Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

infected pc converts all files on a flash disk to a single shortcut [C

Started by mahi65 , Jun 02 2013 12:55 PM

  • This topic is locked This topic is locked

#1
mahi65
Posted 02 June 2013 - 12:55 PM

mahi65

    Member

  • Member
  • PipPip
  • 11 posts
Dear experts,

a new infection has come to my PC from an infected external flash disk which makes all files on every external flash disk connected to my PC to a single shortcut linked to rundll32.exe files on c:\windows\system32, beside this shortcut there are some hidden files such as "Autorun.inf , thumbs.db , desktop.ini , ~$WO.FAT32 " and another drive icon without any name. please help me.

Actually my laptop has been infected before and i fixed it with help of "RKinner".

the following is OTL log file(Quick scan):

OTL logfile created on: 6/2/2013 10:19:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.97% Memory free
3.79 Gb Paging File | 3.18 Gb Available in Paging File | 83.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.32 Gb Total Space | 3.16 Gb Free Space | 11.16% Space Free | Partition Type: NTFS
Drive D: | 39.07 Gb Total Space | 16.08 Gb Free Space | 41.15% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 10.22 Gb Free Space | 20.94% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 1.61 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Drive G: | 58.59 Gb Total Space | 1.71 Gb Free Space | 2.92% Space Free | Partition Type: NTFS
Drive H: | 1004.06 Mb Total Space | 927.49 Mb Free Space | 92.37% Space Free | Partition Type: NTFS

Computer Name: QUICK-3B4EA0831 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/02 22:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/08/08 16:31:54 | 008,614,400 | ---- | M] (Media Finder) -- C:\Program Files\Media Finder\Media Finder.exe
PRC - [2012/06/06 13:11:48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\egui.exe
PRC - [2012/02/15 22:17:06 | 000,639,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/06/18 07:52:53 | 000,973,296 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/05/15 00:27:44 | 000,585,728 | ---- | M] (Tensons Corporation) -- C:\Program Files\Tensons\Download Accelerator Manager\daman.exe
PRC - [2010/03/27 10:52:45 | 002,002,944 | ---- | M] (Psoft.ir) -- C:\Program Files\SunCalendar\SunCalendar.exe
PRC - [2008/04/14 13:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/01/02 00:52:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/12 20:22:17 | 001,711,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
MOD - [2013/05/12 20:22:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2013/05/12 20:22:00 | 001,361,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\daman\df2e5b26a82bb63e59f89ca35dd9c066\daman.ni.exe
MOD - [2013/05/12 20:20:00 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2013/05/12 20:19:55 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2013/05/12 20:19:43 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2013/05/12 20:17:25 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2013/05/12 20:17:10 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2013/05/12 20:11:51 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/05/12 20:11:40 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/05/12 20:11:36 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/08/02 17:30:18 | 000,359,424 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploading.dll
MOD - [2012/08/02 17:30:18 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploadstation.dll
MOD - [2012/08/02 17:30:18 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\unibytes.dll
MOD - [2012/08/02 17:30:18 | 000,317,440 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\turbobit.dll
MOD - [2012/08/02 17:30:18 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\sendspace.dll
MOD - [2012/08/02 17:30:18 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\mediafire.dll
MOD - [2012/08/02 17:30:16 | 000,961,536 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\_4shared.dll
MOD - [2012/08/02 17:30:16 | 000,437,760 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\extabit.dll
MOD - [2012/08/02 17:30:16 | 000,320,000 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\letitbit.dll
MOD - [2012/08/02 17:30:16 | 000,319,488 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\depositfiles.dll
MOD - [2012/08/02 17:30:16 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\hotfile.dll
MOD - [2012/08/02 17:30:16 | 000,315,392 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\rapidshare.dll
MOD - [2012/07/30 16:18:32 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\oron.dll
MOD - [2010/09/16 17:41:58 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/06/18 07:52:51 | 001,972,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\pdf.dll
MOD - [2010/06/18 07:51:54 | 000,169,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\Locales\en-US.dll
MOD - [2010/06/18 07:51:34 | 000,071,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\avutil-50.dll
MOD - [2010/06/18 07:51:33 | 000,176,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\avformat-52.dll
MOD - [2010/06/18 07:51:31 | 001,384,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\avcodec-52.dll
MOD - [2010/06/18 06:10:03 | 005,607,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\gcswf32.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/05/01 00:31:06 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/14 13:30:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 13:30:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/06/16 17:45:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 19:40:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 19:06:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 19:06:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/01/04 15:11:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/21 14:35:46 | 000,333,620 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2001/08/17 14:58:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...00000241d00e8e0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000241d00e8e0
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...E1-8E4FEBD12C00
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{80F0F405-A419-4C30-BBF4-E00285DD5359}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8081;https=127.0.0.1:8081;socks=127.0.0.1:1080


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/10/01 21:33:34 | 000,000,000 | ---D | M]

[2012/03/30 23:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/02/15 22:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions
[2012/02/15 22:18:14 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/09/13 13:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Desktop\chorom\App\Chrome\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll
CHR - plugin: Download Helper (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\plugin/download_helper.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: General Crawler = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: Babylon Toolbar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: uTorrentControl2 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.3.3_0\

O1 HOSTS File: ([2012/05/20 00:24:35 | 000,036,112 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 www.wip3.adobe.com
O1 - Hosts: 127.0.0.1 www.wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip30.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip31.adobe.com
O1 - Hosts: 808 more lines...
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (BBB002 Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Documents and Settings\Administrator\Application Data\Media Finder\Extensions\gencrawler_gc.dll ()
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (BBB002 Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BBB002 Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [sysras] C:\Program Files\sysras.exe File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Download Accelerator Manager] C:\Program Files\Tensons\Download Accelerator Manager\daman.exe (Tensons Corporation)
O4 - HKCU..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun File not found
O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder)
O4 - HKCU..\Run: [SunCalendar] C:\Program Files\SunCalendar\SunCalendar.exe (Psoft.ir)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Web Freer] C:\Program Files\WebFreer\webfreer.exe (Appaxy Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 56084 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\cciotqoy.com ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addUrl.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Download &All with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addAllUrls.htm ()
O8 - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download FLV &Video with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addDocUrl.htm ()
O8 - Extra context menu item: Download remotely with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Run DAM Media&Grabber - C:\Program Files\Tensons\Download Accelerator Manager\\runMg.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CFCF703-6F6E-465C-B14B-63F15042CD27}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\sFDnADBb\qnlkupaq.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/11 11:29:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/02 22:15:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/06/02 21:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\mohamad alizadeh
[2013/06/02 21:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD 8
[2013/05/21 22:22:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/05/21 22:18:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2013/05/21 22:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2013/05/21 22:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2013/05/21 22:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2013/05/21 22:10:42 | 001,458,415 | ---- | C] (Old McDonald's Farm) -- C:\Documents and Settings\Administrator\Desktop\aesetup2.6.exe
[2013/05/12 20:11:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/12 19:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDRViewer
[2013/05/12 19:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\CDRViewer2
[2013/05/12 19:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\CDRViewer
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/02 22:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/06/02 22:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/06/02 21:05:24 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/06/02 21:05:21 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\YourFile Update.job
[2013/06/02 21:05:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/02 21:05:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/02 21:05:15 | 2079,903,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 23:31:52 | 000,022,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\corporate-identity.jpg
[2013/05/21 22:22:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/05/21 22:22:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
[2013/05/21 22:18:59 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2013/05/21 22:11:26 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2013/05/21 17:52:07 | 003,642,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/17 20:48:58 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/12 20:11:59 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/12 20:11:59 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/12 19:11:18 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CDR Viewer.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/23 23:31:52 | 000,022,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\corporate-identity.jpg
[2013/05/21 22:22:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
[2013/05/21 22:11:26 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2013/05/12 19:11:18 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CDR Viewer.lnk
[2013/04/22 00:27:34 | 000,009,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\BabMaint.exe
[2012/12/01 23:10:12 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2012/06/26 20:07:15 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe IllExport Filter CS5 Prefs
[2012/05/21 20:10:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/09/26 17:49:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/09/15 19:32:03 | 000,000,063 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2011/09/15 19:31:51 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
[2011/09/15 19:31:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2011/09/15 19:31:50 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2011/09/15 19:31:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\TWAIED02.DLL
[2011/09/15 19:31:49 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL
[2011/09/12 17:11:29 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2011/09/12 17:11:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\PUTTY.RND
