22:14 - 2009-07-14 07:40 - 0000000 ____D C:\Program Files (x86)\Garmin
2011-10-29 22:14 - 2009-06-27 15:01 - 0000000 ____D C:\Program Files (x86)\Escort
2011-10-29 22:14 - 2009-06-24 15:30 - 0000000 ____D C:\Program Files (x86)\LimeWire
2011-10-29 22:14 - 2009-06-24 15:30 - 0000000 ____D C:\Program Files (x86)\Java
2011-10-29 22:14 - 2009-05-27 22:50 - 0000000 ____D C:\Program Files (x86)\JoWooD Productions Software AG
2011-10-29 22:14 - 2009-05-14 11:12 - 0000000 ____D C:\Program Files (x86)\Gooer
2011-10-29 22:14 - 2009-05-01 19:20 - 0000000 ____D C:\Program Files (x86)\Logitech
2011-10-29 22:14 - 2009-05-01 06:31 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2011-10-29 22:14 - 2009-04-30 04:10 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-10-29 22:13 - 2011-07-23 10:18 - 0000000 ____D C:\Program Files (x86)\Cisco
2011-10-29 22:12 - 2011-06-05 17:36 - 0000000 __SHD C:\$RECYCLE.BIN
2011-10-29 22:12 - 2011-05-21 07:31 - 0000000 ____D C:\Program Files (x86)\Ableton
2011-10-29 22:12 - 2009-05-28 15:12 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-10-29 22:06 - 2006-11-02 04:33 - 54001664 ____A C:\Windows\System32\config\components_previous
2011-10-29 22:06 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2011-10-29 21:27 - 2011-10-29 20:03 - 0000000 ____D C:\Windows.old
2011-10-29 20:59 - 2011-10-29 20:58 - 0000000 ____D C:\Users(2438)
2011-10-29 20:14 - 2009-04-29 13:57 - 0008192 __RAS C:\BOOTSECT.BAK
2011-10-29 20:09 - 2006-11-02 05:33 - 0000000 ____D C:\windows.vista
2011-10-29 19:45 - 2006-11-02 05:33 - 0000000 ___HD C:\ProgramData(2437)
2011-10-29 19:39 - 2006-11-02 05:33 - 0000000 ___RD C:\Program Files (x86)(582)
2011-10-29 19:36 - 2006-11-02 05:33 - 0000000 ___RD C:\User.Vista
2011-10-29 18:02 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2011-10-29 18:02 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\default_previous
2011-10-14 02:51 - 2009-05-14 00:39 - 2065260 ____A C:\Windows\PFRO.log
2011-10-13 17:11 - 2008-01-20 17:53 - 1603560 ____A C:\Windows\WindowsUpdate.log
2011-10-13 16:04 - 2006-11-02 07:21 - 0003840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-13 16:04 - 2006-11-02 07:21 - 0003840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-13 15:56 - 2011-05-12 15:35 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-10-13 15:04 - 2009-06-30 03:29 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-758639486-1732389173-132043500-1000UA.job
2011-10-13 12:56 - 2011-05-12 15:34 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-10-13 11:04 - 2009-06-30 03:29 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-758639486-1732389173-132043500-1000Core.job
2011-10-09 10:15 - 2011-10-09 10:12 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2011-10-09 10:15 - 2011-10-09 10:12 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2011-10-09 10:15 - 2011-10-09 10:12 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2011-10-09 10:15 - 2011-10-09 10:12 - 0000000 ____D C:\Program Files\Symantec
2011-10-09 10:14 - 2011-10-09 10:14 - 0000000 ____D C:\Windows\system64
2011-10-09 10:14 - 2011-10-09 10:12 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2011-10-09 10:14 - 2006-11-02 04:46 - 0725118 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-09 10:12 - 2011-10-09 10:12 - 0002296 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2011-10-09 10:12 - 2011-07-09 03:16 - 0000903 ____A C:\Users\Jason\Desktop\Norton Installation Files.lnk
2011-10-09 10:04 - 2006-11-02 07:40 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-09 10:03 - 2006-11-02 07:40 - 0032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-08 15:02 - 2011-10-08 15:02 - 0920384 ____A C:\Users\Jason\Downloads\Norton_Removal_Tool.exe
2011-10-08 14:48 - 2011-05-14 16:11 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-08 14:29 - 2011-10-08 14:28 - 126918424 ____A (Kaspersky Lab) C:\Users\Jason\Downloads\pure9.1.0.124-1862EN-INT.exe
2011-10-06 19:03 - 2009-05-01 00:54 - 0069120 ____A C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-05 06:04 - 2009-05-01 00:51 - 0002042 ____A C:\Users\Jason\Desktop\Google Chrome.lnk
2011-10-04 21:15 - 2011-10-04 21:15 - 0000495 ____A C:\Users\Public\Desktop\Rage.lnk
2011-10-03 11:02 - 2011-10-03 10:58 - 144591688 ____A (NVIDIA Corporation) C:\Users\Jason\Downloads\280.26-desktop-win7-winvista-64bit-english-whql.exe
2011-09-29 06:27 - 2009-05-01 20:11 - 0001647 ____A C:\Users\Public\Desktop\Vuze.lnk
2011-09-28 14:15 - 2009-05-14 00:40 - 0054296 ____A C:\Windows\setupact.log
