TechSpot

PC freezes and crashes - Possible virus

By Jackiesp
Feb 22, 2013
  1. Jackiesp

    Jackiesp TS Rookie Topic Starter Posts: 48

    OTL logfile created on: 25/02/2013 14:45:55 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    511.48 Mb Total Physical Memory | 322.63 Mb Available Physical Memory | 63.08% Memory free
    1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.33% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.88 Gb Total Space | 49.58 Gb Free Space | 33.76% Space Free | Partition Type: NTFS

    Computer Name: MAX | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/25 14:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    PRC - [2013/02/24 13:39:52 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/02/24 13:39:08 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2013/02/24 13:39:07 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2013/02/24 13:39:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2013/02/24 13:39:01 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/02/08 15:11:04 | 000,300,480 | ---- | M] (Abine Inc.) -- C:\Program Files\Ask.com\AbineSDK\IE\DNTPService.exe
    PRC - [2013/02/08 15:10:08 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2012/11/01 15:56:41 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2011/11/02 01:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/24 13:39:59 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2013/02/08 15:11:04 | 000,245,696 | ---- | M] () -- C:\Program Files\Ask.com\AbineSDK\IE\DNTPButton.dll
    MOD - [2013/02/08 15:11:04 | 000,051,136 | ---- | M] () -- C:\Program Files\Ask.com\AbineSDK\IE\DNTPServicePS.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/02/24 13:39:52 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/02/24 13:39:08 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
    SRV - [2013/02/24 13:39:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/02/08 13:52:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/01 15:56:41 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/06/19 17:53:47 | 000,126,976 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
    SRV - [2009/12/23 21:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2005/02/24 16:23:12 | 000,139,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV - [2005/02/24 16:20:02 | 000,131,133 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
    SRV - [2005/02/24 16:19:36 | 000,057,409 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
    SRV - [2004/11/30 09:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aasud3po)
    DRV - [2013/02/24 13:40:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2013/02/24 13:40:24 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2013/02/24 13:40:24 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2013/02/24 13:40:23 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/09/13 12:57:40 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2010/06/12 18:49:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/06/12 18:33:40 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi)
    DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2007/04/26 06:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
    DRV - [2007/04/23 12:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt)
    DRV - [2007/04/23 12:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
    DRV - [2007/04/23 12:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
    DRV - [2007/04/23 12:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
    DRV - [2007/04/23 12:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus)
    DRV - [2005/02/24 16:04:58 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/02/24 16:04:56 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/02/11 17:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
    DRV - [2005/02/11 17:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=en_GB
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?q={s...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enGB387
    IE - HKCU\..\SearchScopes\{A6044018-9168-4753-9B48-6DD88D7AE338}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=986A356C-EA00-4B6D-9D7A-2F64381222F8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Max\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/10/30 11:38:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012/03/28 22:45:03 | 000,102,423 | ---- | M] ()

    [2012/03/20 17:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions
    [2012/03/20 17:31:49 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
    [2012/01/12 08:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/07/12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    ========== Chrome ==========

    CHR - homepage: http://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=en_GB
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
    CHR - plugin: registryAccess (Enabled) = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.18.0_0\background/registryAccess.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Max\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
    CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Avira Toolbar = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.18.38078_0\
    CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
    CHR - Extension: FBPHOTOZOOM = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0\
    CHR - Extension: DVDVideoSoft Browser Extension = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\

    O1 HOSTS File: ([2013/02/18 19:52:31 | 000,000,191 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 alcohol-soft.com
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
    O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
    O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1351086641375 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Max\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Max\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/12 14:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
  2. Jackiesp

    Jackiesp TS Rookie Topic Starter Posts: 48

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/25 14:44:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2013/02/25 11:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\JavaRa
    [2013/02/25 00:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2013/02/25 00:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/02/24 13:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\DoNotTrackPlus
    [2013/02/24 13:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\CallingID
    [2013/02/24 13:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\AskToolbar
    [2013/02/24 13:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\Avira
    [2013/02/24 13:51:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2013/02/24 13:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2013/02/24 13:42:45 | 000,000,000 | ---D | C] -- C:\Firefox
    [2013/02/24 13:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    [2013/02/24 13:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\AskToolbar
    [2013/02/24 13:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\APN
    [2013/02/24 13:42:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2013/02/24 13:42:09 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2013/02/24 13:42:09 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2013/02/24 13:42:09 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
    [2013/02/24 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2013/02/24 13:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2013/02/24 13:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [2013/02/24 13:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/02/24 13:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/02/24 13:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\Avg2013
    [2013/02/24 01:17:05 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\avg_remover_stf_x86_2012_2125.exe
    [2013/02/24 01:07:00 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\avg_remover_stf_x86_2013_2706.exe
    [2013/02/23 22:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2013/02/23 21:40:19 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2013/02/23 21:40:18 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2013/02/23 21:40:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2013/02/23 21:40:17 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2013/02/23 21:40:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2013/02/23 21:40:13 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2013/02/23 21:40:09 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2013/02/23 21:40:09 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2013/02/23 21:40:07 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2013/02/23 21:40:06 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2013/02/23 21:40:06 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2013/02/23 21:29:13 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
    [2013/02/23 21:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
    [2013/02/23 21:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
    [2013/02/22 01:20:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2013/02/20 18:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\Natasha's Documents
    [2013/02/20 13:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\Downloaded Installations
    [2013/02/20 13:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\Natasha Blackberry Dump
    [2013/02/20 13:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\Max Blackberry Dump
    [2013/02/18 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\Unity
    [2013/02/18 11:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\Unity
    [2013/02/17 10:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    [2013/02/17 10:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
    [2013/02/17 10:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
    [2013/01/31 16:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
    [2006/06/16 19:31:04 | 006,003,072 | ---- | C] (Alcohol Soft) -- C:\Documents and Settings\Max\Application Data\a120_195_4212_retail.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/02/25 14:49:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/25 14:47:02 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/02/25 14:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2013/02/25 13:58:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/25 12:06:41 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Free YouTube Download.lnk
    [2013/02/25 11:09:00 | 000,143,072 | ---- | M] () -- C:\Documents and Settings\Max\My Documents\JavaRa-2.1.zip
    [2013/02/25 08:09:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/25 08:09:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/25 00:46:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2013/02/24 22:57:24 | 000,881,935 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\SecurityCheck.exe
    [2013/02/24 22:50:50 | 002,180,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/24 16:28:17 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/24 13:43:06 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
    [2013/02/24 13:40:25 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2013/02/24 13:40:24 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2013/02/24 13:40:24 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
    [2013/02/24 13:40:23 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2013/02/24 13:29:25 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/02/24 13:26:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/02/24 13:19:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/02/24 12:33:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/02/24 01:17:09 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\avg_remover_stf_x86_2012_2125.exe
    [2013/02/24 01:07:03 | 002,586,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\avg_remover_stf_x86_2013_2706.exe
    [2013/02/23 22:01:34 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
    [2013/02/23 21:59:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2013/02/23 21:59:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2013/02/23 21:56:53 | 000,473,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/23 21:56:53 | 000,076,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/23 21:27:57 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2013/02/20 20:56:37 | 000,001,943 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Free Video to MP3 Converter.lnk
    [2013/02/20 18:20:59 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Shortcut to Natasha's Documents.lnk
    [2013/02/20 18:20:45 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Shortcut to Jackie's Documents.lnk
    [2013/02/18 21:22:47 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Max\My Documents\ax_files.xml
    [2013/02/17 10:11:06 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2013/02/17 10:07:11 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Free YouTube to MP3 Converter.lnk
    [2013/02/14 18:09:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/13 15:14:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/31 16:54:23 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job

