chaaz

Members
  • Content count

    20
  • Joined

  • Last visited

About chaaz

  • Rank
    New Member
  1. Sorry for the double post here but I can't seem to find a edit button. The admins/mods are welcome to delete this topic I am very sorry for cross posting and breaking the rules but I have tried everything to get rid of this virus/malware that is taking my bandwidth. I have a few more things I will try that may fix it if they don't work my only option is to reformat my harddrive and do a fresh install of windows. This is one stubborn malware/virus I know a lot about computers and have removed a lot of viruses and have never seen something this stubborn. Thanks for your help and trying to help, once my computer is fixed I will be very careful on what sites I visit and what I download so I don't a virus like this again.
  2. Sorry about this, I've just been very desperate to try and fix this problem. At the moment I think my only choice is to reformat the harddrive and reinstall the OS.
  3. There is something on my computer that is eating up my bandwidth at a extremely fast pace. I have gone through a shocking 80 GB on my computer alone this month which is very very unusual for a casual surfer. I tried asking for help on a forum called bleeping computer you can see the thread here -------> http://www.bleepingcomputer.com/forums/t/526851/virus-or-malware-using-tons-of-bandwidth/ Where I have asked for help and if you go through the thread you will see all of my logs, they could not help me there so I am asking on here. None of my programs Kaspersky full Internet Security and Malware Bytes Full Pro have been able to pick it up and remove it. After doing some research I now think that my computer has been hacked and is being used as a zombie to steal data from. I have 2 bandwidth meters on my computer so I can see when and how much is be taken. I have NO wireless so no one has hacked into that. It is clearly my computer that is taking the bandwidth no other computers I only have 1 computer in my entire household and that is mine. If someone could please help me, thanks.
  4. Yay at last that annoying Holasearch homepage is gone and I am back with the normal firefox homepage. Thanks so much for your help.
  5. I am using firefox as my main browser at the moment can you give me links for that please thanks
  6. Hi there just did the scan and heres the report. OTL logfile created on: 31/03/2013 4:14:32 p.m. - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlotte\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 65.95% Memory free 8.18 Gb Paging File | 6.14 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 96.57 Gb Total Space | 8.97 Gb Free Space | 9.29% Space Free | Partition Type: NTFS Drive D: | 147.58 Gb Total Space | 32.65 Gb Free Space | 22.12% Space Free | Partition Type: NTFS Drive E: | 221.61 Gb Total Space | 64.73 Gb Free Space | 29.21% Space Free | Partition Type: NTFS Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Charlotte\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe () MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll () MOD - C:\Windows\SysWOW64\AsIO.dll () MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\DRIVERS\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\DRIVERS\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (kneps) -- C:\Windows\SysNative\DRIVERS\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (pbfilter) -- E:\pbfilter.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=446500248C15395C IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 60 67 E8 B8 C6 CD 01 [binary data] IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\..\SearchScopes\{134F170B-B529-404E-932D-A5F92151CD7A}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826 IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3261221056-2756048321-2121388272-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Hola Search" FF - prefs.js..browser.startup.homepage: "http://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=446500248C15395C" FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.6.0.11664 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012/12/21 21:05:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012/12/21 21:05:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012/12/21 21:05:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012/12/21 21:05:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012/12/21 21:05:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 12:46:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 12:46:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 12:46:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 12:46:37 | 000,000,000 | ---D | M] [2012/12/08 15:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Extensions [2012/11/18 01:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\extensions [2012/11/18 01:06:32 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [2012/12/21 12:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\8r0faw4i.default\extensions [2013/03/16 18:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/03/16 18:20:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/12/21 21:05:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2012/11/03 03:00:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013/03/08 12:46:41 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 21:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/03/06 16:45:28 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Hola Search (Enabled) CHR - default_search_provider: search_url = http://www.holasearch.com/?q={searchTerms}&affID=121962&babsrc=SP_ss&mntrId=446500248C15395C CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} O1 HOSTS File: ([2013/03/31 12:47:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3261221056-2756048321-2121388272-1003..