2011-09-27 23:01 - 2006-11-02 04:35 - 49062856 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-09-23 10:53 - 2009-04-30 04:29 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-09-23 10:45 - 2011-09-23 10:44 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2011-09-20 03:49 - 2011-09-20 03:49 - 0377152 ____A (Dassault Systèmes) C:\Users\Jason\Downloads\3DVIA_player_installer.exe
2011-09-19 09:43 - 2011-09-19 09:43 - 0001654 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-09-19 09:43 - 2011-09-19 09:43 - 0000000 ____D C:\Program Files\iPod
2011-09-19 09:41 - 2011-09-19 09:41 - 0001716 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-09-06 04:18 - 2011-09-06 04:18 - 3720846 ____A C:\Users\Jason\Downloads\chatvibes104.exe
2011-08-31 16:51 - 2011-08-22 19:00 - 0000721 ____A C:\Users\Jason\.powerschool_gradebook.properties
2011-08-30 19:20 - 2011-08-30 19:20 - 0002560 ____A C:\Windows\_MSRSTRT.EXE
2011-08-30 19:03 - 2009-05-16 11:24 - 0591381 ____A C:\Windows\DirectX.log
2011-08-30 19:01 - 2011-08-30 18:55 - 0000000 ____D C:\BDS
2011-08-22 18:53 - 2011-08-22 18:53 - 0000012 ____A C:\Users\Jason\.gradebook_userdict.tlx
2011-08-22 17:36 - 2011-08-22 16:40 - 0001999 ____A C:\Windows\IE9_main.log
2011-08-20 17:44 - 2011-07-10 08:49 - 0000418 _RASH C:\ProgramData\ntuser.pol
2011-08-17 16:41 - 2011-08-17 16:41 - 3089056 ____A (Adobe Systems, Inc.) C:\Users\Jason\Downloads\install_flash_player.exe
2011-08-16 18:33 - 2011-08-16 18:32 - 0116866 ____A C:\Windows\hpqins00.dat
2011-08-16 18:31 - 2011-08-16 18:31 - 26521792 ____A C:\Users\Jason\Downloads\slp_dd_hathi_110_017.exe
2011-08-16 18:29 - 2011-08-16 18:29 - 1607208 ____A C:\Users\Jason\Downloads\ConvergedIO_HPCOM_V3.exe
2011-08-16 18:29 - 2011-08-16 18:29 - 0336680 ____A (Igor Pavlov) C:\Users\Jason\Downloads\scanjet_vista_tablet_patch.exe
2011-08-16 18:18 - 2011-08-16 18:18 - 29851432 ____A C:\Users\Jason\Downloads\CPE_SCAN_DESTINATION_UPDATE_hpcom_001_003.exe
2011-08-15 14:50 - 2011-08-15 14:50 - 0484360 ____A (Music Converter T) C:\Users\Jason\Downloads\MusicConverterSetup.exe
2011-08-03 03:50 - 2011-10-03 11:04 - 8355944 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 7254632 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 5404776 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 2532456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 24692840 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 2391656 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 22470248 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 2222184 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 2090088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 17193576 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 16595560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 1519720 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 1453160 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 12909672 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2011-08-03 03:50 - 2011-10-03 11:04 - 0067176 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2011-08-03 03:50 - 2011-10-03 11:04 - 0057960 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2011-08-03 03:50 - 2011-05-09 19:19 - 6613096 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2011-08-03 03:50 - 2011-05-09 19:19 - 12636776 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2011-08-03 03:50 - 2011-04-07 19:19 - 6136936 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2011-08-03 03:50 - 2011-04-07 19:19 - 3021416 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2011-08-03 03:50 - 2011-04-07 19:19 - 0980072 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2011-08-03 03:50 - 2011-04-07 19:19 - 0836200 ____A (NVIDIA Corporation) C:\Windows\System32\easyupdatusapiu64.dll
2011-08-03 03:50 - 2011-04-07 19:19 - 0117864 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2011-08-03 03:50 - 2010-02-17 17:19 - 2412136 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2011-08-03 03:50 - 2010-02-17 17:19 - 0007383 ____A C:\Windows\System32\nvinfo.pb
2011-08-03 03:50 - 2010-01-11 20:19 - 0061544 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2011-08-03 03:50 - 2009-03-27 09:03 - 2758760 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2011-08-03 03:50 - 2009-03-27 09:03 - 15064168 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2011-08-02 23:31 - 2011-08-02 23:31 - 0311912 ____A C:\Windows\SysWOW64\nvStreaming.exe
2011-08-02 04:50 - 2011-08-02 04:50 - 0000510 ____A C:\Windows\WORDPAD.INI

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2009-12-12 19:59] - [2009-04-10 21:11] - 0405504 ____A (Microsoft Corporation) 6D0773A3A65D28B663F334C90441D01A

C:\Windows\System32\wininit.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0123904 ____A (Microsoft Corporation) 117EA87DF785CA1B9D821F6F213DCE07

C:\Windows\explorer.exe
[2009-12-12 20:00] - [2009-04-10 21:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\System32\Drivers\volsnap.sys
[2009-12-12 19:59] - [2009-04-10 21:15] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D


========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6134.26 MB
Available physical RAM: 5350.66 MB
Total Pagefile: 5800.43 MB
Available Pagefile: 5313.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:285.76 GB) NTFS
2 Drive d: (Games) (Fixed) (Total:465.76 GB) (Free:229.72 GB) NTFS
3 Drive e: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-10-13 10:38

======================= End Of Log ==========================

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:51 AM

Posted 31 October 2011 - 06:44 AM

Hello wjason777,

Welcome to Bleeping computer.

If you were able to reboot uninstall Spybot S&D for now until we hare done. I remove the Teatimer startup and the Spybot service in order not to interfere with the fix.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Jason\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start
SubSystems: [Windows] ==> ZeroAccess
2 ASKService; C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [464264 2009-04-02] ()
2 ASKUpgrade; C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [234888 2009-04-02] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart normally and tell me how it went.

#6 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 31 October 2011 - 03:24 PM

I restarted and its working now. Now I have to figure out how to get this other copy of windows uninstalled.


Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.7)
Ran by SYSTEM at 2011-10-31 15:59:38 R:1
Running from F:\

==============================================

HKEY_USERS\Jason\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer Value deleted successfully.
HKLM-x32\\\.\.\.\\RunOnce\\AvgUninstallURL Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
ASKService service deleted successfully.
ASKUpgrade service deleted successfully.
SBSDWSCService service deleted successfully.

==== End of Fixlog ====

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:51 AM

Posted 31 October 2011 - 03:43 PM

Do you want me to look at the vulnerabilities?