    ========== Files Created - No Company Name ==========

    [2013/02/25 12:06:41 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Free YouTube Download.lnk
    [2013/02/25 11:08:57 | 000,143,072 | ---- | C] () -- C:\Documents and Settings\Max\My Documents\JavaRa-2.1.zip
    [2013/02/25 00:46:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2013/02/24 22:57:23 | 000,881,935 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\SecurityCheck.exe
    [2013/02/24 13:43:05 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
    [2013/02/24 13:42:56 | 000,000,230 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/02/24 13:19:47 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/02/24 13:19:47 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/02/23 21:27:57 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2013/02/20 20:56:37 | 000,001,943 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Free Video to MP3 Converter.lnk
    [2013/02/20 18:20:59 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Shortcut to Natasha's Documents.lnk
    [2013/02/20 18:20:45 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Shortcut to Jackie's Documents.lnk
    [2013/02/17 10:11:06 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2013/02/17 10:07:11 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Free YouTube to MP3 Converter.lnk
    [2013/01/31 16:54:22 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job
    [2012/10/16 03:22:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\dt.dat
    [2012/06/05 13:56:20 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EFXP.INI
    [2012/02/16 01:41:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/22 03:54:09 | 001,746,870 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-1547161642-839522115-1004-0.dat
    [2012/01/22 03:54:06 | 000,335,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/06/19 17:53:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
    [2011/06/19 17:53:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
    [2011/05/10 00:15:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2011/05/10 00:15:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2011/03/06 08:17:20 | 000,000,423 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2011/03/03 04:27:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2010/12/27 01:06:23 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Max\default.pls
    [2010/12/25 23:53:44 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Max\pool.bin
    [2010/10/04 22:38:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\rx_image32.Cache
    [2010/09/13 12:59:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2010/07/02 17:42:52 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Max\Application Data\Cricket2009.exe.lock
    [2010/06/13 16:43:37 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2012/11/04 11:18:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/02/24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/11/03 14:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
    [2013/01/31 16:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
    [2012/11/03 10:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/01/25 21:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/03/24 10:26:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2013/02/14 19:22:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/03/15 08:09:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/10/11 10:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/09/14 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2012/10/30 11:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
    [2013/02/24 12:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/08/11 20:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2010/07/04 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
    [2012/08/22 17:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/12/26 21:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/07/04 02:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/06/13 23:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2013/02/18 00:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/07/04 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2010/06/12 20:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/11/03 13:56:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2013/02/24 13:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AskToolbar
    [2012/11/03 15:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AVG
    [2012/10/16 01:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AVG2012
    [2012/04/08 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\BitComet
    [2011/10/29 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Blackberry Desktop
    [2013/02/25 14:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\CallingID
    [2013/02/14 19:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Canon
    [2013/02/25 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoft
    [2013/02/17 10:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoftIEHelpers
    [2010/09/14 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Flood Light Games
    [2010/07/16 20:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\HandBrake
    [2011/06/19 14:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\MysteryStudio
    [2010/12/30 22:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Research In Motion
    [2011/03/06 08:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Samsung
    [2010/07/04 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Simple Star
    [2012/11/03 10:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\TuneUp Software
    [2011/05/29 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Ubisoft
    [2013/02/18 11:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Unity
    [2013/02/25 01:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\uTorrent

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    < End of report >
     
  3. Jackiesp

    Jackiesp TS Rookie Topic Starter Posts: 48

    I must admit I do not know what Java and do not use it for a specific purpose. I thought it was a program that helps displays things on webpages
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    It can be, but it's not necessary. Don't bother updating it. We'll banish it completely...

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Locat0.ed at C:\_OTL\Moved Files)
     
  5. Jackiesp

    Jackiesp TS Rookie Topic Starter Posts: 48

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
    C:\WINDOWS\system32\npDeployJava1.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2\ deleted successfully.
    Service JavaQuickStarterService stopped successfully!
    Service JavaQuickStarterService deleted successfully!
    C:\Program Files\Java\jre7\bin\jqs.exe moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Max\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Max\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Max
    ->Temp folder emptied: 17940448 bytes
    ->Temporary Internet Files folder emptied: 568934294 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 7615472 bytes
    ->Flash cache emptied: 1233 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 40171132 bytes

    Total Files Cleaned = 605.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02252013_234923
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Topic marked solved. √
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...