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3261221056-2756048321-2121388272-1003..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3261221056-2756048321-2121388272-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3261221056-2756048321-2121388272-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33D5947C-A9ED-4284-B347-33D37D727A8B}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/02/02 18:58:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/03/24 04:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2010/03/16 05:17:45 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/03/31 15:08:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/31 15:06:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/03/31 12:37:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/31 12:37:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/31 12:37:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/31 12:28:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/31 12:28:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/30 19:28:27 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2013/03/30 19:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013/03/30 19:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013/03/30 18:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013/03/30 18:49:32 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013/03/30 18:49:32 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013/03/30 18:49:31 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013/03/30 18:49:31 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013/03/30 18:49:31 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013/03/30 18:49:30 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013/03/30 18:49:30 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll [2013/03/30 18:49:30 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll [2013/03/30 18:49:29 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013/03/30 18:49:29 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013/03/30 18:49:29 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013/03/30 18:49:29 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013/03/30 18:49:29 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013/03/30 18:49:29 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013/03/30 18:49:29 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013/03/30 18:49:27 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013/03/30 18:49:27 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013/03/30 18:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013/03/30 18:04:47 | 006,398,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013/03/30 18:04:47 | 003,477,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013/03/30 18:04:47 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013/03/30 18:04:47 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013/03/30 18:04:47 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013/03/30 18:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013/03/30 11:39:42 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2013/03/30 11:39:42 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2013/03/30 11:39:42 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2013/03/30 11:39:42 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2013/03/30 11:39:42 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2013/03/30 11:39:41 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2013/03/30 11:39:41 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2013/03/30 11:39:41 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2013/03/30 11:39:26 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2013/03/30 11:39:26 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2013/03/30 11:39:26 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2013/03/30 11:39:26 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2013/03/30 11:39:26 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2013/03/30 11:39:25 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2013/03/30 11:39:25 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2013/03/30 11:39:25 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2013/03/30 11:39:25 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2013/03/30 11:39:25 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2013/03/30 11:39:25 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2013/03/30 11:39:24 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2013/03/30 11:39:24 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013/03/30 11:39:24 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2013/03/30 11:39:24 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2013/03/30 11:39:24 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2013/03/30 11:39:24 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013/03/30 11:39:24 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2013/03/30 11:39:24 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2013/03/30 11:39:22 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2013/03/30 11:39:22 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013/03/30 11:39:22 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2013/03/30 11:39:22 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013/03/30 