[2011/09/11 20:54:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/11 20:54:48 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 14:46:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/11 14:45:24 | 003,642,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 11:56:19 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/09/11 11:48:21 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011/09/11 11:32:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 11:26:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011/09/29 15:44:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:30:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2010/09/16 17:41:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/20 23:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2013/04/22 00:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabSolution
[2012/08/26 21:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2012/09/13 13:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
[2013/02/19 22:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CadSoft
[2011/09/15 19:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cambridge
[2012/10/01 21:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2012/11/28 23:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2012/10/08 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HDI
[2011/12/10 10:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Internet Download Accelerator
[2012/09/18 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Media Finder
[2012/06/01 23:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PandoraRecovery
[2012/06/08 12:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rovio
[2012/07/23 22:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\searchquband
[2012/07/23 22:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\searchqutoolbar
[2012/06/01 22:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinstall
[2013/06/02 22:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/10/08 21:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilinx
[2012/09/13 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YourFileDownloader
[2013/05/21 22:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2012/04/03 17:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/08/26 21:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/04 09:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/18 23:29:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/01 21:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/09/12 18:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/05/19 23:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/09/18 22:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/19 22:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/05/01 05:44:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Desktop\??? ????? ???) -- C:\Documents and Settings\Administrator\Desktop\افق توسعه قرن
[2013/05/01 05:43:59 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Desktop\??? ????? ???) -- C:\Documents and Settings\Administrator\Desktop\افق توسعه قرن
[2013/04/20 21:46:37 | 000,015,993 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\???????? ??????.docx) -- C:\Documents and Settings\Administrator\Desktop\اصطلاحات قانونی.docx
[2013/04/20 21:46:36 | 000,015,993 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\???????? ??????.docx) -- C:\Documents and Settings\Administrator\Desktop\اصطلاحات قانونی.docx
[2013/04/01 10:58:23 | 000,055,347 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\??????? ???? ?????.doc.docx) -- C:\Documents and Settings\Administrator\Desktop\پروپزال آقای نجاری.doc.docx
[2013/04/01 10:57:58 | 000,055,347 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\??????? ???? ?????.doc.docx) -- C:\Documents and Settings\Administrator\Desktop\پروپزال آقای نجاری.doc.docx
[2013/03/14 12:39:49 | 000,014,413 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\436441??? ????? ???.docx) -- C:\Documents and Settings\Administrator\Desktop\436441افق توسعه قرن.docx
[2013/03/14 12:36:26 | 000,014,413 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\436441??? ????? ???.docx) -- C:\Documents and Settings\Administrator\Desktop\436441افق توسعه قرن.docx
[2013/03/08 21:10:32 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Desktop\????? ???? ??? ????) -- C:\Documents and Settings\Administrator\Desktop\پایان نامه بیگ زاده
[2013/03/08 21:09:25 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Desktop\????? ???? ??????) -- C:\Documents and Settings\Administrator\Desktop\پایان نامه قوامین
[2013/03/08 20:56:40 | 000,003,344 | ---- | M] ()(C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\?????? ????? ?? ??? ?? ?????? ?? ?????.lnk) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\دانلود آلبوم من خود آن سیزدهم از چاوشی.lnk
[2013/03/08 20:56:40 | 000,003,344 | ---- | C] ()(C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\?????? ????? ?? ??? ?? ?????? ?? ?????.lnk) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\دانلود آلبوم من خود آن سیزدهم از چاوشی.lnk
[2013/02/16 14:18:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Desktop\????) -- C:\Documents and Settings\Administrator\Desktop\مفید
[2013/02/06 10:50:26 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Desktop\????? ???? ??? ????) -- C:\Documents and Settings\Administrator\Desktop\پایان نامه بیگ زاده
[2013/02/06 10:38:04 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Desktop\????? ???? ??????) -- C:\Documents and Settings\Administrator\Desktop\پایان نامه قوامین
[2013/01/13 17:22:29 | 000,054,986 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\??? ? ?????? ?? ?? ?? ???? ???.docx) -- C:\Documents and Settings\Administrator\My Documents\لام و کرامتی که به زن داده است.docx
[2013/01/13 17:22:28 | 000,054,986 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\??? ? ?????? ?? ?? ?? ???? ???.docx) -- C:\Documents and Settings\Administrator\My Documents\لام و کرامتی که به زن داده است.docx
[2012/11/11 23:04:28 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Desktop\????) -- C:\Documents and Settings\Administrator\Desktop\مفید
[2012/08/01 18:25:53 | 000,043,129 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\???? ???? ????????.docx) -- C:\Documents and Settings\Administrator\My Documents\قابل توجه داوطلبين.docx
[2012/08/01 18:25:53 | 000,043,129 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\???? ???? ????????.docx) -- C:\Documents and Settings\Administrator\My Documents\قابل توجه داوطلبين.docx
[2012/05/27 17:13:11 | 000,033,262 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\?????.docx) -- C:\Documents and Settings\Administrator\My Documents\مقدمه.docx
[2012/05/27 17:13:11 | 000,033,262 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\?????.docx) -- C:\Documents and Settings\Administrator\My Documents\مقدمه.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


and this is Extras.txt :


OTL Extras logfile created on: 6/2/2013 10:19:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.97% Memory free
3.79 Gb Paging File | 3.18 Gb Available in Paging File | 83.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.32 Gb Total Space | 3.16 Gb Free Space | 11.16% Space Free | Partition Type: NTFS
Drive D: | 39.07 Gb Total Space | 16.08 Gb Free Space | 41.15% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 10.22 Gb Free Space | 20.94% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 1.61 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Drive G: | 58.59 Gb Total Space | 1.71 Gb Free Space | 2.92% Space Free | Partition Type: NTFS
Drive H: | 1004.06 Mb Total Space | 927.49 Mb Free Space | 92.37% Space Free | Partition Type: NTFS

Computer Name: QUICK-3B4EA0831 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\The KMPlayer\KMPlayer.exe" = C:\Program Files\The KMPlayer\KMPlayer.exe:*:Enabled:KMPlayer -- (Pandora.TV)
"C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\Acrobat Elements.exe" = C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\Acrobat Elements.exe:*:Enabled:Acrobat Elements
"C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe" = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe:*:Enabled:Acrobat
"C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe" = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe:*:Enabled:acrodist
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"K:\fg731p.exe" = K:\fg731p.exe:*:Enabled:Fast and Secure Gateway to Internet Freedom
"C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files\YourFileDownloader\YourFile.exe" = C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\WebFreer\webfreer.exe" = C:\Program Files\WebFreer\webfreer.exe:*:Enabled:Web Freer -- (Appaxy Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37955B24-82BC-4160-A867-285B87E62519}_is1" = CDR Viewer
"{3EB745BA-194F-4475-9164-B20BB2172395}" = Adobe Photoshop CS5
"{40044440-4ED4-4792-8417-5EE6374F001C}" = Angry Birds Space
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B27901FA-F157-4049-B1EC-BC43890A1DCC}" = Active@ File Recovery
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3DA9048-C082-4809-9CCB-1F21F4FA610D}" = Foxit PhantomPDF
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{EF181DC1-0ECB-4546-9772-C3C3F58E5747}" = ESET Smart Security
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autorun Eater_is1" = Autorun Eater v2.6
"BabylonToolbar" = Babylon toolbar on IE
"Cambridge Advanced Learner's Dictionary" = Cambridge Advanced Learner's Dictionary
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Download Accelerator Manager" = Download Accelerator Manager
"EAGLE 6.3.0" = EAGLE 6.3.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"iLivid" = iLivid
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Power Data Recovery_is1" = Power Data Recovery 4.6.5
"Recover My Files_is1" = Recover My Files
"Searchqu Toolbar" = Searchqu Toolbar
"SunCalendar6.0" = SunCalendar
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"WebFreer" = Web Freer
"WinRAR archiver" = WinRAR archiver
"WinZip Self-Extractor" = WinZip Self-Extractor
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2012 1:45:20 PM | Computer Name = QUICK-3B4EA0831 | Source = Application Hang | ID = 1002
Description = Hanging application KMPlayer.exe, version 2.9.4.1435, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2012 12:14:16 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f2bb, debug? 0,
fault address 0x00012afb.

Error - 10/20/2012 12:14:28 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f2bb, debug? 0,
fault address 0x00012afb.

Error - 10/20/2012 12:14:37 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f2bb, debug? 0,
fault address 0x00012afb.

Error - 10/20/2012 12:14:55 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f2bb, debug? 0,
fault address 0x00012afb.

Error - 10/20/2012 12:15:07 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f2bb, debug? 0,
fault address 0x00012afb.

Error - 10/20/2012 12:15:17 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f2bb, debug? 0,
fault address 0x00012afb.

Error - 10/20/2012 12:15:33 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f2bb, debug? 0,
fault address 0x00012afb.

Error - 10/20/2012 12:18:08 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module iehelp.dll, version 0.0.0.0, stamp 2a425e19, debug? 0, fault address
0x000106cc.

Error - 10/20/2012 12:19:17 PM | Computer Name = QUICK-3B4EA0831 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module iehelp.dll, version 0.0.0.0, stamp 2a425e19, debug? 0, fault address
0x000106cc.

[ OSession Events ]
Error - 11/13/2011 11:32:21 AM | Computer Name = QUICK-3B4EA0831 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 38752
seconds with 9120 seconds of active time. This session ended with a crash.

Error - 11/13/2011 11:43:11 AM | Computer Name = QUICK-3B4EA0831 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 609
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/2/2013 2:12:35 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:12:35 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:12:36 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:12:37 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:12:37 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:12:37 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:41:19 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:41:19 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:41:19 PM | Computer Name = QUICK-3B4EA0831 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 6/2/2013 2:43:18 PM | Computer Name = QUICK-3B4EA0831 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '!pd.nfo' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.


< End of report >

Edited by mahi65, 02 June 2013 - 12:56 PM.

  • 0

Advertisements

#2
Essexboy
Posted 02 June 2013 - 01:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there we will need to disinfect the cards as well as the hardrive

Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
Posted Image
Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...00000241d00e8e0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000241d00e8e0
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...E1-8E4FEBD12C00
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{80F0F405-A419-4C30-BBF4-E00285DD5359}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (BBB002 Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Documents and Settings\Administrator\Application Data\Media Finder\Extensions\gencrawler_gc.dll ()
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (BBB002 Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BBB002 Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [sysras] C:\Program Files\sysras.exe File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder)
O4 - HKCU..\Run: [Web Freer] C:\Program Files\WebFreer\webfreer.exe (Appaxy Inc.)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\sFDnADBb\qnlkupaq.exe) - File not found
[2013/06/02 22:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/06/02 21:05:21 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\YourFile Update.job
[2011/09/20 23:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2013/04/22 00:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabSolution
[2012/08/26 21:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2012/09/13 13:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
[2012/09/18 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Media Finder
[2012/07/23 22:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\searchquband
[2012/07/23 22:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\searchqutoolbar
[2012/06/01 22:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinstall
[2013/06/02 22:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/10/08 21:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilinx
[2012/09/13 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YourFileDownloader
[2012/04/03 17:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/08/26 21:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/04 09:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

:Files
C:\Program Files\Searchqu Toolbar
C:\Program Files\Media Finder
C:\Program Files\Ask.com
C:\Program Files\BabylonToolbar
C:\Program Files\Searchqu Toolbar
C:\Program Files\myBabylon_English
C:\Program Files\sFDnADBb