#8 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 31 October 2011 - 04:54 PM

Yes , If that will help in any way .

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:51 AM

Posted 31 October 2011 - 04:56 PM

We are going to make sure the system is clean and take care of vulnerabilities.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#10 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 31 October 2011 - 07:22 PM

OTL logfile created on: 10/31/2011 8:17:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jason\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 61.92% Memory free
12.16 Gb Paging File | 9.88 Gb Available in Paging File | 81.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 280.91 Gb Free Space | 60.31% Space Free | Partition Type: NTFS
Drive D: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.76 Gb Total Space | 229.71 Gb Free Space | 49.32% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/31 20:16:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2011/10/31 16:07:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Jason\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/29 17:59:32 | 000,227,840 | ---- | M] (Mp3Tube) -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe
PRC - [2011/04/29 14:12:50 | 000,184,320 | ---- | M] (Mp3Tube) -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/02/11 11:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/12/06 12:24:32 | 000,954,880 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2009/10/15 13:54:42 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2009/05/01 09:45:45 | 000,066,872 | ---- | M] () -- C:\windows\SysWOW64\PnkBstrA.exe
PRC - [2009/04/23 09:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/29 08:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/09/29 21:03:06 | 000,675,840 | ---- | M] (Gooer) -- C:\Program Files (x86)\Gooer\Gooer Remote Desktop RDP Client\gooersvc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/12 18:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/08 18:48:34 | 008,522,400 | ---- | M] () -- C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/14 13:35:58 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2008/01/20 22:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/01 18:42:53 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/29 17:59:32 | 000,227,840 | ---- | M] (Mp3Tube) [Auto | Running] -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe -- (Mp3Tube Toolbar Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/02/11 11:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/15 13:54:42 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/05/01 09:45:45 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/29 08:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/20 22:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/09/29 21:03:06 | 000,675,840 | ---- | M] (Gooer) [Auto | Running] -- C:\Program Files (x86)\Gooer\Gooer Remote Desktop RDP Client\gooersvc.exe -- (gooersvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/12 18:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/31 16:41:42 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 20:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/02/11 11:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/08/21 00:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/25 16:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 13:40:58 | 000,388,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/10/02 10:14:31 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/10/02 10:14:31 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/06/10 16:46:04 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/05/07 17:59:27 | 000,118,400 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ezplay.sys -- (ezplay)
DRV:64bit: - [2009/05/07 17:58:32 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/05/01 06:56:45 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/04/10 23:43:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/10/01 02:32:22 | 000,095,584 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/09/11 08:51:00 | 000,095,232 | ---- | M] (u-blox AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ubloxusb.sys -- (ubloxusb)
DRV:64bit: - [2008/08/06 04:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/05/06 19:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 22:48:54 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:46:34 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2007/03/08 16:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2011/10/31 16:41:34 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111031.002\ex64.sys -- (NAVEX15)
DRV - [2011/10/31 16:41:33 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/10/31 16:41:33 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/31 16:41:33 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111031.002\eng64.sys -- (NAVENG)
DRV - [2011/10/28 15:28:46 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111028.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/10/14 23:13:30 | 001,155,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ie&clid=e96ee6c3960a4baeb6fd83f73738d716
IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 89 F8 C5 72 41 CA 01 [binary data]
IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-758639486-1732389173-132043500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=e96ee6c3960a4baeb6fd83f73738d716&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.defaultthis.engineName: "GameWrangler-2.0 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2930201&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=e96ee6c3960a4baeb6fd83f73738d716&subid=&Keywords={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.torrentleech.org/torrents/browse/index/query/miracle%20worker"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5491
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.19
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..extensions.enabledItems: {1b26960c-6aac-4856-ae2b-2570161d565e}:3.3.2.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {ebcfd043-312f-448d-96f4-25ba0f1ea646}:1.0.14
FF - prefs.js..keyword.URL: "http://search.ChatVibes.com/?q="
FF - prefs.js..network.proxy.type: 2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/31 20:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/10/31 16:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/31 17:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/30 03:42:45 | 000,000,000 | ---D | M]

[2011/10/31 17:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2011/10/31 17:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\rztjs3r4.default\extensions
[2011/10/31 17:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/30 03:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/10/30 03:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2011/10/30 03:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2011/10/30 03:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/31 20:06:18 | 000,001,211 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Mp3Tube.xml

O1 HOSTS File: ([2011/05/16 23:04:30 | 000,000,800 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Mp3Tube Toolbar) - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.dll (Mp3Tube Toolbar)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-758639486-1732389173-132043500-1000..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-758639486-1732389173-132043500-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-758639486-1732389173-132043500-1000..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-758639486-1732389173-132043500-1000..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKU\S-1-5-21-758639486-1732389173-132043500-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-758639486-1732389173-132043500-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-758639486-1732389173-132043500-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-758639486-1732389173-132043500-1001..\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4C8D4-3A7E-4D70-BD4B-10A37D2C2120}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F102D066-DD64-41D0-8E75-AE3189442E9C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Xobni\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/21 16:00:00 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\Shell\AutoRun\command - "" = E:\3wcxx91.cmd
O33 - MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\Shell\explore\Command - "" = E:\3wcxx91.cmd
O33 - MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\Shell\open\Command - "" = E:\3wcxx91.cmd
O33 - MountPoints2\{236922d2-4e8a-11e0-af0c-001fbc013f9f}\Shell - "" = AutoRun
O33 - MountPoints2\{236922d2-4e8a-11e0-af0c-001fbc013f9f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{2369234f-4e8a-11e0-af0c-001fbc013f9f}\Shell - "" = AutoRun
O33 - MountPoints2\{2369234f-4e8a-11e0-af0c-001fbc013f9f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{345b010f-924e-11de-a09d-001fbc013f9f}\Shell\AutoRun\command - "" = I:\slacker.synclauncher.exe
O33 - MountPoints2\{345b010f-924e-11de-a09d-001fbc013f9f}\Shell\slacker\command - "" = I:\slacker.synclauncher.exe
O33 - MountPoints2\{3485cdd4-40f6-11df-94f3-001fbc013f9f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\copy.exe
O33 - MountPoints2\{560a3cde-bbb6-11de-aff8-001fbc013f9f}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{5a612763-4a9b-11e0-bf7d-001fbc013f9f}\Shell\Auto\command - "" = E:\msnmsgr_plus.exe
O33 - MountPoints2\{5a612763-4a9b-11e0-bf7d-001fbc013f9f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\msnmsgr_plus.exe
O33 - MountPoints2\{61023a38-3b78-11de-a393-001fbc013f9f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\copy.exe
O33 - MountPoints2\{f6a7242e-9ecf-11df-827a-001fbc013f9f}\Shell - "" = AutoRun
O33 - MountPoints2\{f6a7242e-9ecf-11df-827a-001fbc013f9f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\Shell\AutoRun\command - "" = I:\3wcxx91.cmd
O33 - MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\Shell\explore\Command - "" = I:\3wcxx91.cmd
O33 - MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\Shell\open\Command - "" = I:\3wcxx91.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 20:16:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/10/31 20:16:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple
[2011/10/31 20:08:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/31 16:43:42 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2011/10/31 16:41:41 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/10/31 16:41:41 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/10/31 16:41:41 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/10/31 16:41:41 | 000,432,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symtdiv.sys
[2011/10/31 16:41:41 | 000,382,584 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/10/31 16:41:41 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/10/31 16:41:41 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/10/31 16:41:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/10/31 16:37:58 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/31 16:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/31 16:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/31 16:37:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/10/31 16:37:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2011/10/31 16:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2011/10/31 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Symantec
[2011/10/31 16:08:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Mozilla
[2011/10/31 16:06:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\DAEMON Tools Lite
[2011/10/31 16:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/10/31 16:06:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Ares
[2011/10/31 16:05:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\VirtualStore
[2011/10/31 16:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/10/30 22:20:14 | 000,000,000 | ---D | C] -- C:\FRST
[2011/10/30 00:58:43 | 000,000,000 | ---D | C] -- C:\Users(2438)
[2011/10/30 00:03:39 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/10/09 14:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/10/09 14:14:58 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/09 14:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/10/09 14:10:20 | 000,000,000 | --SD | C] -- C:\Users\Jason\Documents\Passwords Database
[2011/10/08 19:12:54 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2011/10/08 19:12:54 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2011/10/08 18:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2011/10/05 01:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/10/03 15:04:16 | 008,355,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/10/03 15:04:16 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/03 15:04:16 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/03 15:04:15 | 022,470,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/10/03 15:04:15 | 016,595,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/10/03 15:04:15 | 001,519,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/10/03 15:04:15 | 001,453,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/10/03 15:04:14 | 024,692,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/10/03 15:04:14 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/10/03 15:04:14 | 007,254,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/10/03 15:04:14 | 005,404,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/10/03 15:04:14 | 002,532,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/10/03 15:04:14 | 002,391,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/10/03 15:04:14 | 002,222,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/10/03 15:04:14 | 002,090,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2009/05/07 17:59:27 | 000,118,400 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\ezplay.sys
[2009/05/07 17:58:32 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/31 20:16:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/10/31 20:12:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758639486-1732389173-132043500-1000UA.job
[2011/10/31 20:12:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/31 20:06:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 20:06:26 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/10/31 20:06:09 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 20:06:09 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 20:05:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/31 20:05:36 | 002,896,772 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/10/31 17:25:48 | 000,000,872 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 17:25:48 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 16:41:42 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/31 16:41:42 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/31 16:41:42 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/31 16:27:09 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758639486-1732389173-132043500-1000Core.job
[2011/10/31 16:15:45 | 000,000,903 | ---- | M] () -- C:\Users\Jason\Desktop\Norton Installation Files.lnk
[2011/10/30 00:14:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/10/09 14:14:00 | 000,725,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/09 14:14:00 | 000,620,130 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/09 14:14:00 | 000,109,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/08 18:48:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/06 23:03:12 | 000,069,120 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/05 10:04:40 | 000,002,042 | ---- | M] () -- C:\Users\Jason\Desktop\Google Chrome.lnk
[2011/10/05 10:04:40 | 000,002,004 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 01:15:12 | 000,000,495 | ---- | M] () -- C:\Users\Public\Desktop\Rage.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/31 20:05:21 | 002,896,772 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/10/31 16:41:41 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv64.cat
[2011/10/31 16:41:41 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/10/31 16:41:41 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/10/31 16:41:41 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/10/31 16:41:41 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/10/31 16:41:41 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/10/31 16:41:41 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/10/31 16:41:41 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/10/31 16:41:41 | 000,001,474 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv.inf
[2011/10/31 16:41:41 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/10/31 16:41:41 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/10/31 16:41:41 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/10/31 16:41:41 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/10/31 16:41:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/10/31 16:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/10/31 16:37:58 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/31 16:37:58 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/31 16:37:45 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/10/05 01:15:11 | 000,000,495 | ---- | C] () -- C:\Users\Public\Desktop\Rage.lnk
[2011/08/30 23:20:15 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/08/16 22:32:07 | 000,116,866 | ---- | C] () -- C:\Windows\hpqins00.dat
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/02 08:50:05 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/07/10 12:49:03 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/02 20:07:09 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/07/02 20:07:08 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/05/12 19:36:42 | 000,000,092 | ---- | C] () -- C:\Windows\SysWow64\FTDIUN2K.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/10 00:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/10/26 09:48:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/17 17:26:12 | 000,169,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/12/13 00:00:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/12 23:59:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/12 23:59:11 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/26 17:09:45 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/07/06 21:34:27 | 000,148,947 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/07/06 21:34:18 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/06/24 06:23:44 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/24 15:33:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/05/08 19:25:09 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/05/07 17:59:27 | 000,007,833 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.cat
[2009/05/07 17:59:27 | 000,001,127 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.inf
[2009/05/07 17:59:27 | 000,000,125 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.ini
[2009/05/07 17:58:32 | 000,099,384 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\inst.exe
[2009/05/07 17:58:32 | 000,007,859 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
[2009/05/07 17:58:32 | 000,001,167 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
[2009/05/01 09:46:01 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/05/01 09:45:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/05/01 09:45:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/05/01 06:09:43 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/01 04:54:58 | 000,069,120 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 22:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Files - Unicode (All) ==========
[2011/07/02 13:45:16 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩睅
[2011/07/02 13:45:16 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩睅
[2011/06/30 03:25:00 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩矡
[2011/06/30 03:25:00 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩矡
[2011/06/29 16:39:53 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩睚
[2011/06/29 16:39:53 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩睚
[2011/06/29 07:43:04 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩睡
[2011/06/29 07:43:04 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩睡
[2011/06/19 02:10:30 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩瞭
[2011/06/19 02:10:30 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩瞭
[2011/06/16 03:25:39 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩睇
[2011/06/16 03:25:39 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\㉩睇

< End of report >

Attached Files


Edited by wjason777, 31 October 2011 - 07:24 PM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:51 AM

Posted 01 November 2011 - 02:07 AM

You have a flash drive infection.

Your computer is infected with a flash drive infection. This type of infection gets usually carried over through removable storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) and networks. Please make sure you have your removable devices are not used on other systems.

  • Please read this carefully: http://www.zyxware.com/articles/2007/08/14/system-administration/prevent-virus-infection

    Note: It is important to have autoplay feature turned off and not to open the thump drives by double clicking. Instead rightclick the drive and select Explore


    • To turn off AutoPlay function: Click Start > Control Panel > Double-click AutoPlay. Uncheck "Use AutoPlay for all media and devices". Click Save.
    • Instead of double clicking to open a flash drive right-click it and select Explore.
    • When you use a flash drive with possible infection let it scanned by Antivirus by right clicking the drive and selecting scan.
  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      O3 - HKU\S-1-5-21-758639486-1732389173-132043500-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      O32 - AutoRun File - [2008/01/21 16:00:00 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
      O33 - MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\Shell\AutoRun\command - "" = E:\3wcxx91.cmd
      O33 - MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\Shell\explore\Command - "" = E:\3wcxx91.cmd
      O33 - MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\Shell\open\Command - "" = E:\3wcxx91.cmd
      O33 - MountPoints2\{5a612763-4a9b-11e0-bf7d-001fbc013f9f}\Shell\Auto\command - "" = E:\msnmsgr_plus.exe
      O33 - MountPoints2\{5a612763-4a9b-11e0-bf7d-001fbc013f9f}\Shell\AutoRun\command - "" = E:\msnmsgr_plus.exe
      O33 - MountPoints2\{61023a38-3b78-11de-a393-001fbc013f9f}\Shell\AutoRun\command - "" = H:\copy.exe
      O33 - MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\Shell\AutoRun\command - "" = I:\3wcxx91.cmd
      O33 - MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\Shell\explore\Command - "" = I:\3wcxx91.cmd
      O33 - MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\Shell\open\Command - "" = I:\3wcxx91.cmd
      :commands
      [emptytemp]
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.


#12 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 01 November 2011 - 06:00 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-758639486-1732389173-132043500-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171be016-8584-11de-8ae3-001fbc013f9f}\ not found.
File move failed. E:\3wcxx91.cmd scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171be016-8584-11de-8ae3-001fbc013f9f}\ not found.
File E:\3wcxx91.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{171be016-8584-11de-8ae3-001fbc013f9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171be016-8584-11de-8ae3-001fbc013f9f}\ not found.
File E:\3wcxx91.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a612763-4a9b-11e0-bf7d-001fbc013f9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a612763-4a9b-11e0-bf7d-001fbc013f9f}\ not found.
File E:\msnmsgr_plus.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a612763-4a9b-11e0-bf7d-001fbc013f9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a612763-4a9b-11e0-bf7d-001fbc013f9f}\ not found.
File E:\msnmsgr_plus.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61023a38-3b78-11de-a393-001fbc013f9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61023a38-3b78-11de-a393-001fbc013f9f}\ not found.
File H:\copy.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8901bf0-80b5-11df-b615-001fbc013f9f}\ not found.
File I:\3wcxx91.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8901bf0-80b5-11df-b615-001fbc013f9f}\ not found.
File I:\3wcxx91.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8901bf0-80b5-11df-b615-001fbc013f9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8901bf0-80b5-11df-b615-001fbc013f9f}\ not found.
File I:\3wcxx91.cmd not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 402 bytes

User: Default
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Jason
->Temp folder emptied: 3935880 bytes
->Temporary Internet Files folder emptied: 1674950 bytes
->Java cache emptied: 3262 bytes
->FireFox cache emptied: 37007366 bytes
->Opera cache emptied: 4170515 bytes
->Flash cache emptied: 921 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 557056 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2597484 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 49006443142 bytes

Total Files Cleaned = 46,784.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11012011_185300

Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File\Folder E:\3wcxx91.cmd not found!
C:\Users\Jason\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jason\AppData\Local\Mozilla\Firefox\Profiles\rztjs3r4.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jason\AppData\Local\Mozilla\Firefox\Profiles\rztjs3r4.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jason\AppData\Local\Mozilla\Firefox\Profiles\rztjs3r4.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jason\AppData\Local\Mozilla\Firefox\Profiles\rztjs3r4.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jason\AppData\Local\Mozilla\Firefox\Profiles\rztjs3r4.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

#13 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 01 November 2011 - 07:17 PM

Im having some serious lagging going on, what can I do about that?

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:51 AM

Posted 01 November 2011 - 09:01 PM

What do you mean by serious lagging?

Also please give me feedback about step 1. Did you do that? Do you prefer to have one step at a time instead of two or several steps?

Do you have flash drives?

  • Run command Prompt as Administrator. To do that:
    Go to Start and type cmd.exe in the Search box.
    It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
    Copy the following command, right-click in the open Command prompt window and select Paste the press Enter:

    netsh winsock reset
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#15 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 02 November 2011 - 07:31 PM

Yes I can handle several steps at a time. I have 1 flash drive and I only use it when needed. Step 1 worked it killed the flash drive infection.





Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8073

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11/2/2011 8:30:31 PM
mbam-log-2011-11-02 (20-30-31).txt

Scan type: Quick scan
Objects scanned: 200981
Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 24

Memory Processes Infected:
c:\program files (x86)\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> 1732 -> Unloaded process successfully.
c:\program files (x86)\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> 4664 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mp3Tube Toolbar Service (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FREEzeFrogAx.Info (Adware.FreezeFrog) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FREEzeFrogAx.Info.1 (Adware.FreezeFrog) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FREEZEFROGSA (Adware.FreezeFrog) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FREEzeFrogSA (Adware.FreezeFrog) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mp3Tube Toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IspAssistant-Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\freezefrogsa\actionurl_current_version (Adware.FreezeFrog) -> Value: actionurl_current_version -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files (x86)\freezefrog\bin\1.0.663.0 (Adware.FreezeFrog) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mp3tube toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\Users\Jason\downloads\musicconvertersetup.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
c:\program files (x86)\questscan\questscan.dll (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\windows\System32\svchost.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\windows\SysWOW64\svchost.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\mp3tube toolbar\ffmpeg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mp3tube toolbar\ShowMsg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mp3tube toolbar\uninstall.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome.manifest (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\constants.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideo.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\events.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\tbcore.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weather.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherloc.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files (x86)\freezefrog\bin\1.0.663.0\freezefrogsahook.dll (Adware.FreezeFrog) -> Quarantined and deleted successfully.
c:\program files (x86)\freezefrog\bin\1.0.663.0\launchhelp.dll (Adware.FreezeFrog) -> Quarantined and deleted successfully.

Edited by wjason777, 02 November 2011 - 07:34 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users