11:39:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2013/03/30 11:39:22 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2013/03/30 11:39:21 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2013/03/30 11:39:21 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013/03/21 13:05:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/03/16 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Skype [2013/03/16 18:19:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/03/16 18:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/03/16 18:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/03/16 18:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013/03/15 12:24:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/03/15 12:24:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/03/15 12:24:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/03/15 12:24:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/03/15 12:24:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/03/15 12:24:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/03/15 12:24:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/03/15 12:24:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/03/15 12:24:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/03/15 12:24:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/03/15 12:24:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/03/15 12:24:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/03/15 12:24:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/03/15 12:24:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/03/15 12:24:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/03/08 12:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/31 16:18:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/31 15:45:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/31 15:08:57 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/31 15:08:07 | 000,004,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/31 15:08:07 | 000,004,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/31 15:08:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/31 15:07:57 | 4294,033,408 | -HS- | M] () -- C:\hiberfil.sys [2013/03/31 12:47:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/30 22:01:49 | 000,000,513 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/03/30 18:04:50 | 000,000,732 | ---- | M] () -- C:\Users\Charlotte\AppData\Local\d3d9caps64.dat [2013/03/30 11:44:50 | 000,000,512 | ---- | M] () -- C:\Users\Charlotte\Desktop\LaunchEFLC - Shortcut.lnk [2013/03/23 01:31:06 | 000,002,499 | ---- | M] () -- C:\Users\Charlotte\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2013/03/15 18:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013/03/15 18:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013/03/15 18:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013/03/15 18:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013/03/15 18:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013/03/15 18:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013/03/15 18:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013/03/15 18:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013/03/15 18:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013/03/15 18:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013/03/15 18:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013/03/15 18:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013/03/15 18:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013/03/15 18:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013/03/15 18:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013/03/15 18:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013/03/15 18:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013/03/15 18:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013/03/15 18:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll [2013/03/15 18:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll [2013/03/15 18:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013/03/15 17:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013/03/15 17:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013/03/15 17:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013/03/15 17:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013/03/15 17:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013/03/13 23:45:25 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/13 23:45:25 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/31 15:07:57 | 4294,033,408 | -HS- | C] () -- C:\hiberfil.sys [2013/03/31 12:37:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/31 12:37:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/31 12:37:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/31 12:37:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/31 12:37:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/30 19:38:16 | 000,000,513 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/03/30 18:49:31 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013/03/30 11:44:50 | 000,000,512 | ---- | C] () -- C:\Users\Charlotte\Desktop\LaunchEFLC - Shortcut.lnk [2013/03/23 01:31:06 | 000,002,499 | ---- | C] () -- C:\Users\Charlotte\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2012/12/15 17:22:06 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\jgldog11.dll [2012/10/30 15:37:12 | 000,007,168 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/10/30 11:38:45 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/10/30 11:38:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012/10/30 11:37:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012/10/30 11:37:49 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012/10/29 23:55:27 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2012/10/29 20:37:23 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012/10/29 20:37:23 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012/10/29 20:37:21 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012/10/29 20:37:21 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012/10/29 20:31:13 | 000,026,322 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012/10/29 20:31:13 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2012/10/29 19:24:45 | 000,000,732 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\d3d9caps64.dat [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2006/11/03 04:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/19 00:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll < End of report > OTL Extras logfile created on: 31/03/2013 4:14:32 p.m. - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlotte\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 65.95% Memory free 8.18 Gb Paging File | 6.14 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 96.57 Gb Total Space | 8.97 Gb Free Space | 9.29% Space Free | Partition Type: NTFS Drive D: | 147.58 Gb Total Space | 32.65 Gb Free Space | 22.12% Space Free | Partition Type: NTFS Drive E: | 221.61 Gb Total Space | 64.73 Gb Free Space | 29.21% Space Free | Partition Type: NTFS Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3261221056-2756048321-2121388272-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9A 2B 3F 54 CB B5 CD 01 [binary data] "VistaSp2" = 1D F2 F9 F5 29 B6 CD 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{016CDD37-FC82-4BB9-8B0E-23DBFD9B20E1}" = protocol=17 | dir=in | app=d:\grand theft auto iv\launchgtaiv.exe | "{2DB65EEE-3D2A-43AD-B85D-30B75EBA8809}" = protocol=6 | dir=in | app=d:\grand theft auto iv\launchgtaiv.exe | "{3D2E7C61-3E00-4E08-8021-F9C4CAA9F3B4}" = dir=in | app=c:\users\charlo~1\appdata\local\temp\ibtmp03e3514\component_358.decrpt | "{3E3899A4-BB09-4F84-86BB-681FA0B0E6C9}" = protocol=17 | dir=in | app=e:\eflc\launcheflc.exe | "{497CCAFD-1950-4013-AEA3-0D370E1E36CF}" = dir=in | app=c:\users\charlo~1\appdata\local\temp\ibtmp03e3514\component_622.decrpt | "{6196F774-55DF-45FE-BF84-F6526064276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E19C434F-E721-49E0-85C9-2B379450206E}" = dir=in | app=c:\users\charlo~1\appdata\local\temp\ibtmp03e3514\component_600 | "{F4967E97-36E6-4B4F-905E-B5E735534B49}" = protocol=6 | dir=in | app=e:\eflc\launcheflc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Logitech Gaming Software" = Logitech Gaming Software 8.35 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BitTorrent" = BitTorrent "Google Chrome" = Google Chrome "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "PowerPaint_is1" = PowerPaint 2.50 "VLC media player" = VLC media player 2.0.5 "Winamp" = Winamp ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/03/2013 5:54:45 a.m. | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 19.0.2.4814 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: b08 Start Time: 01ce1e3e164770a8 Termination Time: 62 Error - 15/03/2013 5:56:34 a.m. | Computer Name = Charlotte-PC | Source = EventSystem | ID = 4609 Description = Error - 26/03/2013 8:09:36 p.m. | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002 Description = The program GTAIV.exe version 1.0.7.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 414 Start Time: 01ce2a796b458b69 Termination Time: 937 Error - 29/03/2013 6:39:51 p.m. | Computer Name = Charlotte-PC | Source = System Restore | ID = 8193 Description = Error - 30/03/2013 12:54:33 a.m. | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002 Description = The program Setup.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: e04 Start Time: 01ce2d0268a5bfad Termination Time: 12761 Error - 30/03/2013 2:14:47 a.m. | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842830 Description = Activation context generation failed for "C:\Users\Charlotte\Downloads\SoftonicDownloader_for_nvidia-geforce-driver.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 30/03/2013 2:14:56 a.m. | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842830 Description = Activation context generation failed for "C:\Users\Charlotte\Downloads\SoftonicDownloader_for_nvidia-geforce-driver.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 30/03/2013 2:32:42 a.m. | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842830 Description = Activation context generation failed for "C:\Users\Charlotte\Downloads\SoftonicDownloader_for_nvidia-geforce-driver.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 30/03/2013 8:53:38 p.m. | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002 Description = The program EFLC.exe version 1.1.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 135c Start Time: 01ce2da9c6a05da8 Termination Time: 138 Error - 30/03/2013 9:55:37 p.m. | Computer Name = Charlotte-PC | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 17/01/2013 7:29:57 p.m. | Computer Name = Charlotte-PC | Source = netbt | ID = 4321 Description = The name "CHARLOTTE-PC :20" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer. Error - 17/01/2013 7:31:24 p.m. | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7026 Description = Error - 17/01/2013 7:32:25 p.m. | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7038 Description = Error - 17/01/2013 7:32:25 p.m. | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18/01/2013 7:51:57 p.m. | Computer Name = Charlotte-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{33D5947C-A9ED-4284-B347-33D37D727A8B} because another computer on the network has the same name. The server could not start. Error - 18/01/2013 7:51:57 p.m. | Computer Name = Charlotte-PC | Source = netbt | ID = 4321 Description = The name "CHARLOTTE-PC :20" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer. Error - 18/01/2013 7:51:58 p.m. | Computer Name = Charlotte-PC | Source = netbt | ID = 4321 Description = The name "CHARLOTTE-PC :0" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer. Error - 18/01/2013 7:51:58 p.m. | Computer Name = Charlotte-PC | Source = netbt | ID = 4321 Description = The name "CHARLOTTE-PC :0" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer. Error - 18/01/2013 7:52:01 p.m. | Computer Name = Charlotte-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{33D5947C-A9ED-4284-B347-33D37D727A8B} because another computer on the network has the same name. The server could not start. Error - 18/01/2013 7:52:01 p.m. | Computer Name = Charlotte-PC | Source = netbt | ID = 4321 Description = The name "CHARLOTTE-PC :20" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer. < End of report >
  7. Just did a scan on safemode with combofix here is the report. ComboFix 13-03-30.01 - Charlotte 31/03/2013 14:58:49.2.4 - x64 MINIMAL Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.64.1033.18.4094.3414 [GMT 13:00] Running from: c:\users\Charlotte\Desktop\Adware.exe AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 ))))))))))))))))))))))))))))))) . . 2013-03-31 02:04 . 2013-03-31 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-30 06:38 . 2013-03-30 09:01 513 ----a-w- c:\windows\DeleteOnReboot.bat 2013-03-30 06:28 . 2012-12-19 02:53 19632 ----a-w- c:\windows\system32\roboot64.exe 2013-03-30 06:28 . 2013-03-30 06:28 -------- d-----w- c:\programdata\Babylon 2013-03-30 05:57 . 2013-03-30 05:57 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-03-30 05:29 . 2013-03-30 06:27 -------- d-----w- c:\users\UpdatusUser 2013-03-30 05:10 . 2013-03-30 06:26 -------- d-----w- c:\programdata\NVIDIA 2013-03-30 05:04 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll 2013-03-30 05:04 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll 2013-03-30 05:04 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe 2013-03-30 05:04 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-03-30 05:04 . 2013-03-15 04:16 2555680 ----a-w- c:\windows\system32\nvsvcr.dll 2013-03-30 05:04 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-03-30 05:04 . 2013-03-30 05:04 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-03-29 22:03 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D1A3052-ED6B-4A51-90D7-591670380B26}\mpengine.dll 2013-03-21 00:05 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-16 05:20 . 2013-03-26 07:35 -------- d-----w- c:\users\Charlotte\AppData\Roaming\Skype 2013-03-16 05:19 . 2013-03-16 05:20 -------- d-----r- c:\program files (x86)\Skype 2013-03-16 05:19 . 2013-03-16 05:19 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-03-16 05:19 . 2013-03-17 00:50 -------- d-----w- c:\programdata\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 05:53 . 2012-10-29 07:56 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-03-15 05:53 . 2012-10-29 07:56 26956576 ----a-w- c:\windows\system32\nvoglv64.dll 2013-03-15 05:53 . 2012-10-29 07:56 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-03-15 05:53 . 2012-10-29 07:55 2864144 ----a-w- c:\windows\system32\nvapi64.dll 2013-03-15 05:53 . 2012-10-29 07:55 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-03-13 10:45 . 2012-12-08 08:55 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 10:45 . 2012-12-08 08:55 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-16 12:28 . 2012-10-29 23:31 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:37 . 2013-02-13 02:01 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-04 11:31 . 2013-02-13 02:01 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-04 01:59 . 2013-02-13 02:01 2773504 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-13 356376] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="d:\malware\mbar-1.01.0.1022-1\mbar\mbar.exe" [2013-03-21 1363016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-28 22:18 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-08 10:45] . 2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 08:03] . 2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 08:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=446500248C15395C mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\8r0faw4i.default\ FF - prefs.js: browser.search.selectedEngine - Hola Search FF - prefs.js: browser.startup.homepage - hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=446500248C15395C FF - ExtSQL: 2013-03-16 18:20; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . - - - - ORPHANS REMOVED - - - - . SafeBoot-75946667.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3261221056-2756048321-2121388272-1000\Software\SecuROM\License information*] "datasecu"=hex:f4,f6,36,4c,01,d9,f5,0e,03,f5,95,d3,a6,9e,fe,db,fa,78,e6,c8,e7, 9d,3a,18,2a,5a,8c,7c,4b,78,23,ec,3a,73,b3,47,f4,16,84,df,62,8f,65,d8,8a,3b,\ "rkeysecu"=hex:45,37,63,ca,03,79,64,ae,e2,84,8f,85,91,16,3d,97 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2013-03-31 15:06:13 ComboFix-quarantined-files.txt 2013-03-31 02:06 ComboFix2.txt 2013-03-30 23:49 . Pre-Run: 14,016,499,712 bytes free Post-Run: 13,736,570,880 bytes free .
  8. Hey just did a scan with the other 2 programs here is the log for the first one. But I couldn't find the log for the malwarebytes one I looked in c/floder like I did with the other one but it wasn't there. Both scaners picked nothing up. 12:56:11.0675 2456 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 12:56:12.0689 2456 ============================================================ 12:56:12.0689 2456 Current date / time: 2013/03/31 12:56:12.0689 12:56:12.0689 2456 SystemInfo: 12:56:12.0689 2456 12:56:12.0689 2456 OS Version: 6.0.6002 ServicePack: 2.0 12:56:12.0689 2456 Product type: Workstation 12:56:12.0689 2456 ComputerName: CHARLOTTE-PC 12:56:12.0689 2456 UserName: Charlotte 12:56:12.0689 2456 Windows directory: C:\Windows 12:56:12.0689 2456 System windows directory: C:\Windows 12:56:12.0689 2456 Running under WOW64 12:56:12.0689 2456 Processor architecture: Intel x64 12:56:12.0689 2456 Number of processors: 4 12:56:12.0689 2456 Page size: 0x1000 12:56:12.0689 2456 Boot type: Normal boot 12:56:12.0689 2456 ============================================================ 12:56:13.0672 2456 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:56:13.0688 2456 ============================================================ 12:56:13.0688 2456 \Device\Harddisk0\DR0: 12:56:13.0688 2456 MBR partitions: 12:56:13.0688 2456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC126240 12:56:13.0703 2456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC1262BE, BlocksNum 0x127279C2 12:56:13.0719 2456 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E84DCBF, BlocksNum 0x1BB36F82 12:56:13.0719 2456 ============================================================ 12:56:13.0735 2456 C: <-> \Device\Harddisk0\DR0\Partition1 12:56:13.0797 2456 D: <-> \Device\Harddisk0\DR0\Partition2 12:56:13.0828 2456 E: <-> \Device\Harddisk0\DR0\Partition3 12:56:13.0828 2456 ============================================================ 12:56:13.0828 2456 Initialize success 12:56:13.0828 2456 ============================================================ 12:57:37.0678 2564 Deinitialize success
  9. Got the combo fix to work had to change the name after reading comments on the download paging saying to do this for vista users. Just ran a full scan and heres the report here. The program however didn't fix my problem and I still have the annoying hola search page. Here is the log from the combo fix I am going to run these next programs and will get back on a report on that, thanks. ComboFix 13-03-30.01 - Charlotte 31/03/2013 12:39:25.1.4 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.64.1033.18.4094.2838 [GMT 13:00] Running from: c:\users\Charlotte\Downloads\Adware.exe.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . D:\setup.exe E:\install.exe E:\setup.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 ))))))))))))))))))))))))))))))) . . 2013-03-30 23:46 . 2013-03-30 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-30 06:38 . 2013-03-30 09:01 513 ----a-w- c:\windows\DeleteOnReboot.bat 2013-03-30 06:28 . 2012-12-19 02:53 19632 ----a-w- c:\windows\system32\roboot64.exe 2013-03-30 06:28 . 2013-03-30 06:28 -------- d-----w- c:\programdata\Babylon 2013-03-30 05:57 . 2013-03-30 05:57 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-03-30 05:29 . 2013-03-30 06:27 -------- d-----w- c:\users\UpdatusUser 2013-03-30 05:10 . 2013-03-30 06:26 -------- d-----w- c:\programdata\NVIDIA 2013-03-30 05:04 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll 2013-03-30 05:04 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll 2013-03-30 05:04 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe 2013-03-30 05:04 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-03-30 05:04 . 2013-03-15 04:16 2555680 ----a-w- c:\windows\system32\nvsvcr.dll 2013-03-30 05:04 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-03-30 05:04 . 2013-03-30 05:04 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-03-29 22:03 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D1A3052-ED6B-4A51-90D7-591670380B26}\mpengine.dll 2013-03-21 00:05 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-16 05:20 . 2013-03-26 07:35 -------- d-----w- c:\users\Charlotte\AppData\Roaming\Skype 2013-03-16 05:19 . 2013-03-16 05:20 -------- d-----r- c:\program files (x86)\Skype 2013-03-16 05:19 . 2013-03-16 05:19 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-03-16 05:19 . 2013-03-17 00:50 -------- d-----w- c:\programdata\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 05:53 . 2012-10-29 07:56 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-03-15 05:53 . 2012-10-29 07:56 26956576 ----a-w- c:\windows\system32\nvoglv64.dll 2013-03-15 05:53 . 2012-10-29 07:56 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-03-15 05:53 . 2012-10-29 07:55 2864144 ----a-w- c:\windows\system32\nvapi64.dll 2013-03-15 05:53 . 2012-10-29 07:55 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-03-13 10:45 . 2012-12-08 08:55 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 10:45 . 2012-12-08 08:55 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-16 12:28 . 2012-10-29 23:31 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:37 . 2013-02-13 02:01 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-04 11:31 . 2013-02-13 02:01 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-04 01:59 . 2013-02-13 02:01 2773504 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-13 356376] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-28 22:18 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-08 10:45] . 2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 08:03] . 2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 08:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=446500248C15395C mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\8r0faw4i.default\ FF - prefs.js: browser.search.selectedEngine - Hola Search FF - prefs.js: browser.startup.homepage - hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=446500248C15395C FF - ExtSQL: 2013-03-16 18:20; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-RGSC - d:\rockstar games social club\RGSCLauncher.exe SafeBoot-WudfPf SafeBoot-WudfRd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3261221056-2756048321-2121388272-1000\Software\SecuROM\License information*] "datasecu"=hex:40,80,61,1e,03,95,55,5a,5e,8d,fa,2c,d1,19,75,f5,60,a1,77,0c,e4, 97,43,fb,60,80,21,f0,07,c9,15,2f,48,0b,47,ae,2c,00,aa,87,f7,be,b6,6a,95,c8,\ "rkeysecu"=hex:9c,53,9f,95,93,aa,25,9e,e3,ba,31,06,4e,ce,34,83 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2013-03-31 12:49:20 ComboFix-quarantined-files.txt 2013-03-30 23:49 . Pre-Run: 9,038,573,568 bytes free Post-Run: 9,906,360,320 bytes free . - - End Of File - - 0F5A6C816E03B4ABF29E1622411742C7
  10. I couldn't get the combofix to run on my computer it just doesn't work at all.
  11. Report from Rogue Killer RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Charlotte [Admin rights] Mode : Remove -- Date : 03/31/2013 11:22:24 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT -> D:\Users\Default User\NTUSER.DAT -> D:\Users\Paul\NTUSER.DAT -> D:\Users\Public\NTUSER.DAT -> D:\Users\UpdatusUser\NTUSER.DAT -> D:\Documents and Settings\Default\NTUSER.DAT -> D:\Documents and Settings\Default User\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++ --- User --- [MBR] 193262e4250fecf99e87e44e4c2e6229 [bSP] 5fed20bce8bba78ae5e61a3695dc26a7 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 98892 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 202531455 | Size: 378045 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_03312013_02d1122.txt >> RKreport[1]_S_03312013_02d1121.txt ; RKreport[2]_D_03312013_02d1122.txt Both programs failed to remove the Holasearch.com Even though the Rogue Killer did pick up 2 things and I deleted them I am still stuck with this stupid holasearch.com PS I have done a full scan on malwarebytes and it has failed to delete it.
  12. This is the report from the security check. Results of screen317's Security Check version 0.99.61 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Adobe Flash Player 11.6.602.180 Mozilla Firefox (19.0.2) Google Chrome 25.0.1364.172 Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MSASCui.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 11 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` This is the report from DDS . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 29/10/2012 7:18:44 p.m. System Uptime: 30/03/2013 7:40:16 p.m. (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5QL PRO Processor: Intel® Core2 Quad CPU Q6700 @ 2.66GHz | LGA775 | 1603/266mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 97 GiB total, 5.067 GiB free. D: is FIXED (NTFS) - 148 GiB total, 28.97 GiB free. E: is FIXED (NTFS) - 222 GiB total, 60.746 GiB free. F: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP221: 30/03/2013 6:56:34 p.m. - Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers RP222: 30/03/2013 6:57:52 p.m. - Device Driver Package Install: NVIDIA Universal Serial Bus controllers RP223: 30/03/2013 7:23:27 p.m. - Device Driver Package Install: NVIDIA Display adapters RP224: 30/03/2013 7:26:16 p.m. - Device Driver Package Install: NVIDIA Universal Serial Bus controllers RP225: 30/03/2013 7:26:52 p.m. - Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver BitTorrent EPU-4 Engine Google Chrome Google Update Helper Grand Theft Auto IV Grand Theft Auto: Episodes From Liberty City Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Kaspersky Internet Security 2013 Logitech Gaming Software Logitech Gaming Software 8.35 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service NVIDIA 3D Vision Controller Driver 314.22 NVIDIA Control Panel 314.22 NVIDIA Graphics Driver 314.22 NVIDIA HD Audio Driver 1.3.23.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Update 1.12.12 NVIDIA Update Components Paint.NET v3.5.10 PowerPaint 2.50 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skype Click to Call Skype™ 6.3 System Requirements Lab Detection Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.5 Winamp Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 30/03/2013 7:42:17 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 30/03/2013 6:56:15 p.m., Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 30/03/2013 5:53:50 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 30/03/2013 5:53:50 p.m., Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 30/03/2013 5:53:20 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 23/03/2013 6:46:24 a.m., Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. 23/03/2013 12:22:30 p.m., Error: EventLog [6008] - The previous system shutdown at 12:20:11 p.m. on 23/03/2013 was unexpected. .
  13. While downloading drivers for my computer I somehow accidently downloaded this stupid holasearch malware and now my homepage is stuck on holasearch.com and I can't get rid of it.
  14. After downloading drivers for my computer I've somehow downloaded malware and now my home page is stuck on this stupid site called holasearch.com and I can't seem to get rid of it.
  15. Wow thank you so much after running the adwcleaner it has deleted the babylon search it says so in the log here and is gone from my home page plus my anti virus is now running. here is the log from adwcleaner where it says babylon got deleted. ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\BitTorrentControl_v12 Deleted on reboot : C:\Program Files (x86)\Conduit Deleted on reboot : C:\ProgramData\Babylon Deleted on reboot : C:\Users\Charlotte\AppData\Local\Conduit Deleted on reboot : C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Deleted on reboot : C:\Users\Charlotte\AppData\LocalLow\BitTorrentControl_v12 Deleted on reboot : C:\Users\Charlotte\AppData\LocalLow\Conduit Deleted on reboot : C:\Users\Charlotte\AppData\Roaming\Babylon File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentControl_v12 Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BitTorrentControl_v12 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF3A6CB-DBFF-4832-BE7B-C1193D72C960} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3321E8B1-B943-4207-8F33-582B9BED3246} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=116987&tt=5012_3&babsrc=HP_ss&mntrId=4465654500000000000000248c15395c --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (en-US) Profile name : default File : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\8r0faw4i.default\prefs.js Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=116987&tt=5012_3&babsrc=NT_ss&mntr[...] Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=116987&tt=5012_3&babsrc=HP_s[...] -\\ Google Chrome v23.0.1271.97 File : C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=116987&tt=5012_3&babsrc=HP_ss&mntrId=44656545000[...] Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=116987&tt=5012_3&babsrc=H[...] Deleted [l.36] : icon_url = "hxxp://www.babylon.com/favicon.ico", Deleted [l.39] : keyword = "babylon.com", Deleted [l.42] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=116987&tt=5012_3&babsrc=SP_ss&[...] Deleted [l.1746] : homepage = "hxxp://search.babylon.com/?affID=116987&tt=5012_3&babsrc=HP_ss&mntrId=44656545000000[...] Deleted [l.2451] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=116987&tt=5012_3&babsrc=HP_s[...] ************************* AdwCleaner[R1].txt - [6119 octets] - [21/12/2012 16:39:35] AdwCleaner[s1].txt - [5926 octets] - [21/12/2012 16:40:59] ########## EOF - C:\AdwCleaner[s1].txt - [5986 octets] ##########