:OTL
IE - HKU\S-1-5-21-576446203-298918227-3273684551-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=ae43531500000000000074de2bd7e432
IE - HKU\S-1-5-21-576446203-298918227-3273684551-1000\..\SearchScopes\{3A6A0F4E-F584-4A87-B0BE-3A7E3C82A20A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PGL&o=102946&src=kw&q={searchTerms}&locale=&apn_ptnrs=6J&apn_dtid=YYYYYYYYUS&apn_uid=fe5c1eb7-3ddb-4a9a-8fde-da741c34df8d&apn_sauid=143F27EE-9C0C-43D9-B5A3-CE25E210C366
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/05/02 21:49:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_1 [2012/05/02 21:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 17:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 22:55:39 | 000,000,000 | ---D | M]
2012/03/19 21:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\Mozilla\Extensions
[2012/05/01 18:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ylehu5nh.default\extensions
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ylehu5nh.default\searchplugins\askcom.xml
[2012/04/14 19:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/02 21:49:29 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/18 18:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2012/04/15 14:27:11 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=ae43531500000000000074de2bd7e433
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Roman\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Roman\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Roman\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Roman\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:[b]64bit:[/b] - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
[2012/05/02 21:36:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/02 21:36:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/02 21:36:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/02 21:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/02 21:28:18 | 004,482,678 | R--- | C] (Swearware) -- C:\Users\Roman\Desktop\ComboFix.exe
[2012/05/02 01:51:34 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/02 01:24:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/02 00:02:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Roman\Desktop\aswMBR.exe
[2012/05/01 20:45:41 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Roman\Desktop\tdsskiller.exe
[2012/04/25 14:10:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/19 22:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/03/19 21:48:17 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\2007-07-26.Sibelius.v5.0.incl.KeyGen.READ.NFO-BEAT
[2012/03/19 21:03:35 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\Download
[2012/03/19 21:03:29 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Media Finder
[2012/03/19 21:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012/03/19 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Babylon
[2012/03/19 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\Babylon
[2012/03/19 21:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/19 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\DOWNLOADS
[2012/03/19 15:43:21 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\HP
[2012/05/02 21:47:19 | 000,000,433 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/05/02 21:28:18 | 004,482,678 | R--- | M] (Swearware) -- C:\Users\Roman\Desktop\ComboFix.exe
[2012/05/02 01:22:01 | 000,000,512 | ---- | M] () -- C:\Users\Roman\Desktop\MBR.dat
[2012/05/02 00:02:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Roman\Desktop\aswMBR.exe
[2012/05/01 21:40:26 | 001,392,575 | ---- | M] () -- C:\Users\Roman\Desktop\FRST64.exe
[2012/05/01 20:45:42 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Roman\Desktop\tdsskiller.exe
[2012/05/02 21:36:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/02 21:36:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/02 21:36:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/02 21:36:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/02 21:36:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/28 23:13:21 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\{5255571C-A0D7-416C-A29C-25A9109667CD}
[2012/03/28 23:13:21 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\{4238C44D-6126-4E7C-974D-FDF7F97196EE}
[2012/04/18 00:10:52 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\{F0587535-E43F-4517-80F8-BC7B014BDCEA}
[2012/04/18 00:10:38 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\{B95283F0-6790-4584-8441-5AA0F5350670}
[2012/04/22 21:24:36 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\{D6AA78DC-B233-4BE7-8295-2E3F481903EE}
[2012/04/22 21:21:44 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\{89082F97-B7AF-461B-A588-268ACD64C093}
[2012/04/22 21:20:01 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\{A196C632-6D4A-4318-86C1-AAB2BA0866B4}
[2012/04/22 21:11:39 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\{2991E127-66CD-46C1-806E-0ADD3AD5FA0E}
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

:Services

:Files

:Reg

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[RESETHOSTS]
[Reboot]