Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need help checking for viruses


  • Please log in to reply

#1
saraveza408

saraveza408

    Member

  • Member
  • PipPipPip
  • 374 posts

....I would now like for you to start a new thread in the virus removal forum because this machine came from someone else who knows what may be lurking on that machine....

Rockmilk sent me over here to get help checking out this used computer I just got from a friend. Heres the url to the topic he was just helping me on (you will also find all the scan reports he had me post there too)...
http://www.geekstogo..._1#entry2162109

Can I get some help making sure this old HP Compaq DC5750 is not infected?
Im using XP Pro SP3 in case you need to know that as well
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
saraveza408

saraveza408

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 374 posts
Here you go:
OTL logfile created on: 6/5/2012 2:09:29 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 71.43% Memory free
3.23 Gb Paging File | 3.00 Gb Available in Paging File | 92.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.68 Gb Total Space | 28.32 Gb Free Space | 49.09% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.23% Space Free | Partition Type: NTFS
Drive L: | 14.64 Gb Total Space | 14.64 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 20:45:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/04/20 11:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/05 09:11:51 | 001,766,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12060501\algo.dll
MOD - [2010/06/03 22:27:26 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/25 11:04:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/07/29 16:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/14 05:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 05:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 05:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 05:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 05:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 05:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6FB404D-7F0C-4F15-B103-27C494A691AC}\MpKsl8fdfa4bd.sys -- (MpKsl8fdfa4bd)
DRV - [2012/03/26 14:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 16:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 16:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 15:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/16 14:52:06 | 000,013,184 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/03/02 12:59:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 04:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/21 21:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/21 21:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/08/14 06:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 06:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/21 09:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/07/20 19:08:26 | 005,795,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/04/20 11:31:58 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\amdide1.sys -- (amdide1)
DRV - [2009/04/20 11:21:16 | 000,133,632 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\exfat.sys -- (exFat)
DRV - [2008/12/18 23:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/12/10 11:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/04/14 05:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 05:00:00 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 05:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2008/04/14 05:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2008/03/14 04:55:14 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cm_net.sys -- (cm_net)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/11/24 14:36:18 | 000,010,368 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CoachAud.sys -- (CoachAud)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000015cd131423
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 C6 1D 4E 76 11 CA 01 [binary data]
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\SearchScopes\{08695E7C-3FF8-408F-89E5-CDCE161D6692}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000015cd131423
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {43696154-B337-468E-8F6E-13DAAD92DA88}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426
FF - prefs.js..keyword.URL: "http://search.babylo...015cd131423&q="
FF - prefs.js..network.proxy.type: 1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{43696154-B337-468E-8F6E-13DAAD92DA88}: C:\Documents and Settings\Owner\Local Settings\Application Data\{43696154-B337-468E-8F6E-13DAAD92DA88} [2011/04/08 10:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/27 10:44:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/27 10:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/01 10:37:24 | 000,000,000 | ---D | M]

[2009/07/30 17:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/06/05 12:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4ziu5nrv.default\extensions
[2010/04/27 17:37:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4ziu5nrv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/30 10:11:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4ziu5nrv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/18 18:01:58 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4ziu5nrv.default\searchplugins\conduit.xml
[2012/06/05 12:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/30 16:30:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/08 10:49:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{43696154-B337-468E-8F6E-13DAAD92DA88}
[2012/05/27 10:44:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/05 08:25:27 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Vuze Remote = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.10.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/31 19:16:36 | 000,001,918 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-507921405-1644491937-1417001333-1003..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D970267C-A464-4EEB-B62C-B6EE9E86B8E7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D970267C-A464-4EEB-B62C-B6EE9E86B8E7}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 15:08:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{50e1c507-e096-11df-9084-0015cd131423}\Shell - "" = AutoRun
O33 - MountPoints2\{50e1c507-e096-11df-9084-0015cd131423}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{50e1c507-e096-11df-9084-0015cd131423}\Shell\AutoRun\command - "" = G:\setup.exe NQ
O33 - MountPoints2\{81ab7a36-b30a-11df-9071-0015cd131423}\Shell\AutoRun\command - "" = restore\restorestarter.exe
O33 - MountPoints2\{f88207a8-2d0b-11e0-9094-0015cd131423}\Shell - "" = AutoRun
O33 - MountPoints2\{f88207a8-2d0b-11e0-9094-0015cd131423}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f88207a8-2d0b-11e0-9094-0015cd131423}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\H\Shell\AutoRun\command - "" = restore\restorestarter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 12:18:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/06/05 08:51:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/05 08:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/06/05 08:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2012/06/05 08:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\YourFileDownloader
[2012/06/04 21:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/06/04 20:45:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/04 20:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.thumbnails
[2012/06/04 12:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fontconfig
[2012/06/04 12:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gimp-2.8
[2012/06/04 12:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\gegl-0.2
[2012/06/04 11:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/06/01 20:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DivX
[2012/06/01 20:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2012/06/01 20:22:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2012/06/01 20:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/06/01 20:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/06/01 20:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2012/06/01 19:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\True Romance
[2012/05/31 22:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\pics
[2012/05/31 20:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\WinRAR
[2012/05/31 20:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2012/05/31 20:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/05/31 20:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/05/31 19:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Vuze Downloads
[2012/05/31 19:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.swt
[2012/05/31 19:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2012/05/31 19:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CRE
[2012/05/31 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/05/31 19:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2012/05/31 19:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/05/31 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2012/05/31 18:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/05/31 18:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/05/27 14:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2012/05/27 11:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/27 11:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/27 11:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/05/27 11:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/05/27 11:00:36 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Owner\My Documents\JavaRa.exe
[2012/05/27 10:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/27 10:44:38 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/27 10:44:38 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/27 10:44:37 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/27 10:44:36 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/27 10:44:36 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/27 10:44:35 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/27 10:44:35 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/27 10:44:34 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/27 10:43:20 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/05/27 10:43:18 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/27 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/27 10:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/27 10:20:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012/05/26 08:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/25 22:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/05/25 22:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/25 16:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/05/25 16:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 16:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/25 16:06:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/25 16:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/25 14:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2012/05/25 12:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2012/05/25 12:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2012/05/25 12:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2012/05/25 12:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/05 13:57:51 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/05 13:57:51 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/05 13:53:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/05 13:53:09 | 1474,641,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/05 08:25:41 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/06/04 20:45:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/04 20:41:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/04 20:35:40 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/06/04 11:54:51 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GIMP 2.lnk
[2012/06/01 19:47:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 22:22:00 | 000,042,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kindacool.jpg
[2012/05/31 22:04:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ANONYMOUS-Owner.job
[2012/05/31 20:10:56 | 001,519,100 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wrar42b3.exe
[2012/05/31 20:02:30 | 031,016,848 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\winzip16-32.exe
[2012/05/31 19:35:58 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\etc.lnk
[2012/05/31 19:16:36 | 000,001,918 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/31 18:47:07 | 003,756,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/29 15:49:58 | 000,014,076 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/05/27 15:57:15 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/27 10:57:56 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1644491937-1417001333-1003Core.job
[2012/05/27 10:57:55 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1644491937-1417001333-1003UA.job
[2012/05/27 10:57:54 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Install.job
[2012/05/27 10:57:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/05/27 10:44:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/27 10:44:35 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/26 17:35:07 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012/05/25 22:54:24 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/25 22:53:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/05/25 16:06:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/25 12:31:34 | 000,002,296 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/05 08:25:40 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/06/04 20:35:40 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/06/04 11:54:51 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GIMP 2.lnk
[2012/06/01 10:37:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/31 22:21:51 | 000,042,469 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kindacool.jpg
[2012/05/31 20:10:54 | 001,519,100 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wrar42b3.exe
[2012/05/31 20:02:00 | 031,016,848 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\winzip16-32.exe
[2012/05/31 19:45:59 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Media Encoder CS5.lnk
[2012/05/31 19:35:58 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\etc.lnk
[2012/05/31 19:33:02 | 000,001,231 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS5.lnk
[2012/05/31 19:20:06 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ANONYMOUS-Owner.job
[2012/05/31 19:17:24 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012/05/31 19:16:10 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/05/31 19:15:03 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/05/31 19:12:46 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/05/31 19:12:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/05/27 11:03:19 | 000,309,308 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\JavaRa.def
[2012/05/27 10:44:39 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/27 10:28:34 | 000,014,076 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/05/26 17:35:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012/05/26 09:18:50 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2012/05/26 09:18:41 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2012/05/26 09:17:53 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2012/05/26 08:59:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/26 08:59:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/05/26 08:55:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/05/25 22:53:25 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/05/25 16:06:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/25 12:31:34 | 000,002,296 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/05/25 12:30:58 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1644491937-1417001333-1003UA.job
[2012/05/25 12:30:58 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1644491937-1417001333-1003Core.job
[2012/05/25 10:19:52 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2011/04/08 10:49:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dbamihegozavoh.bin
[2011/04/08 10:49:10 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kfayas.dat
[2010/10/29 20:42:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== LOP Check ==========

[2012/05/27 10:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/05 08:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/03/02 12:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/21 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jK06509HbJjJ06509
[2011/05/03 18:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2012/05/31 20:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/12/11 04:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit
[2012/06/04 22:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/07/14 20:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/11 04:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/02/23 16:28:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/06/05 08:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2012/06/05 08:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2011/05/20 21:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2012/05/26 00:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2012/06/01 20:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2010/03/30 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/04/12 19:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2009/07/30 17:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2011/07/22 11:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2010/06/02 21:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2011/05/03 18:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2010/05/11 13:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LolClient
[2009/12/15 15:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011/12/11 04:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MAXON
[2011/05/03 18:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moyea
[2010/01/09 00:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mumble
[2011/05/29 21:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2012/05/27 11:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2010/07/14 19:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2011/04/15 10:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Screaming Bee
[2010/03/29 13:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2010/02/23 16:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2010/06/27 11:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
[2012/06/05 08:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YourFileDownloader
[2012/05/27 10:57:54 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job
[2012/05/27 10:57:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38E2864F

< End of report >

OTL Extras logfile created on: 6/5/2012 2:09:29 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 71.43% Memory free
3.23 Gb Paging File | 3.00 Gb Available in Paging File | 92.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.68 Gb Total Space | 28.32 Gb Free Space | 49.09% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.23% Space Free | Partition Type: NTFS
Drive L: | 14.64 Gb Total Space | 14.64 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-507921405-1644491937-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"8372:TCP" = 8372:TCP:*:Enabled:League of Legends Launcher
"8372:UDP" = 8372:UDP:*:Enabled:League of Legends Launcher
"8373:TCP" = 8373:TCP:*:Enabled:League of Legends Launcher
"8373:UDP" = 8373:UDP:*:Enabled:League of Legends Launcher
"8374:TCP" = 8374:TCP:*:Enabled:League of Legends Launcher
"8374:UDP" = 8374:UDP:*:Enabled:League of Legends Launcher
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"6112:TCP" = 6112:TCP:*:Enabled:lolwar3
"6112:UDP" = 6112:UDP:*:Enabled:lolwaar3
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"6936:TCP" = 6936:TCP:*:Enabled:League of Legends Launcher
"6936:UDP" = 6936:UDP:*:Enabled:League of Legends Launcher
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"8382:TCP" = 8382:TCP:*:Enabled:League of Legends Launcher
"8382:UDP" = 8382:UDP:*:Enabled:League of Legends Launcher
"6909:TCP" = 6909:TCP:*:Enabled:League of Legends Launcher
"6909:UDP" = 6909:UDP:*:Enabled:League of Legends Launcher
"8383:TCP" = 8383:TCP:*:Enabled:League of Legends Launcher
"8383:UDP" = 8383:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6945:TCP" = 6945:TCP:*:Enabled:League of Legends Launcher
"6945:UDP" = 6945:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"C:\Sierra\Half-Life\hl.exe" = C:\Sierra\Half-Life\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files\YourFileDownloader\YourFile.exe" = C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96C39A4E-8636-439B-B439-02E908C05A2A}" = League of Legends
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ATT-HSI" = ATT-HSI
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"GIMP-2_is1" = GIMP 2.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR 4.20 beta 3 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"winusb0200" = Microsoft WinUsb 2.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1644491937-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2012 12:25:26 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 12.0.0.0, faulting module
msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.

Error - 6/4/2012 12:26:17 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 15.0.0.399, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 6/4/2012 12:40:46 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 12.0.0.0, faulting module
msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.

Error - 6/5/2012 1:46:52 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 15.0.0.399, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 6/5/2012 10:39:59 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 15.0.0.399, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

[ System Events ]
Error - 6/5/2012 12:06:05 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%2147942402

Error - 6/5/2012 12:06:05 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 6/5/2012 2:40:49 PM | Computer Name = ANONYMOUS | Source = ati2mtag | ID = 43037
Description = EDID contain an error in the descriptor field

Error - 6/5/2012 2:40:49 PM | Computer Name = ANONYMOUS | Source = ati2mtag | ID = 43037
Description = EDID contain an error in the descriptor field

Error - 6/5/2012 2:42:15 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%2147942402

Error - 6/5/2012 2:42:15 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 6/5/2012 4:53:48 PM | Computer Name = ANONYMOUS | Source = ati2mtag | ID = 43037
Description = EDID contain an error in the descriptor field

Error - 6/5/2012 4:53:48 PM | Computer Name = ANONYMOUS | Source = ati2mtag | ID = 43037
Description = EDID contain an error in the descriptor field

Error - 6/5/2012 4:54:43 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%2147942402

Error - 6/5/2012 4:54:43 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000015cd131423
    IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found'
    IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000015cd131423
    IE - HKU\S-1-5-21-507921405-1644491937-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..extensions.enabledItems: {43696154-B337-468E-8F6E-13DAAD92DA88}:1.9.1
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112555&babsrc=KW_ss&mntrId=24ad79200000000000000015cd131423&q="
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{43696154-B337-468E-8F6E-13DAAD92DA88}: C:\Documents and Settings\Owner\Local Settings\Application Data\{43696154-B337-468E-8F6E-13DAAD92DA88} [2011/04/08 10:49:05 | 000,000,000 | ---D | M]
    [2011/05/18 18:01:58 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4ziu5nrv.default\searchplugins\conduit.xml
    [2011/04/08 10:49:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{43696154-B337-468E-8F6E-13DAAD92DA88}
    [2012/06/05 08:25:27 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found
    O33 - MountPoints2\{50e1c507-e096-11df-9084-0015cd131423}\Shell - "" = AutoRun
    O33 - MountPoints2\{50e1c507-e096-11df-9084-0015cd131423}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{50e1c507-e096-11df-9084-0015cd131423}\Shell\AutoRun\command - "" = G:\setup.exe NQ
    O33 - MountPoints2\{81ab7a36-b30a-11df-9071-0015cd131423}\Shell\AutoRun\command - "" = restore\restorestarter.exe
    O33 - MountPoints2\{f88207a8-2d0b-11e0-9094-0015cd131423}\Shell - "" = AutoRun
    O33 - MountPoints2\{f88207a8-2d0b-11e0-9094-0015cd131423}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f88207a8-2d0b-11e0-9094-0015cd131423}\Shell\AutoRun\command - "" = E:\setup.exe -a
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = restore\restorestarter.exe
    [2012/06/05 08:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/06/05 08:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Babylon
    [2012/05/31 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/04/08 10:49:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dbamihegozavoh.bin
    [2011/04/08 10:49:10 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kfayas.dat
    [2011/05/21 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jK06509HbJjJ06509
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP