:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{4316210F-B527-4A1B-B8EA-2B01152133CC}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2405280 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A210C2A0-CA9D-404A-B197-A828901A9F11} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109980&babsrc=HP_ss&mntrId=1a2837c600000000000000216b457b8c IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=1a2837c600000000000000216b457b8c IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=15158&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UG&apn_dtid=YYYYYYYYPL&apn_uid=8E60609E-F922-4977-A0A5-655BDE991E08&apn_sauid=5B115DD7-C2BE-473B-9F94-F9914E939413 IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\SearchScopes\{4316210F-B527-4A1B-B8EA-2B01152133CC}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSEA_pl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=mKNf71ympCGAI7ND73WQx9vy16k?q={searchTerms} IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2405280 IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A210C2A0-CA9D-404A-B197-A828901A9F11} IE - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found [2012-02-19 16:05:10 | 000,003,915 | ---- | M] () -- C:\Users\Kiciucha\AppData\Roaming\Mozilla\Firefox\Profiles\olf09tab.default\searchplugins\SweetIM Search.xml [2012-02-19 16:05:02 | 000,003,915 | ---- | M] () -- C:\Users\Kiciucha\AppData\Roaming\Mozilla\Firefox\Profiles\olf09tab.default\searchplugins\sweetim.xml O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.) O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000..\Run: [abnrytmetlkuwzt] C:\ProgramData\abnrytmetlkuwztjxqgn.exe () O4 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000..\Run: [KeApplet] C:\Users\Kiciucha\AppData\Roaming\vlc\{33EC570B-5BE7-413D-B3E1-3562B3800B45}\UpgradeHelper.exe File not found O15 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2053973658-3713036395-3022376170-1000\..Trusted Ranges: GD ([http] in Local intranet) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found [2012-03-22 20:18:16 | 004,872,312 | ---- | C] (http://www.express-files.com/) -- C:\Users\Kiciucha\sexizu_play_with_lewd_patty_downloader_165.exe [2012-02-26 15:01:48 | 002,371,152 | ---- | C] (DownVision) -- C:\Users\Kiciucha\AppData\Local\setup.exe [2012-05-23 17:32:45 | 000,057,344 | ---- | C] () -- C:\ProgramData\abnrytmetlkuwztjxqgn.exe [2012-05-23 17:32:41 | 000,000,448 | ---- | C] () -- C:\ProgramData\rujkfxoeautkskh [2012-05-23 17:32:39 | 000,057,344 | ---- | C] () -- C:\Users\Kiciucha\ms.exe [2012-02-05 15:53:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2011-07-24 10:50:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-07-24 10:50:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011-07-24 10:50:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-07-24 10:50:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-07-24 10:50:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-08-29 20:46:32 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe [2011-05-13 10:16:55 | 000,000,071 | ---- | C] () -- C:\Windows\iltwain.ini :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found :Commands [emptytemp] [emtyflash] [emtyjava] [clearallrestorepoints]