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
mahi65
Posted 02 June 2013 - 01:44 PM

mahi65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Dear Essexboy,thanks for your reply,

this is the log which was produced after reboot(just after OTL fix) :


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
C:\Program Files\uTorrentControl2\prxtbuTo0.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.
C:\Program Files\myBabylon_English\prxtbmyB0.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80F0F405-A419-4C30-BBF4-E00285DD5359}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80F0F405-A419-4C30-BBF4-E00285DD5359}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTo0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
File C:\Program Files\myBabylon_English\prxtbmyB0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}\ deleted successfully.
C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\ deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Media Finder\Extensions\gencrawler_gc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTo0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
File C:\Program Files\myBabylon_English\prxtbmyB0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTo0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}\ not found.
File C:\Program Files\myBabylon_English\prxtbmyB0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysras deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder deleted successfully.
C:\Program Files\Media Finder\Media Finder.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Web Freer deleted successfully.
C:\Program Files\WebFreer\webfreer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\sFDnADBb\qnlkupaq.exe deleted successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\tasks\YourFile Update.job moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG9\cfgall folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG9 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\BabSolution\Shared folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\BabSolution folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Media Finder\Temp folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Media Finder\Extensions folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Media Finder folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\searchqutoolbar\weather folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\searchqutoolbar folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Thinstall\Data Doctor Recovery Removable Media 3.0.1.5 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Thinstall\Data Doctor Recovery FAT+NTFS 3.0.1.5 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Thinstall folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\uTorrent\ie folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\uTorrent\dlimagecache folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\uTorrent\apps folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\uTorrent folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Xilinx\ISE\12.2 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Xilinx\ISE folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Xilinx\Common\12.2 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Xilinx\Common folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Xilinx folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\YourFileDownloader folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess\F0F8CE390972CD01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
========== FILES ==========
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files\Searchqu Toolbar folder moved successfully.
C:\Program Files\Media Finder\Plugins folder moved successfully.
C:\Program Files\Media Finder folder moved successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12 folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files\BabylonToolbar folder moved successfully.
File\Folder C:\Program Files\Searchqu Toolbar not found.
C:\Program Files\myBabylon_English folder moved successfully.
C:\Program Files\sFDnADBb folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 831145041 bytes
->Temporary Internet Files folder emptied: 62279786 bytes
->Google Chrome cache emptied: 90526680 bytes
->Flash cache emptied: 32136 bytes

User: All Users
->Temp folder emptied: 82944 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 289346056 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 230061484 bytes

Total Files Cleaned = 1,434.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06022013_225837

Files\Folders moved on Reboot...
C:\Documents and Settings\All Users\Local Settings\Temp\cciotqoy.com moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



and this is OTL log after new scan:


OTL logfile created on: 6/2/2013 11:02:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 70.87% Memory free
3.79 Gb Paging File | 3.37 Gb Available in Paging File | 89.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.32 Gb Total Space | 4.48 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Drive D: | 39.07 Gb Total Space | 16.08 Gb Free Space | 41.15% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 10.22 Gb Free Space | 20.94% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 1.61 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Drive G: | 58.59 Gb Total Space | 1.71 Gb Free Space | 2.92% Space Free | Partition Type: NTFS
Drive H: | 1004.06 Mb Total Space | 985.52 Mb Free Space | 98.15% Space Free | Partition Type: NTFS
Drive L: | 7.50 Gb Total Space | 7.50 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: QUICK-3B4EA0831 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/02 22:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/04/04 23:06:12 | 000,607,744 | ---- | M] (MyCity) -- C:\Program Files\MCShield\MCShieldRTM.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\egui.exe
PRC - [2012/02/15 22:17:06 | 000,639,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/06/18 07:52:53 | 000,973,296 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/05/15 00:27:44 | 000,585,728 | ---- | M] (Tensons Corporation) -- C:\Program Files\Tensons\Download Accelerator Manager\daman.exe
PRC - [2010/03/27 10:52:45 | 002,002,944 | ---- | M] (Psoft.ir) -- C:\Program Files\SunCalendar\SunCalendar.exe
PRC - [2008/04/14 13:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/01/02 00:52:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/12 20:22:17 | 001,711,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
MOD - [2013/05/12 20:22:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2013/05/12 20:22:00 | 001,361,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\daman\df2e5b26a82bb63e59f89ca35dd9c066\daman.ni.exe
MOD - [2013/05/12 20:20:00 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2013/05/12 20:19:55 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2013/05/12 20:19:43 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2013/05/12 20:17:25 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2013/05/12 20:17:10 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2013/05/12 20:11:40 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/06/18 07:52:51 | 001,972,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\pdf.dll
MOD - [2010/06/18 07:51:54 | 000,169,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\Locales\en-US.dll
MOD - [2010/06/18 07:51:34 | 000,071,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\avutil-50.dll
MOD - [2010/06/18 07:51:33 | 000,176,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\avformat-52.dll
MOD - [2010/06/18 07:51:31 | 001,384,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\avcodec-52.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/06/16 17:45:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 19:40:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 19:06:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 19:06:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/01/04 15:11:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/21 14:35:46 | 000,333,620 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2001/08/17 14:58:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8081;https=127.0.0.1:8081;socks=127.0.0.1:1080


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/10/01 21:33:34 | 000,000,000 | ---D | M]

[2012/03/30 23:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/02/15 22:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions
[2012/02/15 22:18:14 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/09/13 13:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Desktop\chorom\App\Chrome\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\6.0.437.3\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll
CHR - plugin: Download Helper (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\plugin/download_helper.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: General Crawler = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: Babylon Toolbar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: uTorrentControl2 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.3.3_0\

O1 HOSTS File: ([2013/06/02 22:58:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C70E30C7-140A-4166-A2E8-43557E62B41A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Download Accelerator Manager] C:\Program Files\Tensons\Download Accelerator Manager\daman.exe (Tensons Corporation)
O4 - HKCU..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun File not found
O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKCU..\Run: [SunCalendar] C:\Program Files\SunCalendar\SunCalendar.exe (Psoft.ir)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 56084 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\cciotqoy.com
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addUrl.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Download &All with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addAllUrls.htm ()
O8 - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download FLV &Video with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addDocUrl.htm ()
O8 - Extra context menu item: Download remotely with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Run DAM Media&Grabber - C:\Program Files\Tensons\Download Accelerator Manager\\runMg.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CFCF703-6F6E-465C-B14B-63F15042CD27}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/11 11:29:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/06/02 22:56:46 | 000,000,000 | -HS- | M] () - L:\autorun.inf.vir -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/02 23:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2013/06/02 23:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD 8
[2013/06/02 22:58:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/02 22:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
[2013/06/02 22:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MCShield
[2013/06/02 22:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\MCShield
[2013/06/02 22:15:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/06/02 21:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\mohamad alizadeh
[2013/05/21 22:22:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/05/21 22:18:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2013/05/21 22:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2013/05/21 22:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2013/05/21 22:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2013/05/21 22:10:42 | 001,458,415 | ---- | C] (Old McDonald's Farm) -- C:\Documents and Settings\Administrator\Desktop\aesetup2.6.exe
[2013/05/12 20:11:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/12 19:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDRViewer
[2013/05/12 19:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\CDRViewer2
[2013/05/12 19:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\CDRViewer

========== Files - Modified Within 30 Days ==========

[2013/06/02 23:01:16 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/06/02 23:01:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/02 23:01:07 | 2079,903,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/02 22:58:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/06/02 22:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/06/02 21:05:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/23 23:31:52 | 000,022,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\corporate-identity.jpg
[2013/05/21 22:22:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/05/21 22:22:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
[2013/05/21 22:18:59 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2013/05/21 22:11:26 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2013/05/21 17:52:07 | 003,642,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/17 20:48:58 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/12 20:11:59 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/12 20:11:59 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/12 19:11:18 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CDR Viewer.lnk

========== Files Created - No Company Name ==========

[2013/05/23 23:31:52 | 000,022,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\corporate-identity.jpg
[2013/05/21 22:22:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
[2013/05/21 22:11:26 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2013/05/12 19:11:18 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CDR Viewer.lnk
[2013/04/22 00:27:34 | 000,009,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\BabMaint.exe
[2012/12/01 23:10:12 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2012/06/26 20:07:15 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe IllExport Filter CS5 Prefs
[2012/05/21 20:10:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/09/26 17:49:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/09/15 19:32:03 | 000,000,063 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2011/09/15 19:31:51 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
[2011/09/15 19:31:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2011/09/15 19:31:50 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2011/09/15 19:31:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\TWAIED02.DLL
[2011/09/15 19:31:49 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL
[2011/09/12 17:11:29 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2011/09/12 17:11:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\PUTTY.RND
[2011/09/11 20:54:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/11 20:54:48 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 14:46:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/11 14:45:24 | 003,642,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 11:56:19 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/09/11 11:48:21 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011/09/11 11:32:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 11:26:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011/09/29 15:44:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:30:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2010/09/16 17:41:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/13 13:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
[2013/02/19 22:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CadSoft
[2011/09/15 19:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cambridge
[2012/10/01 21:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2012/11/28 23:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2012/10/08 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HDI
[2011/12/10 10:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Internet Download Accelerator
[2012/06/01 23:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PandoraRecovery
[2012/06/08 12:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rovio
[2013/06/02 23:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2013/05/21 22:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/09/18 23:29:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/01 21:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/09/12 18:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/06/02 23:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCShield
[2012/05/19 23:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/09/18 22:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/19 22:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/05/01 05:44:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Desktop\??? ????? ???) -- C:\Documents and Settings\Administrator\Desktop\افق توسعه قرن
[2013/05/01 05:43:59 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Desktop\??? ????? ???) -- C:\Documents and Settings\Administrator\Desktop\افق توسعه قرن
[2013/04/20 21:46:37 | 000,015,993 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\???????? ??????.docx) -- C:\Documents and Settings\Administrator\Desktop\اصطلاحات قانونی.docx
[2013/04/20 21:46:36 | 000,015,993 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\???????? ??????.docx) -- C:\Documents and Settings\Administrator\Desktop\اصطلاحات قانونی.docx
[2013/04/01 10:58:23 | 000,055,347 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\??????? ???? ?????.doc.docx) -- C:\Documents and Settings\Administrator\Desktop\پروپزال آقای نجاری.doc.docx
[2013/04/01 10:57:58 | 000,055,347 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\??????? ???? ?????.doc.docx) -- C:\Documents and Settings\Administrator\Desktop\پروپزال آقای نجاری.doc.docx
[2013/03/14 12:39:49 | 000,014,413 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\436441??? ????? ???.docx) -- C:\Documents and Settings\Administrator\Desktop\436441افق توسعه قرن.docx
[2013/03/14 12:36:26 | 000,014,413 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\436441??? ????? ???.docx) -- C:\Documents and Settings\Administrator\Desktop\436441افق توسعه قرن.docx
[2013/03/08 21:10:32 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Desktop\????? ???? ??? ????) -- C:\Documents and Settings\Administrator\Desktop\پایان نامه بیگ زاده
[2013/03/08 21:09:25 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Desktop\????? ???? ??????) -- C:\Documents and Settings\Administrator\Desktop\پایان نامه قوامین
[2013/03/08 20:56:40 | 000,003,344 | ---- | M] ()(C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\?????? ????? ?? ??? ?? ?????? ?? ?????.lnk) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\دانلود آلبوم من خود آن سیزدهم از چاوشی.lnk
[2013/03/08 20:56:40 | 000,003,344 | ---- | C] ()(C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\?????? ????? ?? ??? ?? ?????? ?? ?????.lnk) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\دانلود آلبوم من خود آن سیزدهم از چاوشی.lnk
[2013/02/16 14:18:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Desktop\????) -- C:\Documents and Settings\Administrator\Desktop\مفید
[2013/02/06 10:50:26 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Desktop\????? ???? ??? ????) -- C:\Documents and Settings\Administrator\Desktop\پایان نامه بیگ زاده
[2013/02/06 10:38:04 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Desktop\????? ???? ??????) -- C:\Documents and Settings\Administrator\Desktop\پایان نامه قوامین
[2013/01/13 17:22:29 | 000,054,986 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\??? ? ?????? ?? ?? ?? ???? ???.docx) -- C:\Documents and Settings\Administrator\My Documents\لام و کرامتی که به زن داده است.docx
[2013/01/13 17:22:28 | 000,054,986 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\??? ? ?????? ?? ?? ?? ???? ???.docx) -- C:\Documents and Settings\Administrator\My Documents\لام و کرامتی که به زن داده است.docx
[2012/11/11 23:04:28 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Desktop\????) -- C:\Documents and Settings\Administrator\Desktop\مفید
[2012/08/01 18:25:53 | 000,043,129 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\???? ???? ????????.docx) -- C:\Documents and Settings\Administrator\My Documents\قابل توجه داوطلبين.docx
[2012/08/01 18:25:53 | 000,043,129 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\???? ???? ????????.docx) -- C:\Documents and Settings\Administrator\My Documents\قابل توجه داوطلبين.docx
[2012/05/27 17:13:11 | 000,033,262 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\?????.docx) -- C:\Documents and Settings\Administrator\My Documents\مقدمه.docx
[2012/05/27 17:13:11 | 000,033,262 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\?????.docx) -- C:\Documents and Settings\Administrator\My Documents\مقدمه.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


and at last AdwCleaner log :


# AdwCleaner v2.301 - Logfile created 06/02/2013 at 23:06:58
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - QUICK-3B4EA0831
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Documents and Settings\Administrator\Application Data\BabMaint.exe
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\myBabylon_English
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrentControl2
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\myBabylon_English
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\uTorrentControl2
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F2B224C3-7C4F-486B-9888-E07AAB663BD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1460988
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02B6D9DF-AB14-40A9-9F83-08DE77C930DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38961733-F6A3-4EDC-9483-536808246066}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A096805B-7EC5-42A1-B7E0-42BA4614E3CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE0A51F3-F4C1-41C0-92A6-2CD642091233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\myBabylon_English Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F2B224C3-7C4F-486B-9888-E07AAB663BD9}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\myBabylon_English Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\myBabylon_English
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\Software\YourFileDownloader
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112555&tt=120912_ccp_3712_8&babsrc=NT_ss&mntrId=0c89db1400000000000000241d00e8e0 --> hxxp://www.google.com

-\\ Google Chrome v6.0.437.3

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [19517 octets] - [02/06/2013 23:06:58]

########## EOF - C:\AdwCleaner[S1].txt - [19578 octets] ##########

could you please tell me what is the exact problem?
B.R.
Mahnaz

Edited by mahi65, 02 June 2013 - 01:44 PM.

