TechSpot

PC freezes and crashes - Possible virus

Solved
By Jackiesp
Feb 22, 2013
  1. Jackiesp

    Jackiesp TS Rookie Topic Starter Posts: 48

    OTL logfile created on: 25/02/2013 14:45:55 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    511.48 Mb Total Physical Memory | 322.63 Mb Available Physical Memory | 63.08% Memory free
    1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.33% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.88 Gb Total Space | 49.58 Gb Free Space | 33.76% Space Free | Partition Type: NTFS

    Computer Name: MAX | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/25 14:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    PRC - [2013/02/24 13:39:52 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/02/24 13:39:08 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2013/02/24 13:39:07 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2013/02/24 13:39:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2013/02/24 13:39:01 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/02/08 15:11:04 | 000,300,480 | ---- | M] (Abine Inc.) -- C:\Program Files\Ask.com\AbineSDK\IE\DNTPService.exe
    PRC - [2013/02/08 15:10:08 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2012/11/01 15:56:41 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2011/11/02 01:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/24 13:39:59 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2013/02/08 15:11:04 | 000,245,696 | ---- | M] () -- C:\Program Files\Ask.com\AbineSDK\IE\DNTPButton.dll
    MOD - [2013/02/08 15:11:04 | 000,051,136 | ---- | M] () -- C:\Program Files\Ask.com\AbineSDK\IE\DNTPServicePS.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/02/24 13:39:52 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/02/24 13:39:08 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
    SRV - [2013/02/24 13:39:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/02/08 13:52:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/01 15:56:41 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/06/19 17:53:47 | 000,126,976 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
    SRV - [2009/12/23 21:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2005/02/24 16:23:12 | 000,139,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV - [2005/02/24 16:20:02 | 000,131,133 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
    SRV - [2005/02/24 16:19:36 | 000,057,409 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
    SRV - [2004/11/30 09:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aasud3po)
    DRV - [2013/02/24 13:40:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2013/02/24 13:40:24 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2013/02/24 13:40:24 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2013/02/24 13:40:23 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/09/13 12:57:40 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2010/06/12 18:49:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/06/12 18:33:40 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi)
    DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2007/04/26 06:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
    DRV - [2007/04/23 12:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt)
    DRV - [2007/04/23 12:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
    DRV - [2007/04/23 12:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
    DRV - [2007/04/23 12:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
    DRV - [2007/04/23 12:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus)
    DRV - [2005/02/24 16:04:58 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/02/24 16:04:56 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/02/11 17:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
    DRV - [2005/02/11 17:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=en_GB
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?q={s...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enGB387
    IE - HKCU\..\SearchScopes\{A6044018-9168-4753-9B48-6DD88D7AE338}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=986A356C-EA00-4B6D-9D7A-2F64381222F8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Max\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/10/30 11:38:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012/03/28 22:45:03 | 000,102,423 | ---- | M] ()

    [2012/03/20 17:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions
    [2012/03/20 17:31:49 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
    [2012/01/12 08:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/07/12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    ========== Chrome ==========

    CHR - homepage: http://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=en_GB
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
    CHR - plugin: registryAccess (Enabled) = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.18.0_0\background/registryAccess.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Max\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
    CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Avira Toolbar = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.18.38078_0\
    CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
    CHR - Extension: FBPHOTOZOOM = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0\
    CHR - Extension: DVDVideoSoft Browser Extension = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\

    O1 HOSTS File: ([2013/02/18 19:52:31 | 000,000,191 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 alcohol-soft.com
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
    O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
    O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1351086641375 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Max\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Max\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/12 14:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
  2. Jackiesp

    Jackiesp TS Rookie Topic Starter Posts: 48

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/25 14:44:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2013/02/25 11:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\JavaRa
    [2013/02/25 00:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2013/02/25 00:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/02/24 13:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\DoNotTrackPlus
    [2013/02/24 13:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\CallingID
    [2013/02/24 13:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\AskToolbar
    [2013/02/24 13:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\Avira
    [2013/02/24 13:51:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2013/02/24 13:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2013/02/24 13:42:45 | 000,000,000 | ---D | C] -- C:\Firefox
    [2013/02/24 13:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    [2013/02/24 13:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\AskToolbar
    [2013/02/24 13:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\APN
    [2013/02/24 13:42:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2013/02/24 13:42:09 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2013/02/24 13:42:09 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2013/02/24 13:42:09 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
    [2013/02/24 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2013/02/24 13:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2013/02/24 13:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [2013/02/24 13:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/02/24 13:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/02/24 13:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\Avg2013
    [2013/02/24 01:17:05 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\avg_remover_stf_x86_2012_2125.exe
    [2013/02/24 01:07:00 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\avg_remover_stf_x86_2013_2706.exe
    [2013/02/23 22:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2013/02/23 21:40:19 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2013/02/23 21:40:18 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2013/02/23 21:40:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2013/02/23 21:40:17 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2013/02/23 21:40:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2013/02/23 21:40:13 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2013/02/23 21:40:09 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2013/02/23 21:40:09 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2013/02/23 21:40:07 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2013/02/23 21:40:06 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2013/02/23 21:40:06 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2013/02/23 21:29:13 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
    [2013/02/23 21:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
    [2013/02/23 21:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
    [2013/02/22 01:20:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2013/02/20 18:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\Natasha's Documents
    [2013/02/20 13:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\Downloaded Installations
    [2013/02/20 13:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\Natasha Blackberry Dump
    [2013/02/20 13:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\Max Blackberry Dump
    [2013/02/18 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\Unity
    [2013/02/18 11:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Local Settings\Application Data\Unity
    [2013/02/17 10:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    [2013/02/17 10:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
    [2013/02/17 10:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
    [2013/01/31 16:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
    [2006/06/16 19:31:04 | 006,003,072 | ---- | C] (Alcohol Soft) -- C:\Documents and Settings\Max\Application Data\a120_195_4212_retail.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/02/25 14:49:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/25 14:47:02 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/02/25 14:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2013/02/25 13:58:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/25 12:06:41 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Free YouTube Download.lnk
    [2013/02/25 11:09:00 | 000,143,072 | ---- | M] () -- C:\Documents and Settings\Max\My Documents\JavaRa-2.1.zip
    [2013/02/25 08:09:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/25 08:09:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/25 00:46:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2013/02/24 22:57:24 | 000,881,935 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\SecurityCheck.exe
    [2013/02/24 22:50:50 | 002,180,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/24 16:28:17 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/24 13:43:06 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
    [2013/02/24 13:40:25 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2013/02/24 13:40:24 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2013/02/24 13:40:24 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
    [2013/02/24 13:40:23 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2013/02/24 13:29:25 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/02/24 13:26:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/02/24 13:19:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/02/24 12:33:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/02/24 01:17:09 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\avg_remover_stf_x86_2012_2125.exe
    [2013/02/24 01:07:03 | 002,586,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\avg_remover_stf_x86_2013_2706.exe
    [2013/02/23 22:01:34 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
    [2013/02/23 21:59:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2013/02/23 21:59:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2013/02/23 21:56:53 | 000,473,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/23 21:56:53 | 000,076,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/23 21:27:57 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2013/02/20 20:56:37 | 000,001,943 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Free Video to MP3 Converter.lnk
    [2013/02/20 18:20:59 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Shortcut to Natasha's Documents.lnk
    [2013/02/20 18:20:45 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Shortcut to Jackie's Documents.lnk
    [2013/02/18 21:22:47 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Max\My Documents\ax_files.xml
    [2013/02/17 10:11:06 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2013/02/17 10:07:11 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Free YouTube to MP3 Converter.lnk
    [2013/02/14 18:09:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/13 15:14:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/31 16:54:23 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job

    ========== Files Created - No Company Name ==========

    [2013/02/25 12:06:41 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Free YouTube Download.lnk
    [2013/02/25 11:08:57 | 000,143,072 | ---- | C] () -- C:\Documents and Settings\Max\My Documents\JavaRa-2.1.zip
    [2013/02/25 00:46:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2013/02/24 22:57:23 | 000,881,935 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\SecurityCheck.exe
    [2013/02/24 13:43:05 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
    [2013/02/24 13:42:56 | 000,000,230 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/02/24 13:19:47 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/02/24 13:19:47 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/02/23 21:27:57 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2013/02/20 20:56:37 | 000,001,943 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Free Video to MP3 Converter.lnk
    [2013/02/20 18:20:59 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Shortcut to Natasha's Documents.lnk
    [2013/02/20 18:20:45 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Shortcut to Jackie's Documents.lnk
    [2013/02/17 10:11:06 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2013/02/17 10:07:11 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Free YouTube to MP3 Converter.lnk
    [2013/01/31 16:54:22 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job
    [2012/10/16 03:22:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\dt.dat
    [2012/06/05 13:56:20 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EFXP.INI
    [2012/02/16 01:41:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/22 03:54:09 | 001,746,870 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-1547161642-839522115-1004-0.dat
    [2012/01/22 03:54:06 | 000,335,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/06/19 17:53:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
    [2011/06/19 17:53:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
    [2011/05/10 00:15:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2011/05/10 00:15:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2011/03/06 08:17:20 | 000,000,423 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2011/03/03 04:27:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2010/12/27 01:06:23 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Max\default.pls
    [2010/12/25 23:53:44 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Max\pool.bin
    [2010/10/04 22:38:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\rx_image32.Cache
    [2010/09/13 12:59:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2010/07/02 17:42:52 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Max\Application Data\Cricket2009.exe.lock
    [2010/06/13 16:43:37 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2012/11/04 11:18:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/02/24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/11/03 14:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
    [2013/01/31 16:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
    [2012/11/03 10:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/01/25 21:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/03/24 10:26:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2013/02/14 19:22:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/03/15 08:09:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/10/11 10:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/09/14 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2012/10/30 11:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
    [2013/02/24 12:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/08/11 20:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2010/07/04 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
    [2012/08/22 17:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/12/26 21:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/07/04 02:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/06/13 23:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2013/02/18 00:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/07/04 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2010/06/12 20:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/11/03 13:56:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2013/02/24 13:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AskToolbar
    [2012/11/03 15:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AVG
    [2012/10/16 01:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AVG2012
    [2012/04/08 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\BitComet
    [2011/10/29 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Blackberry Desktop
    [2013/02/25 14:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\CallingID
    [2013/02/14 19:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Canon
    [2013/02/25 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoft
    [2013/02/17 10:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoftIEHelpers
    [2010/09/14 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Flood Light Games
    [2010/07/16 20:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\HandBrake
    [2011/06/19 14:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\MysteryStudio
    [2010/12/30 22:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Research In Motion
    [2011/03/06 08:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Samsung
    [2010/07/04 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Simple Star
    [2012/11/03 10:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\TuneUp Software
    [2011/05/29 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Ubisoft
    [2013/02/18 11:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Unity
    [2013/02/25 01:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\uTorrent

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    < End of report >
     
  3. Jackiesp

    Jackiesp TS Rookie Topic Starter Posts: 48

    I must admit I do not know what Java and do not use it for a specific purpose. I thought it was a program that helps displays things on webpages
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It can be, but it's not necessary. Don't bother updating it. We'll banish it completely...

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Locat0.ed at C:\_OTL\Moved Files)
     
  5. Jackiesp

    Jackiesp TS Rookie Topic Starter Posts: 48

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
    C:\WINDOWS\system32\npDeployJava1.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2\ deleted successfully.
    Service JavaQuickStarterService stopped successfully!
    Service JavaQuickStarterService deleted successfully!
    C:\Program Files\Java\jre7\bin\jqs.exe moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Max\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Max\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Max
    ->Temp folder emptied: 17940448 bytes
    ->Temporary Internet Files folder emptied: 568934294 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 7615472 bytes
    ->Flash cache emptied: 1233 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 40171132 bytes

    Total Files Cleaned = 605.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02252013_234923
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Topic marked solved. √
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.