  • 0

#4
Essexboy
Posted 02 June 2013 - 01:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the McShield log please, also have the files returned to normal ?
  • 0

#5
mahi65
Posted 02 June 2013 - 02:13 PM

mahi65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
sorry i forgot about it, here is MSShield log :


>>> MCShield AllScans.txt <<<



>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.6.2.1 / Windows XP <<<


6/2/2013 10:54:15 PM > Drive C: - scan started (no label ~28 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 10:54:15 PM > Drive D: - scan started (knowlage ~39 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 10:54:16 PM > Drive E: - scan started (fun ~49 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 10:54:16 PM > Drive F: - scan started (prison ~49 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 10:54:16 PM > Drive G: - scan started (movies ~59 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 10:54:16 PM > Drive H: - scan started (program ~1 GB, NTFS HDD )...



=> The drive is clean.





>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.6.2.1 / Windows XP <<<


6/2/2013 10:55:16 PM > Drive L: - scan started (09367368339 ~7679 MB, FAT32 flash drive )...

>>> L:\autorun.inf > Action failed.

>>> L:\desktop.ini - Malware > Deleted. (13.06.02. 22.55 desktop.ini.337063; MD5: 554fb78f9dc7bcfc5bf838f72ad00a7c)

>>> L:\_WOKRXTFNLS.com - Suspicious > Renamed. (MD5: 2c8df9c20623088361220a44ce824b39)

>>> L:\09367368339 (8GB).lnk - Suspicious > Renamed. (MD5: 3baf2993183e7bae02f7ef5f8985df34)

> Resetting attributes: L:\  < Successful.


=> Malicious files : 1/1 deleted.
=> Suspicious files : 2/3 renamed.
=> Hidden folders : 1/1 unhidden.

____________________________________________

::::: Scan duration: 2sec ::::::::::::::::::
____________________________________________




>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.6.2.1 / Windows XP <<<


6/2/2013 10:56:45 PM > Drive L: - scan started (09367368339 ~7679 MB, FAT32 flash drive )...

>>> L:\autorun.inf > Suspicious > Renamed.


=> Suspicious files : 1/1 renamed.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________




>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.6.2.1 / Windows XP <<<


6/2/2013 11:01:30 PM > Drive C: - scan started (no label ~28 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 11:01:31 PM > Drive D: - scan started (knowlage ~39 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 11:01:32 PM > Drive E: - scan started (fun ~49 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 11:01:33 PM > Drive F: - scan started (prison ~49 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 11:01:33 PM > Drive G: - scan started (movies ~59 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 11:01:34 PM > Drive H: - scan started (program ~1 GB, NTFS HDD )...



=> The drive is clean.


6/2/2013 11:01:34 PM > Drive L: - scan started (09367368339 ~7679 MB, FAT32 flash drive )...

>>> L:\autorun.inf > Suspicious > Renamed.

>>> L:\desktop.ini - Malware > Deleted. (13.06.02. 23.01 desktop.ini.991604; MD5: b310fb28380c049aa6c1e6d5a4ae0e4a)

>>> L:\_WAXPNYF.com - Suspicious > Renamed. (MD5: ec41d2ac2ea4e2820e3fafd1231fe63c)

>>> L:\09367368339 (8GB).lnk - Suspicious > Renamed. (MD5: c6bb990d87c5c616e9f76ec2c9051484)

> Resetting attributes: L:\  < Successful.


=> Malicious files : 1/1 deleted.
=> Suspicious files : 3/3 renamed.
=> Hidden folders : 1/1 unhidden.

____________________________________________

::::: Scan duration: 4sec ::::::::::::::::::
____________________________________________


yes some files named as follows are seen on my flash disk :

_WAXPNYF.com.vir
autorun.inf.vir
Thumbs.db
09367368339 (8GB).lnk.vir

"09367368339" is flash disk name.
  • 0

#6
Essexboy
Posted 02 June 2013 - 02:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Those are the files that McShield determined to be bad... How is the computer behaving now ?
  • 0

#7
mahi65
Posted 02 June 2013 - 02:25 PM

mahi65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
what do you mean by "how the computer behaving now"?
my only problem is with external flash disks,because by connecting every flash disk i will lose my files on that flash disk.
after your question i disconnected the flash and then connected it again. no difference is on that. the files i mentioned in the last post are still there.should i test the PC with a new flash disk to see whether it infects external cool disk again or not?
  • 0

#8
Essexboy
Posted 02 June 2013 - 03:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So you have an external hard drive that is infected as well ? The files on the USB are now no longer able to run

If you have an infected external drive then do the following

Download Dr.Web CureIt .
  • Doubleclick the drweb-cureit.exe file to open it.
  • A window will open offering a choice of EPM or Standard Mode
  • Chose EPM
  • A license and updates window will appear. If necessary update, otherwise check the box "I agree to participate..." and click Continue
  • You will not be able to use your computer until the scan is finished. It generally takes only a short time say... around 15/20 mins.
  • Dr Web will scan your computer. When finished a report is saved to C:\users\....\Doctor Web named cureit.log. Copy and paste the contents back here.

  • 0

#9
Essexboy
Posted 11 June 2013 - 12:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP