Dobrý deň,
od včerajška nemôžem aktualizovať antivírusový program a cez Správcu úloh som našiel proces update.exe, ktorý vyťažuje procesor od 50 až do 100%, pričom bežne procesy zaberajú tak 1%. Pustil som antivírus, tak čakám na výsledok. Myslím, že by to mohol byť vír, ak blokuje aktualizáciu. Proces som skúšal vypnúť, ale prístup odoprený.
podľa Task Managera proces update.exe z antivíraku vyťažoval procesor, odinštaloval som antivirák a teraz beží Spybot
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
proces vyťažuje procesor
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: proces vyťažuje procesor
Zdravim a pekny den preji 
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam - po ukonceni leceni tam dame neco kvalitnejsiho
Dejte log z RSIT - viz muj podpis
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam - po ukonceni leceni tam dame neco kvalitnejsiho Dejte log z RSIT - viz muj podpis"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: proces vyťažuje procesor
nech sa páči
prvá časť: Logfile of random's system information tool 1.09 (written by random/random)
Run by Ľuboš at 2011-07-25 19:17:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (29%) free of 45 GB
Total RAM: 1023 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:17:58, on 25.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\GART\isPCIE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Grom\Local Settings\Temporary Internet Files\Content.IE5\17THI28T\RSIT[1].exe
C:\Program Files\trend micro\Ľuboš.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKLM\..\RunOnce: [SpybotDeletingC1601] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm"
O4 - HKLM\..\RunOnce: [SpybotDeletingA340] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5643] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8065] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC162] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1269] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5289] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5347] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6063] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1114] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6398] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3780] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1303] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2368] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5090] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8454] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5982] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9834] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7764] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA580] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1844] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1131] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5268] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2541] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1206] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8941] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2757] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2802] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6390] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9145] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3537] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3487] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4850] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA337] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8813] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3848] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4891] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2219] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3522] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7904] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3279] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1545] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7206] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1599] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1382] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3037] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6708] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingA840] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6645] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7034] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5094] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5248] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9914] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3967] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2738] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9946] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5498] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9781] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4253] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6758] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6805] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3616] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8043] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6889] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7046] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9391] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7243] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA36] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC181] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2229] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7090] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6690] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5149] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6069] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3358] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6635] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9310] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8609] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6962] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5680] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6501] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1801] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9781] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8879] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3632] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6921] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6555] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7313] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5745] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8225] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3294] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2598] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6112] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8741] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9776] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA390] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6119] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2911] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2501] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4674] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3549] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7322] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8598] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8441] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2955] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8444] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3847] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5760] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6366] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA366] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5884] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9298] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7143] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5027] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5911] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2510] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4590] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1879] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7488] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9840] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8844] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3036] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2756] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1394] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3502] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3833] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8929] command.com /c del "C:\WINDOWS\setupapi.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4331] cmd.exe /c del "C:\WINDOWS\setupapi.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8326] command.com /c del "C:\WINDOWS\System32\wbem\logs\mofcomp.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC450] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\mofcomp.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1848] command.com /c del "C:\WINDOWS\System32\wbem\logs\wbemcore.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4879] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wbemcore.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4564] command.com /c del "C:\WINDOWS\System32\wbem\logs\wbemess.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4981] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wbemess.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA87] command.com /c del "C:\WINDOWS\System32\wbem\logs\wmiprov.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1321] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wmiprov.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7205] command.com /c del "C:\Documents and Settings\Grom\Application Data\Macromedia\Flash Player\#SharedObjects\GZ64MSF6\s.ytimg.com\videostats.sol"
O4 - HKLM\..\RunOnce: [SpybotDeletingC279] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Macromedia\Flash Player\#SharedObjects\GZ64MSF6\s.ytimg.com\videostats.sol"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4214] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8442] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3030] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4283] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB6041] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD864] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4401] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\chrome.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9012] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\chrome.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4296] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5522] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9697] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5688] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2099] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5180] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6426] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1085] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5928] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.css"
O4 - HKCU\..\RunOnce: [SpybotDeletingD890] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.css"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9451] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul"
O4 - HKCU\..\RunOnce: [SpybotDeletingD695] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul"
O4 - HKCU\..\RunOnce: [SpybotDeletingB193] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1338] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1388] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\btnInf.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9102] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\btnInf.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8382] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\instlgc.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9582] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\instlgc.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3018] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9247] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9054] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\PPCB.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5878] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\PPCB.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9499] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1194] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4690] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1767] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3860] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2413] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1802] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9233] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5108] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD201] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7043] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3419] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1895] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6389] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9326] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1810] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9152] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6472] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8256] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD475] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB652] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7661] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7975] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1172] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9065] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7229] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2676] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4678] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB763] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5337] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB974] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7038] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9692] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD656] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2843] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2487] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3181] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4690] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB459] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9657] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3675] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD439] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7184] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1346] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5510] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6291] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3195] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4633] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4121] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9610] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8325] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2674] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2031] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3808] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7444] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD25] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4653] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5605] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9414] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9364] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4420] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1777] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3798] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4290] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7395] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6093] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2476] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5734] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9897] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1281] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1291] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2087] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2081] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8916] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6256] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6200] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6671] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5116] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3570] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9243] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8698] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1595] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9460] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6278] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7864] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3455] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2321] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD740] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB203] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3954] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7115] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2853] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1703] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5127] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1088] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1578] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4237] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1710] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB704] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2513] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1311] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5618] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4370] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2882] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2412] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7441] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2571] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1819] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1213] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD915] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB103] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2641] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7490] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1515] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7961] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1381] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6615] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2934] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3406] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8248] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6666] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9461] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2630] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD279] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5010] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1108] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3336] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3992] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8832] command.com /c del "C:\WINDOWS\setupapi.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7636] cmd.exe /c del "C:\WINDOWS\setupapi.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7095] command.com /c del "C:\WINDOWS\System32\wbem\logs\mofcomp.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1815] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\mofcomp.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB489] command.com /c del "C:\WINDOWS\System32\wbem\logs\wbemcore.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1421] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wbemcore.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1916] command.com /c del "C:\WINDOWS\System32\wbem\logs\wbemess.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7940] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wbemess.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9113] command.com /c del "C:\WINDOWS\System32\wbem\logs\wmiprov.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6183] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wmiprov.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3240] command.com /c del "C:\Documents and Settings\Grom\Application Data\Macromedia\Flash Player\#SharedObjects\GZ64MSF6\s.ytimg.com\videostats.sol"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8186] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Macromedia\Flash Player\#SharedObjects\GZ64MSF6\s.ytimg.com\videostats.sol"
O4 - HKCU\..\RunOnce: [SpybotDeletingB339] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9324] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4895] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4746] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: FreshDownload - {04185977-C61F-4216-AA10-A308CC904433} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2977997041
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O24 - Desktop Component 0: (no name) - http://www.kournikovaimages.com/images/ ... nak1~1.jpg
--
End of file - 67258 bytes
som v Safe Mode, lebo normálne mi po obrazovke Vitajte vyskočí hláška Windows : C System 32.command Nesprávny perameter
prvá časť: Logfile of random's system information tool 1.09 (written by random/random)
Run by Ľuboš at 2011-07-25 19:17:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (29%) free of 45 GB
Total RAM: 1023 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:17:58, on 25.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\GART\isPCIE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Grom\Local Settings\Temporary Internet Files\Content.IE5\17THI28T\RSIT[1].exe
C:\Program Files\trend micro\Ľuboš.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKLM\..\RunOnce: [SpybotDeletingC1601] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm"
O4 - HKLM\..\RunOnce: [SpybotDeletingA340] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5643] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8065] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC162] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1269] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5289] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5347] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6063] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1114] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6398] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3780] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1303] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2368] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5090] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8454] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5982] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9834] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7764] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA580] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1844] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1131] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5268] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2541] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1206] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8941] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2757] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2802] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6390] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9145] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3537] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3487] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4850] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA337] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8813] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3848] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4891] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2219] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3522] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7904] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3279] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1545] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7206] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1599] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1382] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3037] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6708] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG"
O4 - HKLM\..\RunOnce: [SpybotDeletingA840] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6645] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7034] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5094] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5248] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9914] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3967] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2738] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9946] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5498] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9781] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4253] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6758] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6805] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3616] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8043] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6889] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7046] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9391] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7243] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA36] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC181] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2229] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7090] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6690] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5149] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6069] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3358] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6635] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9310] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8609] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6962] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5680] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6501] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1801] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9781] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8879] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3632] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6921] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6555] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7313] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5745] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8225] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3294] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2598] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6112] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8741] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9776] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA390] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6119] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2911] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2501] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4674] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3549] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7322] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8598] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8441] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2955] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8444] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3847] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5760] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6366] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA366] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5884] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9298] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7143] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5027] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5911] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2510] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4590] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1879] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7488] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9840] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8844] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3036] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2756] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1394] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3502] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3833] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8929] command.com /c del "C:\WINDOWS\setupapi.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4331] cmd.exe /c del "C:\WINDOWS\setupapi.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8326] command.com /c del "C:\WINDOWS\System32\wbem\logs\mofcomp.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC450] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\mofcomp.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1848] command.com /c del "C:\WINDOWS\System32\wbem\logs\wbemcore.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4879] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wbemcore.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4564] command.com /c del "C:\WINDOWS\System32\wbem\logs\wbemess.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4981] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wbemess.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA87] command.com /c del "C:\WINDOWS\System32\wbem\logs\wmiprov.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1321] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wmiprov.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7205] command.com /c del "C:\Documents and Settings\Grom\Application Data\Macromedia\Flash Player\#SharedObjects\GZ64MSF6\s.ytimg.com\videostats.sol"
O4 - HKLM\..\RunOnce: [SpybotDeletingC279] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Macromedia\Flash Player\#SharedObjects\GZ64MSF6\s.ytimg.com\videostats.sol"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4214] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8442] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3030] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4283] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB6041] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD864] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4401] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\chrome.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9012] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\chrome.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4296] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5522] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9697] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5688] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2099] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5180] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6426] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1085] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5928] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.css"
O4 - HKCU\..\RunOnce: [SpybotDeletingD890] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.css"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9451] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul"
O4 - HKCU\..\RunOnce: [SpybotDeletingD695] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul"
O4 - HKCU\..\RunOnce: [SpybotDeletingB193] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1338] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1388] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\btnInf.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9102] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\btnInf.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8382] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\instlgc.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9582] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\instlgc.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3018] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9247] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9054] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\PPCB.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5878] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\PPCB.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9499] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1194] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4690] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1767] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3860] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2413] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1802] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9233] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5108] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD201] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7043] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3419] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1895] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6389] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9326] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1810] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9152] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6472] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8256] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD475] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB652] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7661] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7975] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1172] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9065] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7229] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2676] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4678] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB763] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5337] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB974] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7038] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9692] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD656] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2843] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2487] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3181] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4690] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB459] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9657] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3675] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD439] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7184] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1346] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5510] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6291] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3195] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4633] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4121] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9610] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8325] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2674] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2031] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3808] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7444] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD25] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4653] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5605] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9414] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9364] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4420] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1777] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3798] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4290] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7395] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6093] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2476] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5734] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9897] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1281] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1291] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2087] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2081] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8916] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6256] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6200] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6671] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5116] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3570] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9243] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8698] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1595] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9460] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6278] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7864] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3455] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2321] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD740] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB203] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3954] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7115] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2853] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1703] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5127] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1088] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1578] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4237] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1710] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB704] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2513] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1311] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5618] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4370] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2882] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2412] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7441] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2571] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1819] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1213] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD915] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB103] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2641] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7490] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1515] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7961] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1381] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6615] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2934] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3406] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8248] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6666] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9461] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2630] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD279] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5010] command.com /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1108] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3336] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3992] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8832] command.com /c del "C:\WINDOWS\setupapi.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7636] cmd.exe /c del "C:\WINDOWS\setupapi.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7095] command.com /c del "C:\WINDOWS\System32\wbem\logs\mofcomp.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1815] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\mofcomp.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB489] command.com /c del "C:\WINDOWS\System32\wbem\logs\wbemcore.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1421] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wbemcore.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1916] command.com /c del "C:\WINDOWS\System32\wbem\logs\wbemess.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7940] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wbemess.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9113] command.com /c del "C:\WINDOWS\System32\wbem\logs\wmiprov.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6183] cmd.exe /c del "C:\WINDOWS\System32\wbem\logs\wmiprov.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3240] command.com /c del "C:\Documents and Settings\Grom\Application Data\Macromedia\Flash Player\#SharedObjects\GZ64MSF6\s.ytimg.com\videostats.sol"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8186] cmd.exe /c del "C:\Documents and Settings\Grom\Application Data\Macromedia\Flash Player\#SharedObjects\GZ64MSF6\s.ytimg.com\videostats.sol"
O4 - HKCU\..\RunOnce: [SpybotDeletingB339] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9324] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4895] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4746] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: FreshDownload - {04185977-C61F-4216-AA10-A308CC904433} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2977997041
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O24 - Desktop Component 0: (no name) - http://www.kournikovaimages.com/images/ ... nak1~1.jpg
--
End of file - 67258 bytes
som v Safe Mode, lebo normálne mi po obrazovke Vitajte vyskočí hláška Windows : C System 32.command Nesprávny perameter
Re: proces vyťažuje procesor
2.časť:
======Scheduled tasks folder======
C:\WINDOWS\tasks\Driver Robot.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D}
{32099AAC-C132-4136-9E9A-4E364A424E17}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2008-11-04 435096]
"Spybot-S&D Cleaning"=C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC1601"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm []
"SpybotDeletingA340"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js []
"SpybotDeletingC5643"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js []
"SpybotDeletingA8065"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc []
"SpybotDeletingC162"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc []
"SpybotDeletingA1269"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif []
"SpybotDeletingC5289"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif []
"SpybotDeletingA5347"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif []
"SpybotDeletingC6063"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif []
"SpybotDeletingA1114"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif []
"SpybotDeletingC6398"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif []
"SpybotDeletingA3780"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif []
"SpybotDeletingC1303"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif []
"SpybotDeletingA2368"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif []
"SpybotDeletingC5090"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif []
"SpybotDeletingA8454"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif []
"SpybotDeletingC5982"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif []
"SpybotDeletingA9834"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png []
"SpybotDeletingC7764"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png []
"SpybotDeletingA580"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png []
"SpybotDeletingC1844"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png []
"SpybotDeletingA1131"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png []
"SpybotDeletingC5268"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png []
"SpybotDeletingA2541"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png []
"SpybotDeletingC1206"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png []
"SpybotDeletingA8941"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png []
"SpybotDeletingC2757"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png []
"SpybotDeletingA2802"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png []
"SpybotDeletingC6390"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png []
"SpybotDeletingA9145"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG []
"SpybotDeletingC3537"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG []
"SpybotDeletingA3487"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png []
"SpybotDeletingC4850"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png []
"SpybotDeletingA337"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png []
"SpybotDeletingC8813"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png []
"SpybotDeletingA3848"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png []
"SpybotDeletingC4891"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png []
"SpybotDeletingA2219"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG []
"SpybotDeletingC3522"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG []
"SpybotDeletingA7904"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png []
"SpybotDeletingC3279"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png []
"SpybotDeletingA1545"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png []
"SpybotDeletingC7206"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png []
"SpybotDeletingA1599"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png []
"SpybotDeletingC1382"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png []
"SpybotDeletingA3037"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG []
"SpybotDeletingC6708"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG []
"SpybotDeletingA840"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc []
"SpybotDeletingC6645"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc []
"SpybotDeletingA7034"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png []
"SpybotDeletingC5094"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png []
"SpybotDeletingA5248"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png []
"SpybotDeletingC9914"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png []
"SpybotDeletingA3967"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png []
"SpybotDeletingC2738"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png []
"SpybotDeletingA9946"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png []
"SpybotDeletingC5498"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png []
"SpybotDeletingA9781"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png []
"SpybotDeletingC4253"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png []
"SpybotDeletingA6758"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png []
"SpybotDeletingC6805"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png []
"SpybotDeletingA3616"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png []
"SpybotDeletingC8043"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png []
"SpybotDeletingA6889"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png []
"SpybotDeletingC7046"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png []
"SpybotDeletingA9391"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png []
"SpybotDeletingC7243"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png []
"SpybotDeletingA36"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png []
"SpybotDeletingC181"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png []
"SpybotDeletingA2229"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png []
"SpybotDeletingC7090"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png []
"SpybotDeletingA6690"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png []
"SpybotDeletingC5149"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png []
"SpybotDeletingA6069"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png []
"SpybotDeletingC3358"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png []
"SpybotDeletingA6635"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png []
"SpybotDeletingC9310"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png []
"SpybotDeletingA8609"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png []
"SpybotDeletingC6962"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png []
"SpybotDeletingA5680"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png []
"SpybotDeletingC6501"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png []
"SpybotDeletingA1801"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png []
"SpybotDeletingC9781"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png []
"SpybotDeletingA8879"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png []
"SpybotDeletingC3632"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png []
"SpybotDeletingA6921"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png []
"SpybotDeletingC6555"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png []
"SpybotDeletingA7313"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png []
"SpybotDeletingC5745"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png []
"SpybotDeletingA8225"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png []
"SpybotDeletingC3294"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png []
"SpybotDeletingA2598"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png []
"SpybotDeletingC6112"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png []
"SpybotDeletingA8741"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png []
"SpybotDeletingC9776"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png []
"SpybotDeletingA390"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png []
"SpybotDeletingC6119"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png []
"SpybotDeletingA2911"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png []
"SpybotDeletingC2501"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png []
"SpybotDeletingA4674"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB6041"=command.com /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingD864"=cmd.exe /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingB4401"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\chrome.manifest []
"SpybotDeletingD9012"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\chrome.manifest []
"SpybotDeletingB4296"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\install.rdf []
"SpybotDeletingD5522"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\install.rdf []
"SpybotDeletingB9697"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\vssver.scc []
"SpybotDeletingD5688"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\vssver.scc []
"SpybotDeletingB2099"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll []
"SpybotDeletingD5180"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll []
"SpybotDeletingB6426"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt []
"SpybotDeletingD1085"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt []
"SpybotDeletingB5928"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.css []
"SpybotDeletingD890"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.css []
"SpybotDeletingB9451"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul []
"SpybotDeletingD695"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul []
"SpybotDeletingB193"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js []
"SpybotDeletingD1338"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js []
"SpybotDeletingB1388"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\btnInf.js []
"SpybotDeletingD9102"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\btnInf.js []
"SpybotDeletingB8382"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\instlgc.js []
"SpybotDeletingD9582"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\instlgc.js []
"SpybotDeletingB3018"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js []
"SpybotDeletingD9247"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js []
"SpybotDeletingB9054"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\PPCB.js []
"SpybotDeletingD5878"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\PPCB.js []
"SpybotDeletingB9499"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm []
"SpybotDeletingD1194"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm []
"SpybotDeletingB4690"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js []
"SpybotDeletingD1767"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js []
"SpybotDeletingB3860"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc []
"SpybotDeletingD2413"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc []
"SpybotDeletingB1802"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif []
"SpybotDeletingD9233"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif []
"SpybotDeletingB5108"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif []
"SpybotDeletingD201"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif []
"SpybotDeletingB7043"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif []
"SpybotDeletingD3419"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif []
"SpybotDeletingB1895"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif []
"SpybotDeletingD6389"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif []
"SpybotDeletingB9326"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif []
"SpybotDeletingD1810"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif []
"SpybotDeletingB9152"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif []
"SpybotDeletingD6472"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif []
"SpybotDeletingB8256"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png []
"SpybotDeletingD475"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png []
"SpybotDeletingB652"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png []
"SpybotDeletingD7661"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png []
"SpybotDeletingB7975"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png []
"SpybotDeletingD1172"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png []
"SpybotDeletingB9065"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png []
"SpybotDeletingD7229"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png []
"SpybotDeletingB2676"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png []
"SpybotDeletingD4678"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png []
"SpybotDeletingB763"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png []
"SpybotDeletingD5337"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png []
"SpybotDeletingB974"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG []
"SpybotDeletingD7038"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG []
"SpybotDeletingB9692"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png []
"SpybotDeletingD656"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png []
"SpybotDeletingB2843"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png []
"SpybotDeletingD2487"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png []
"SpybotDeletingB3181"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png []
"SpybotDeletingD4690"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png []
"SpybotDeletingB459"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG []
"SpybotDeletingD9657"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG []
"SpybotDeletingB3675"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png []
"SpybotDeletingD439"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png []
"SpybotDeletingB7184"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png []
"SpybotDeletingD1346"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png []
"SpybotDeletingB5510"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png []
"SpybotDeletingD6291"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png []
"SpybotDeletingB3195"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG []
"SpybotDeletingD4633"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG []
"SpybotDeletingB4121"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc []
"SpybotDeletingD9610"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc []
"SpybotDeletingB8325"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png []
"SpybotDeletingD2674"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png []
"SpybotDeletingB2031"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png []
"SpybotDeletingD3808"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png []
"SpybotDeletingB7444"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png []
"SpybotDeletingD25"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png []
"SpybotDeletingB4653"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png []
"SpybotDeletingD5605"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png []
"SpybotDeletingB9414"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png []
"SpybotDeletingD9364"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png []
"SpybotDeletingB4420"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png []
"SpybotDeletingD1777"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png []
"SpybotDeletingB3798"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png []
"SpybotDeletingD4290"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png []
"SpybotDeletingB7395"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png []
"SpybotDeletingD6093"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png []
"SpybotDeletingB2476"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png []
"SpybotDeletingD5734"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png []
"SpybotDeletingB9897"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png []
"SpybotDeletingD1281"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png []
"SpybotDeletingB1291"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png []
"SpybotDeletingD2087"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png []
"SpybotDeletingB2081"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png []
"SpybotDeletingD8916"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-03 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Pro Evolution Soccer 2011\PES 11\pes2011.exe"="D:\Pro Evolution Soccer 2011\PES 11\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011"
"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Disabled:hd2"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\WINDOWS\network diagnostic\xpnetdiag.exe"="C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Disabled:Network Diagnostic for Windows XP"
"D:\Pro Evolution Soccer 2011\Crack PES 2011 Actualizacion Oficial 1.0.1\Crack PES 2011 Actualizacion Oficial 1.0.1\pes2011.exe"="D:\Pro Evolution Soccer 2011\Crack PES 2011 Actualizacion Oficial 1.0.1\Crack PES 2011 Actualizacion Oficial 1.0.1\pes2011.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2011\gacp_11.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2011\gacp_11.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Documents and Settings\Grom\Local Settings\temp\Rar$EX00.438\Crack PES 2011 Actualizacion Oficial 1.0.1\pes2011.exe"="C:\Documents and Settings\Grom\Local Settings\temp\Rar$EX00.438\Crack PES 2011 Actualizacion Oficial 1.0.1\pes2011.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Documents and Settings\Grom\Desktop\Pro Evolution Soccer 2011.exe"="C:\Documents and Settings\Grom\Desktop\Pro Evolution Soccer 2011.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Documents and Settings\Grom\Desktop\pes2011.exe"="C:\Documents and Settings\Grom\Desktop\pes2011.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service"
"C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service"
"C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service"
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======List of files/folders created in the last 3 months======
2011-07-25 19:17:45 ----DC---- C:\Program Files\trend micro
2011-07-25 19:17:44 ----D---- C:\rsit
2011-07-25 19:00:10 ----ASH---- C:\pagefile.sys
2011-07-25 18:42:48 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-25 18:31:06 ----RSHD---- C:\cmdcons
2011-07-25 18:30:50 ----D---- C:\WINDOWS\setupupd
2011-07-25 16:57:52 ----A---- C:\WINDOWS\wininit.ini
2011-07-25 16:06:41 ----DC---- C:\Program Files\Spybot - Search & Destroy 2
2011-07-24 18:19:25 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-24 16:36:02 ----D---- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
2011-07-23 23:01:58 ----D---- C:\Documents and Settings\Grom\Application Data\Leadertech
2011-07-15 20:25:18 ----ASH---- C:\BOOT.BAK
2011-07-15 20:24:46 ----A---- C:\WINDOWS\UPGRADE.TXT
2011-07-15 20:24:44 ----D---- C:\WINDOWS\setup.pss
2011-07-15 10:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-15 10:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-12 18:46:28 ----D---- C:\Documents and Settings\Grom\Application Data\ElevatedDiagnostics
2011-07-12 18:45:04 ----D---- C:\WINDOWS\system32\windowspowershell
2011-07-12 18:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2011-07-12 10:52:28 ----D---- C:\Program Files\Messenger
2011-07-12 10:52:28 ----D---- C:\Program Files\Hewlett-Packard
2011-07-10 22:50:58 ----DC---- C:\Program Files\Atari
2011-07-10 22:50:29 ----D---- C:\Documents and Settings\Grom\Application Data\InstallShield
2011-06-29 23:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-22 08:47:00 ----A---- C:\WINDOWS\game.ini
2011-06-19 11:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-06-17 09:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-17 09:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-17 09:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-17 09:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-17 09:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-07 09:13:50 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2011-06-04 19:40:03 ----D---- C:\Documents and Settings\Grom\Application Data\Apple Computer
2011-06-02 14:23:31 ----A---- C:\WINDOWS\system32\drivers\lirsgt.sys
2011-06-02 14:23:31 ----A---- C:\WINDOWS\system32\drivers\atksgt.sys
2011-06-02 14:20:28 ----D---- C:\Documents and Settings\Grom\Application Data\Prison Break
======List of files/folders modified in the last 3 months======
2011-07-25 19:17:45 ----RDC---- C:\Program Files
2011-07-25 19:15:15 ----D---- C:\WINDOWS\system32
2011-07-25 18:43:00 ----D---- C:\Documents and Settings
2011-07-25 18:42:56 ----SHD---- C:\WINDOWS\CSC
2011-07-25 18:42:48 ----D---- C:\WINDOWS
2011-07-25 18:38:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 18:38:24 ----D---- C:\Program Files\Common Files
2011-07-25 18:31:36 ----RASH---- C:\boot.ini
2011-07-25 18:10:35 ----D---- C:\WINDOWS\temp
2011-07-25 17:54:04 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-25 17:43:16 ----D---- C:\WINDOWS\repair
2011-07-25 17:38:08 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-25 17:21:12 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-07-25 16:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-25 16:31:43 ----SHD---- C:\WINDOWS\Installer
2011-07-25 16:29:03 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-25 16:28:41 ----SHD---- C:\Config.Msi
2011-07-25 16:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-07-25 16:07:58 ----D---- C:\WINDOWS\system32\drivers
2011-07-25 16:07:06 ----D---- C:\WINDOWS\system32\config
2011-07-25 16:07:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-07-25 15:25:53 ----D---- C:\WINDOWS\Registration
2011-07-25 14:59:31 ----D---- C:\Documents and Settings\Grom\Application Data\uTorrent
2011-07-25 14:47:06 ----D---- C:\WINDOWS\system32\wbem
2011-07-25 14:46:42 ----D---- C:\WINDOWS\system32\DirectX
2011-07-25 14:45:13 ----D---- C:\Documents and Settings\Grom\Application Data\Uniblue
2011-07-24 18:20:23 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-24 18:05:38 ----D---- C:\WINDOWS\system32\catroot2.old
2011-07-24 17:59:45 ----D---- C:\WINDOWS\Prefetch
2011-07-24 17:44:41 ----A---- C:\WINDOWS\win.ini
2011-07-24 17:44:41 ----A---- C:\WINDOWS\system.ini
2011-07-24 16:35:45 ----SD---- C:\WINDOWS\Tasks
2011-07-24 16:20:49 ----D---- C:\WINDOWS\Minidump
2011-07-24 16:20:49 ----D---- C:\WINDOWS\Logs
2011-07-24 16:20:49 ----D---- C:\WINDOWS\Debug
2011-07-23 22:47:41 ----HD---- C:\WINDOWS\inf
2011-07-23 22:47:17 ----RSD---- C:\WINDOWS\assembly
2011-07-15 10:23:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-15 10:20:48 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-07-15 09:49:40 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-12 18:47:31 ----D---- C:\WINDOWS\AppPatch
2011-07-12 13:32:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-12 13:21:28 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-30 00:07:50 ----D---- C:\Program Files\Microsoft Office
2011-06-30 00:04:23 ----D---- C:\WINDOWS\WinSxS
2011-06-30 00:04:19 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-20 08:15:21 ----D---- C:\Program Files\AvRack
2011-06-17 10:14:03 ----D---- C:\Program Files\Internet Explorer
2011-06-17 10:14:02 ----D---- C:\WINDOWS\SxsCaPendDel
2011-06-17 09:06:36 ----D---- C:\WINDOWS\ie8updates
2011-06-15 12:53:54 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2011-05-31 00:19:48 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-05-08 12:22:28 ----DC---- C:\Program Files\uTorrent
2011-05-02 17:31:52 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-04-29 19:25:27 ----A---- C:\WINDOWS\system32\schannel.dll
2011-04-26 13:07:50 ----A---- C:\WINDOWS\system32\winsrv.dll
2011-04-26 13:07:50 ----A---- C:\WINDOWS\system32\csrsrv.dll
2011-04-26 10:11:12 ----A---- C:\WINDOWS\system32\ieframe.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-28 691696]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys []
S1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-06-02 281760]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S2 hwpsgt;hwpsgt; C:\WINDOWS\system32\DRIVERS\hwpsgt.sys []
S2 lemsgt;lemsgt; C:\WINDOWS\system32\DRIVERS\lemsgt.sys []
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-06-02 25888]
S3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\admjoy.sys [2004-08-03 10880]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-03 1754624]
S3 catchme;catchme; \??\C:\DOCUME~1\Grom\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-01 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-11-01 21568]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\Sandra.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-03 425984]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-22 241664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
======Scheduled tasks folder======
C:\WINDOWS\tasks\Driver Robot.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D}
{32099AAC-C132-4136-9E9A-4E364A424E17}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2008-11-04 435096]
"Spybot-S&D Cleaning"=C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC1601"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm []
"SpybotDeletingA340"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js []
"SpybotDeletingC5643"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js []
"SpybotDeletingA8065"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc []
"SpybotDeletingC162"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc []
"SpybotDeletingA1269"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif []
"SpybotDeletingC5289"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif []
"SpybotDeletingA5347"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif []
"SpybotDeletingC6063"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif []
"SpybotDeletingA1114"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif []
"SpybotDeletingC6398"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif []
"SpybotDeletingA3780"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif []
"SpybotDeletingC1303"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif []
"SpybotDeletingA2368"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif []
"SpybotDeletingC5090"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif []
"SpybotDeletingA8454"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif []
"SpybotDeletingC5982"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif []
"SpybotDeletingA9834"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png []
"SpybotDeletingC7764"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png []
"SpybotDeletingA580"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png []
"SpybotDeletingC1844"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png []
"SpybotDeletingA1131"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png []
"SpybotDeletingC5268"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png []
"SpybotDeletingA2541"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png []
"SpybotDeletingC1206"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png []
"SpybotDeletingA8941"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png []
"SpybotDeletingC2757"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png []
"SpybotDeletingA2802"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png []
"SpybotDeletingC6390"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png []
"SpybotDeletingA9145"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG []
"SpybotDeletingC3537"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG []
"SpybotDeletingA3487"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png []
"SpybotDeletingC4850"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png []
"SpybotDeletingA337"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png []
"SpybotDeletingC8813"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png []
"SpybotDeletingA3848"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png []
"SpybotDeletingC4891"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png []
"SpybotDeletingA2219"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG []
"SpybotDeletingC3522"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG []
"SpybotDeletingA7904"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png []
"SpybotDeletingC3279"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png []
"SpybotDeletingA1545"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png []
"SpybotDeletingC7206"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png []
"SpybotDeletingA1599"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png []
"SpybotDeletingC1382"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png []
"SpybotDeletingA3037"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG []
"SpybotDeletingC6708"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG []
"SpybotDeletingA840"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc []
"SpybotDeletingC6645"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc []
"SpybotDeletingA7034"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png []
"SpybotDeletingC5094"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png []
"SpybotDeletingA5248"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png []
"SpybotDeletingC9914"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png []
"SpybotDeletingA3967"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png []
"SpybotDeletingC2738"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png []
"SpybotDeletingA9946"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png []
"SpybotDeletingC5498"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png []
"SpybotDeletingA9781"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png []
"SpybotDeletingC4253"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png []
"SpybotDeletingA6758"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png []
"SpybotDeletingC6805"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png []
"SpybotDeletingA3616"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png []
"SpybotDeletingC8043"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png []
"SpybotDeletingA6889"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png []
"SpybotDeletingC7046"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png []
"SpybotDeletingA9391"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png []
"SpybotDeletingC7243"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png []
"SpybotDeletingA36"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png []
"SpybotDeletingC181"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png []
"SpybotDeletingA2229"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png []
"SpybotDeletingC7090"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png []
"SpybotDeletingA6690"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png []
"SpybotDeletingC5149"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png []
"SpybotDeletingA6069"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png []
"SpybotDeletingC3358"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png []
"SpybotDeletingA6635"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png []
"SpybotDeletingC9310"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png []
"SpybotDeletingA8609"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png []
"SpybotDeletingC6962"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png []
"SpybotDeletingA5680"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png []
"SpybotDeletingC6501"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png []
"SpybotDeletingA1801"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png []
"SpybotDeletingC9781"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png []
"SpybotDeletingA8879"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png []
"SpybotDeletingC3632"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png []
"SpybotDeletingA6921"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png []
"SpybotDeletingC6555"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png []
"SpybotDeletingA7313"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png []
"SpybotDeletingC5745"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png []
"SpybotDeletingA8225"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png []
"SpybotDeletingC3294"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png []
"SpybotDeletingA2598"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png []
"SpybotDeletingC6112"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png []
"SpybotDeletingA8741"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png []
"SpybotDeletingC9776"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png []
"SpybotDeletingA390"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png []
"SpybotDeletingC6119"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png []
"SpybotDeletingA2911"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png []
"SpybotDeletingC2501"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png []
"SpybotDeletingA4674"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB6041"=command.com /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingD864"=cmd.exe /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingB4401"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\chrome.manifest []
"SpybotDeletingD9012"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\chrome.manifest []
"SpybotDeletingB4296"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\install.rdf []
"SpybotDeletingD5522"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\install.rdf []
"SpybotDeletingB9697"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\vssver.scc []
"SpybotDeletingD5688"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\vssver.scc []
"SpybotDeletingB2099"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll []
"SpybotDeletingD5180"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll []
"SpybotDeletingB6426"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt []
"SpybotDeletingD1085"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt []
"SpybotDeletingB5928"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.css []
"SpybotDeletingD890"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.css []
"SpybotDeletingB9451"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul []
"SpybotDeletingD695"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul []
"SpybotDeletingB193"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js []
"SpybotDeletingD1338"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js []
"SpybotDeletingB1388"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\btnInf.js []
"SpybotDeletingD9102"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\btnInf.js []
"SpybotDeletingB8382"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\instlgc.js []
"SpybotDeletingD9582"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\instlgc.js []
"SpybotDeletingB3018"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js []
"SpybotDeletingD9247"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js []
"SpybotDeletingB9054"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\PPCB.js []
"SpybotDeletingD5878"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\PPCB.js []
"SpybotDeletingB9499"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm []
"SpybotDeletingD1194"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\rd.htm []
"SpybotDeletingB4690"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js []
"SpybotDeletingD1767"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js []
"SpybotDeletingB3860"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc []
"SpybotDeletingD2413"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\vssver.scc []
"SpybotDeletingB1802"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif []
"SpybotDeletingD9233"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif []
"SpybotDeletingB5108"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif []
"SpybotDeletingD201"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif []
"SpybotDeletingB7043"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif []
"SpybotDeletingD3419"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif []
"SpybotDeletingB1895"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif []
"SpybotDeletingD6389"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif []
"SpybotDeletingB9326"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif []
"SpybotDeletingD1810"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif []
"SpybotDeletingB9152"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif []
"SpybotDeletingD6472"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif []
"SpybotDeletingB8256"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png []
"SpybotDeletingD475"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png []
"SpybotDeletingB652"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png []
"SpybotDeletingD7661"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png []
"SpybotDeletingB7975"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png []
"SpybotDeletingD1172"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png []
"SpybotDeletingB9065"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png []
"SpybotDeletingD7229"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png []
"SpybotDeletingB2676"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png []
"SpybotDeletingD4678"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png []
"SpybotDeletingB763"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png []
"SpybotDeletingD5337"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png []
"SpybotDeletingB974"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG []
"SpybotDeletingD7038"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG []
"SpybotDeletingB9692"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png []
"SpybotDeletingD656"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png []
"SpybotDeletingB2843"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png []
"SpybotDeletingD2487"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png []
"SpybotDeletingB3181"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png []
"SpybotDeletingD4690"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png []
"SpybotDeletingB459"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG []
"SpybotDeletingD9657"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG []
"SpybotDeletingB3675"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png []
"SpybotDeletingD439"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png []
"SpybotDeletingB7184"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png []
"SpybotDeletingD1346"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png []
"SpybotDeletingB5510"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png []
"SpybotDeletingD6291"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png []
"SpybotDeletingB3195"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG []
"SpybotDeletingD4633"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG []
"SpybotDeletingB4121"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc []
"SpybotDeletingD9610"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc []
"SpybotDeletingB8325"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png []
"SpybotDeletingD2674"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png []
"SpybotDeletingB2031"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png []
"SpybotDeletingD3808"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png []
"SpybotDeletingB7444"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png []
"SpybotDeletingD25"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png []
"SpybotDeletingB4653"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png []
"SpybotDeletingD5605"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png []
"SpybotDeletingB9414"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png []
"SpybotDeletingD9364"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png []
"SpybotDeletingB4420"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png []
"SpybotDeletingD1777"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png []
"SpybotDeletingB3798"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png []
"SpybotDeletingD4290"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png []
"SpybotDeletingB7395"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png []
"SpybotDeletingD6093"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png []
"SpybotDeletingB2476"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png []
"SpybotDeletingD5734"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png []
"SpybotDeletingB9897"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png []
"SpybotDeletingD1281"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png []
"SpybotDeletingB1291"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png []
"SpybotDeletingD2087"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png []
"SpybotDeletingB2081"=command.com /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png []
"SpybotDeletingD8916"=cmd.exe /c del C:\Documents and Settings\Grom\Application Data\Mozilla\Firefox\Profiles\7w30ha3g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-03 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Pro Evolution Soccer 2011\PES 11\pes2011.exe"="D:\Pro Evolution Soccer 2011\PES 11\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011"
"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Disabled:hd2"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\WINDOWS\network diagnostic\xpnetdiag.exe"="C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Disabled:Network Diagnostic for Windows XP"
"D:\Pro Evolution Soccer 2011\Crack PES 2011 Actualizacion Oficial 1.0.1\Crack PES 2011 Actualizacion Oficial 1.0.1\pes2011.exe"="D:\Pro Evolution Soccer 2011\Crack PES 2011 Actualizacion Oficial 1.0.1\Crack PES 2011 Actualizacion Oficial 1.0.1\pes2011.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2011\gacp_11.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2011\gacp_11.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Documents and Settings\Grom\Local Settings\temp\Rar$EX00.438\Crack PES 2011 Actualizacion Oficial 1.0.1\pes2011.exe"="C:\Documents and Settings\Grom\Local Settings\temp\Rar$EX00.438\Crack PES 2011 Actualizacion Oficial 1.0.1\pes2011.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Documents and Settings\Grom\Desktop\Pro Evolution Soccer 2011.exe"="C:\Documents and Settings\Grom\Desktop\Pro Evolution Soccer 2011.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Documents and Settings\Grom\Desktop\pes2011.exe"="C:\Documents and Settings\Grom\Desktop\pes2011.exe:*:Disabled:Pro Evolution Soccer 2011"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service"
"C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service"
"C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service"
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======List of files/folders created in the last 3 months======
2011-07-25 19:17:45 ----DC---- C:\Program Files\trend micro
2011-07-25 19:17:44 ----D---- C:\rsit
2011-07-25 19:00:10 ----ASH---- C:\pagefile.sys
2011-07-25 18:42:48 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-25 18:31:06 ----RSHD---- C:\cmdcons
2011-07-25 18:30:50 ----D---- C:\WINDOWS\setupupd
2011-07-25 16:57:52 ----A---- C:\WINDOWS\wininit.ini
2011-07-25 16:06:41 ----DC---- C:\Program Files\Spybot - Search & Destroy 2
2011-07-24 18:19:25 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-24 16:36:02 ----D---- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
2011-07-23 23:01:58 ----D---- C:\Documents and Settings\Grom\Application Data\Leadertech
2011-07-15 20:25:18 ----ASH---- C:\BOOT.BAK
2011-07-15 20:24:46 ----A---- C:\WINDOWS\UPGRADE.TXT
2011-07-15 20:24:44 ----D---- C:\WINDOWS\setup.pss
2011-07-15 10:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-15 10:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-12 18:46:28 ----D---- C:\Documents and Settings\Grom\Application Data\ElevatedDiagnostics
2011-07-12 18:45:04 ----D---- C:\WINDOWS\system32\windowspowershell
2011-07-12 18:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2011-07-12 10:52:28 ----D---- C:\Program Files\Messenger
2011-07-12 10:52:28 ----D---- C:\Program Files\Hewlett-Packard
2011-07-10 22:50:58 ----DC---- C:\Program Files\Atari
2011-07-10 22:50:29 ----D---- C:\Documents and Settings\Grom\Application Data\InstallShield
2011-06-29 23:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-22 08:47:00 ----A---- C:\WINDOWS\game.ini
2011-06-19 11:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-06-17 09:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-17 09:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-17 09:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-17 09:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-17 09:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-07 09:13:50 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2011-06-04 19:40:03 ----D---- C:\Documents and Settings\Grom\Application Data\Apple Computer
2011-06-02 14:23:31 ----A---- C:\WINDOWS\system32\drivers\lirsgt.sys
2011-06-02 14:23:31 ----A---- C:\WINDOWS\system32\drivers\atksgt.sys
2011-06-02 14:20:28 ----D---- C:\Documents and Settings\Grom\Application Data\Prison Break
======List of files/folders modified in the last 3 months======
2011-07-25 19:17:45 ----RDC---- C:\Program Files
2011-07-25 19:15:15 ----D---- C:\WINDOWS\system32
2011-07-25 18:43:00 ----D---- C:\Documents and Settings
2011-07-25 18:42:56 ----SHD---- C:\WINDOWS\CSC
2011-07-25 18:42:48 ----D---- C:\WINDOWS
2011-07-25 18:38:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 18:38:24 ----D---- C:\Program Files\Common Files
2011-07-25 18:31:36 ----RASH---- C:\boot.ini
2011-07-25 18:10:35 ----D---- C:\WINDOWS\temp
2011-07-25 17:54:04 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-25 17:43:16 ----D---- C:\WINDOWS\repair
2011-07-25 17:38:08 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-25 17:21:12 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-07-25 16:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-25 16:31:43 ----SHD---- C:\WINDOWS\Installer
2011-07-25 16:29:03 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-25 16:28:41 ----SHD---- C:\Config.Msi
2011-07-25 16:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-07-25 16:07:58 ----D---- C:\WINDOWS\system32\drivers
2011-07-25 16:07:06 ----D---- C:\WINDOWS\system32\config
2011-07-25 16:07:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-07-25 15:25:53 ----D---- C:\WINDOWS\Registration
2011-07-25 14:59:31 ----D---- C:\Documents and Settings\Grom\Application Data\uTorrent
2011-07-25 14:47:06 ----D---- C:\WINDOWS\system32\wbem
2011-07-25 14:46:42 ----D---- C:\WINDOWS\system32\DirectX
2011-07-25 14:45:13 ----D---- C:\Documents and Settings\Grom\Application Data\Uniblue
2011-07-24 18:20:23 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-24 18:05:38 ----D---- C:\WINDOWS\system32\catroot2.old
2011-07-24 17:59:45 ----D---- C:\WINDOWS\Prefetch
2011-07-24 17:44:41 ----A---- C:\WINDOWS\win.ini
2011-07-24 17:44:41 ----A---- C:\WINDOWS\system.ini
2011-07-24 16:35:45 ----SD---- C:\WINDOWS\Tasks
2011-07-24 16:20:49 ----D---- C:\WINDOWS\Minidump
2011-07-24 16:20:49 ----D---- C:\WINDOWS\Logs
2011-07-24 16:20:49 ----D---- C:\WINDOWS\Debug
2011-07-23 22:47:41 ----HD---- C:\WINDOWS\inf
2011-07-23 22:47:17 ----RSD---- C:\WINDOWS\assembly
2011-07-15 10:23:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-15 10:20:48 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-07-15 09:49:40 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-12 18:47:31 ----D---- C:\WINDOWS\AppPatch
2011-07-12 13:32:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-12 13:21:28 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-30 00:07:50 ----D---- C:\Program Files\Microsoft Office
2011-06-30 00:04:23 ----D---- C:\WINDOWS\WinSxS
2011-06-30 00:04:19 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-20 08:15:21 ----D---- C:\Program Files\AvRack
2011-06-17 10:14:03 ----D---- C:\Program Files\Internet Explorer
2011-06-17 10:14:02 ----D---- C:\WINDOWS\SxsCaPendDel
2011-06-17 09:06:36 ----D---- C:\WINDOWS\ie8updates
2011-06-15 12:53:54 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2011-05-31 00:19:48 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-05-08 12:22:28 ----DC---- C:\Program Files\uTorrent
2011-05-02 17:31:52 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-04-29 19:25:27 ----A---- C:\WINDOWS\system32\schannel.dll
2011-04-26 13:07:50 ----A---- C:\WINDOWS\system32\winsrv.dll
2011-04-26 13:07:50 ----A---- C:\WINDOWS\system32\csrsrv.dll
2011-04-26 10:11:12 ----A---- C:\WINDOWS\system32\ieframe.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-28 691696]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys []
S1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-06-02 281760]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S2 hwpsgt;hwpsgt; C:\WINDOWS\system32\DRIVERS\hwpsgt.sys []
S2 lemsgt;lemsgt; C:\WINDOWS\system32\DRIVERS\lemsgt.sys []
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-06-02 25888]
S3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\admjoy.sys [2004-08-03 10880]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-03 1754624]
S3 catchme;catchme; \??\C:\DOCUME~1\Grom\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-01 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-11-01 21568]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\Sandra.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-03 425984]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-22 241664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: proces vyťažuje procesor
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: proces vyťažuje procesor
nech sa páči
ComboFix 11-07-25.02 - Ľuboš 25.07.2011 19:40:02.4.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.665 [GMT 2:00]
Running from: c:\documents and settings\Grom\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tages
c:\documents and settings\All Users\Application Data\Tages\100663747\Serial.txt
c:\documents and settings\All Users\Application Data\Tages\Priv.xey
c:\windows\system32\ctfmon(2).exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:17 . 2011-07-25 17:17 -------- dc----w- c:\program files\trend micro
2011-07-25 17:17 . 2011-07-25 17:18 -------- d-----w- C:\rsit
2011-07-25 16:43 . 2011-07-25 16:48 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 14:06 . 2011-07-25 17:15 -------- dc----w- c:\program files\Spybot - Search & Destroy 2
2011-07-25 12:47 . 2011-07-25 12:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-24 16:19 . 2011-07-25 17:39 -------- d-----w- c:\windows\system32\CatRoot2
2011-07-24 14:36 . 2011-07-25 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
2011-07-23 21:01 . 2011-07-23 21:01 -------- d-----w- c:\documents and settings\Grom\Application Data\Leadertech
2011-07-20 19:25 . 2011-07-20 19:25 -------- d--h--w- c:\documents and settings\Default User.WINXP
2011-07-12 16:46 . 2011-07-12 16:46 -------- d-----w- c:\documents and settings\Grom\Application Data\ElevatedDiagnostics
2011-07-12 08:52 . 2011-07-12 08:52 -------- d-----w- c:\program files\Hewlett-Packard
2011-07-10 20:50 . 2011-07-10 20:50 -------- dc----w- c:\program files\Atari
2011-07-10 20:50 . 2011-07-10 20:50 -------- d-----w- c:\documents and settings\Grom\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 06:13 . 2011-05-14 08:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 16:49 . 2011-06-14 16:49 1409 ----a-w- c:\windows\system32\tmpF7F40.FOT
2011-06-14 16:49 . 2011-06-14 16:49 1409 ----a-w- c:\windows\system32\tmpA3050.FOT
2011-06-02 14:02 . 2005-10-06 00:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 12:23 . 2011-06-02 12:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-06-02 12:23 . 2011-06-02 12:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-02 15:31 . 2006-12-21 00:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 07:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-05-05 09:41 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC1601"="del" [X]
"SpybotDeletingC5643"="del" [X]
"SpybotDeletingC162"="del" [X]
"SpybotDeletingC5289"="del" [X]
"SpybotDeletingC6063"="del" [X]
"SpybotDeletingC6398"="del" [X]
"SpybotDeletingC1303"="del" [X]
"SpybotDeletingC5090"="del" [X]
"SpybotDeletingC5982"="del" [X]
"SpybotDeletingC7764"="del" [X]
"SpybotDeletingC1844"="del" [X]
"SpybotDeletingC5268"="del" [X]
"SpybotDeletingC1206"="del" [X]
"SpybotDeletingC2757"="del" [X]
"SpybotDeletingC6390"="del" [X]
"SpybotDeletingC3537"="del" [X]
"SpybotDeletingC4850"="del" [X]
"SpybotDeletingC8813"="del" [X]
"SpybotDeletingC4891"="del" [X]
"SpybotDeletingC3522"="del" [X]
"SpybotDeletingC3279"="del" [X]
"SpybotDeletingC7206"="del" [X]
"SpybotDeletingC1382"="del" [X]
"SpybotDeletingC6708"="del" [X]
"SpybotDeletingC6645"="del" [X]
"SpybotDeletingC5094"="del" [X]
"SpybotDeletingC9914"="del" [X]
"SpybotDeletingC2738"="del" [X]
"SpybotDeletingC5498"="del" [X]
"SpybotDeletingC4253"="del" [X]
"SpybotDeletingC6805"="del" [X]
"SpybotDeletingC8043"="del" [X]
"SpybotDeletingC7046"="del" [X]
"SpybotDeletingC7243"="del" [X]
"SpybotDeletingC181"="del" [X]
"SpybotDeletingC7090"="del" [X]
"SpybotDeletingC5149"="del" [X]
"SpybotDeletingC3358"="del" [X]
"SpybotDeletingC9310"="del" [X]
"SpybotDeletingC6962"="del" [X]
"SpybotDeletingC6501"="del" [X]
"SpybotDeletingC9781"="del" [X]
"SpybotDeletingC3632"="del" [X]
"SpybotDeletingC6555"="del" [X]
"SpybotDeletingC5745"="del" [X]
"SpybotDeletingC3294"="del" [X]
"SpybotDeletingC6112"="del" [X]
"SpybotDeletingC9776"="del" [X]
"SpybotDeletingC6119"="del" [X]
"SpybotDeletingC2501"="del" [X]
"SpybotDeletingC3549"="del" [X]
"SpybotDeletingC8598"="del" [X]
"SpybotDeletingC2955"="del" [X]
"SpybotDeletingC3847"="del" [X]
"SpybotDeletingC6366"="del" [X]
"SpybotDeletingC5884"="del" [X]
"SpybotDeletingC7143"="del" [X]
"SpybotDeletingC5911"="del" [X]
"SpybotDeletingC4590"="del" [X]
"SpybotDeletingC7488"="del" [X]
"SpybotDeletingC2198"="del" [X]
"SpybotDeletingC3036"="del" [X]
"SpybotDeletingC1394"="del" [X]
"SpybotDeletingC3833"="del" [X]
"SpybotDeletingC4331"="del" [X]
"SpybotDeletingC450"="del" [X]
"SpybotDeletingC4879"="del" [X]
"SpybotDeletingC4981"="del" [X]
"SpybotDeletingC1321"="del" [X]
"SpybotDeletingC279"="del" [X]
"SpybotDeletingC8442"="del" [X]
"SpybotDeletingC4283"="del" [X]
"SpybotDeletingA340"="command.com" [2001-08-23 50620]
"SpybotDeletingA8065"="command.com" [2001-08-23 50620]
"SpybotDeletingA1269"="command.com" [2001-08-23 50620]
"SpybotDeletingA5347"="command.com" [2001-08-23 50620]
"SpybotDeletingA1114"="command.com" [2001-08-23 50620]
"SpybotDeletingA3780"="command.com" [2001-08-23 50620]
"SpybotDeletingA2368"="command.com" [2001-08-23 50620]
"SpybotDeletingA8454"="command.com" [2001-08-23 50620]
"SpybotDeletingA9834"="command.com" [2001-08-23 50620]
"SpybotDeletingA580"="command.com" [2001-08-23 50620]
"SpybotDeletingA1131"="command.com" [2001-08-23 50620]
"SpybotDeletingA2541"="command.com" [2001-08-23 50620]
"SpybotDeletingA8941"="command.com" [2001-08-23 50620]
"SpybotDeletingA2802"="command.com" [2001-08-23 50620]
"SpybotDeletingA9145"="command.com" [2001-08-23 50620]
"SpybotDeletingA3487"="command.com" [2001-08-23 50620]
"SpybotDeletingA337"="command.com" [2001-08-23 50620]
"SpybotDeletingA3848"="command.com" [2001-08-23 50620]
"SpybotDeletingA2219"="command.com" [2001-08-23 50620]
"SpybotDeletingA7904"="command.com" [2001-08-23 50620]
"SpybotDeletingA1545"="command.com" [2001-08-23 50620]
"SpybotDeletingA1599"="command.com" [2001-08-23 50620]
"SpybotDeletingA3037"="command.com" [2001-08-23 50620]
"SpybotDeletingA840"="command.com" [2001-08-23 50620]
"SpybotDeletingA7034"="command.com" [2001-08-23 50620]
"SpybotDeletingA5248"="command.com" [2001-08-23 50620]
"SpybotDeletingA3967"="command.com" [2001-08-23 50620]
"SpybotDeletingA9946"="command.com" [2001-08-23 50620]
"SpybotDeletingA9781"="command.com" [2001-08-23 50620]
"SpybotDeletingA6758"="command.com" [2001-08-23 50620]
"SpybotDeletingA3616"="command.com" [2001-08-23 50620]
"SpybotDeletingA6889"="command.com" [2001-08-23 50620]
"SpybotDeletingA9391"="command.com" [2001-08-23 50620]
"SpybotDeletingA36"="command.com" [2001-08-23 50620]
"SpybotDeletingA2229"="command.com" [2001-08-23 50620]
"SpybotDeletingA6690"="command.com" [2001-08-23 50620]
"SpybotDeletingA6069"="command.com" [2001-08-23 50620]
"SpybotDeletingA6635"="command.com" [2001-08-23 50620]
"SpybotDeletingA8609"="command.com" [2001-08-23 50620]
"SpybotDeletingA5680"="command.com" [2001-08-23 50620]
"SpybotDeletingA1801"="command.com" [2001-08-23 50620]
"SpybotDeletingA8879"="command.com" [2001-08-23 50620]
"SpybotDeletingA6921"="command.com" [2001-08-23 50620]
"SpybotDeletingA7313"="command.com" [2001-08-23 50620]
"SpybotDeletingA8225"="command.com" [2001-08-23 50620]
"SpybotDeletingA2598"="command.com" [2001-08-23 50620]
"SpybotDeletingA8741"="command.com" [2001-08-23 50620]
"SpybotDeletingA390"="command.com" [2001-08-23 50620]
"SpybotDeletingA2911"="command.com" [2001-08-23 50620]
"SpybotDeletingA4674"="command.com" [2001-08-23 50620]
"SpybotDeletingA7322"="command.com" [2001-08-23 50620]
"SpybotDeletingA8441"="command.com" [2001-08-23 50620]
"SpybotDeletingA8444"="command.com" [2001-08-23 50620]
"SpybotDeletingA5760"="command.com" [2001-08-23 50620]
"SpybotDeletingA366"="command.com" [2001-08-23 50620]
"SpybotDeletingA9298"="command.com" [2001-08-23 50620]
"SpybotDeletingA5027"="command.com" [2001-08-23 50620]
"SpybotDeletingA2510"="command.com" [2001-08-23 50620]
"SpybotDeletingA1879"="command.com" [2001-08-23 50620]
"SpybotDeletingA9840"="command.com" [2001-08-23 50620]
"SpybotDeletingA8844"="command.com" [2001-08-23 50620]
"SpybotDeletingA2756"="command.com" [2001-08-23 50620]
"SpybotDeletingA3502"="command.com" [2001-08-23 50620]
"SpybotDeletingA8929"="command.com" [2001-08-23 50620]
"SpybotDeletingA8326"="command.com" [2001-08-23 50620]
"SpybotDeletingA1848"="command.com" [2001-08-23 50620]
"SpybotDeletingA4564"="command.com" [2001-08-23 50620]
"SpybotDeletingA87"="command.com" [2001-08-23 50620]
"SpybotDeletingA7205"="command.com" [2001-08-23 50620]
"SpybotDeletingA4214"="command.com" [2001-08-23 50620]
"SpybotDeletingA3030"="command.com" [2001-08-23 50620]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2010 16:10 691696]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{04185977-C61F-4216-AA10-A308CC904433}
TCP: DhcpNameServer = 192.168.0.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{919F7D4B-AA3F-BBB8-16C2-7F78E6740404}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalegdehmbdkhllepadm"=hex:62,61,70,6f,00,00
"jalegdehmbdkhllepahm"=hex:62,61,6d,70,00,00
"ialnkhjjmabbmkjlml"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,64,66,65,6e,
65,64,6d,6e,00,00
"hafoiabkojomeoef"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,67,65,6c,6d,
6a,62,63,62,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(420)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-07-25 19:46:07
ComboFix-quarantined-files.txt 2011-07-25 17:46
.
Pre-Run: 13 637 537 792 bytes free
Post-Run: 8 adresárov, 14 572 535 808 voľných bajtov
.
- - End Of File - - 165763C598A3BCE2B9BB7DBA3F606A8D
ComboFix 11-07-25.02 - Ľuboš 25.07.2011 19:40:02.4.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.665 [GMT 2:00]
Running from: c:\documents and settings\Grom\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tages
c:\documents and settings\All Users\Application Data\Tages\100663747\Serial.txt
c:\documents and settings\All Users\Application Data\Tages\Priv.xey
c:\windows\system32\ctfmon(2).exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:17 . 2011-07-25 17:17 -------- dc----w- c:\program files\trend micro
2011-07-25 17:17 . 2011-07-25 17:18 -------- d-----w- C:\rsit
2011-07-25 16:43 . 2011-07-25 16:48 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 14:06 . 2011-07-25 17:15 -------- dc----w- c:\program files\Spybot - Search & Destroy 2
2011-07-25 12:47 . 2011-07-25 12:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-24 16:19 . 2011-07-25 17:39 -------- d-----w- c:\windows\system32\CatRoot2
2011-07-24 14:36 . 2011-07-25 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
2011-07-23 21:01 . 2011-07-23 21:01 -------- d-----w- c:\documents and settings\Grom\Application Data\Leadertech
2011-07-20 19:25 . 2011-07-20 19:25 -------- d--h--w- c:\documents and settings\Default User.WINXP
2011-07-12 16:46 . 2011-07-12 16:46 -------- d-----w- c:\documents and settings\Grom\Application Data\ElevatedDiagnostics
2011-07-12 08:52 . 2011-07-12 08:52 -------- d-----w- c:\program files\Hewlett-Packard
2011-07-10 20:50 . 2011-07-10 20:50 -------- dc----w- c:\program files\Atari
2011-07-10 20:50 . 2011-07-10 20:50 -------- d-----w- c:\documents and settings\Grom\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 06:13 . 2011-05-14 08:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 16:49 . 2011-06-14 16:49 1409 ----a-w- c:\windows\system32\tmpF7F40.FOT
2011-06-14 16:49 . 2011-06-14 16:49 1409 ----a-w- c:\windows\system32\tmpA3050.FOT
2011-06-02 14:02 . 2005-10-06 00:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 12:23 . 2011-06-02 12:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-06-02 12:23 . 2011-06-02 12:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-02 15:31 . 2006-12-21 00:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 07:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-05-05 09:41 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC1601"="del" [X]
"SpybotDeletingC5643"="del" [X]
"SpybotDeletingC162"="del" [X]
"SpybotDeletingC5289"="del" [X]
"SpybotDeletingC6063"="del" [X]
"SpybotDeletingC6398"="del" [X]
"SpybotDeletingC1303"="del" [X]
"SpybotDeletingC5090"="del" [X]
"SpybotDeletingC5982"="del" [X]
"SpybotDeletingC7764"="del" [X]
"SpybotDeletingC1844"="del" [X]
"SpybotDeletingC5268"="del" [X]
"SpybotDeletingC1206"="del" [X]
"SpybotDeletingC2757"="del" [X]
"SpybotDeletingC6390"="del" [X]
"SpybotDeletingC3537"="del" [X]
"SpybotDeletingC4850"="del" [X]
"SpybotDeletingC8813"="del" [X]
"SpybotDeletingC4891"="del" [X]
"SpybotDeletingC3522"="del" [X]
"SpybotDeletingC3279"="del" [X]
"SpybotDeletingC7206"="del" [X]
"SpybotDeletingC1382"="del" [X]
"SpybotDeletingC6708"="del" [X]
"SpybotDeletingC6645"="del" [X]
"SpybotDeletingC5094"="del" [X]
"SpybotDeletingC9914"="del" [X]
"SpybotDeletingC2738"="del" [X]
"SpybotDeletingC5498"="del" [X]
"SpybotDeletingC4253"="del" [X]
"SpybotDeletingC6805"="del" [X]
"SpybotDeletingC8043"="del" [X]
"SpybotDeletingC7046"="del" [X]
"SpybotDeletingC7243"="del" [X]
"SpybotDeletingC181"="del" [X]
"SpybotDeletingC7090"="del" [X]
"SpybotDeletingC5149"="del" [X]
"SpybotDeletingC3358"="del" [X]
"SpybotDeletingC9310"="del" [X]
"SpybotDeletingC6962"="del" [X]
"SpybotDeletingC6501"="del" [X]
"SpybotDeletingC9781"="del" [X]
"SpybotDeletingC3632"="del" [X]
"SpybotDeletingC6555"="del" [X]
"SpybotDeletingC5745"="del" [X]
"SpybotDeletingC3294"="del" [X]
"SpybotDeletingC6112"="del" [X]
"SpybotDeletingC9776"="del" [X]
"SpybotDeletingC6119"="del" [X]
"SpybotDeletingC2501"="del" [X]
"SpybotDeletingC3549"="del" [X]
"SpybotDeletingC8598"="del" [X]
"SpybotDeletingC2955"="del" [X]
"SpybotDeletingC3847"="del" [X]
"SpybotDeletingC6366"="del" [X]
"SpybotDeletingC5884"="del" [X]
"SpybotDeletingC7143"="del" [X]
"SpybotDeletingC5911"="del" [X]
"SpybotDeletingC4590"="del" [X]
"SpybotDeletingC7488"="del" [X]
"SpybotDeletingC2198"="del" [X]
"SpybotDeletingC3036"="del" [X]
"SpybotDeletingC1394"="del" [X]
"SpybotDeletingC3833"="del" [X]
"SpybotDeletingC4331"="del" [X]
"SpybotDeletingC450"="del" [X]
"SpybotDeletingC4879"="del" [X]
"SpybotDeletingC4981"="del" [X]
"SpybotDeletingC1321"="del" [X]
"SpybotDeletingC279"="del" [X]
"SpybotDeletingC8442"="del" [X]
"SpybotDeletingC4283"="del" [X]
"SpybotDeletingA340"="command.com" [2001-08-23 50620]
"SpybotDeletingA8065"="command.com" [2001-08-23 50620]
"SpybotDeletingA1269"="command.com" [2001-08-23 50620]
"SpybotDeletingA5347"="command.com" [2001-08-23 50620]
"SpybotDeletingA1114"="command.com" [2001-08-23 50620]
"SpybotDeletingA3780"="command.com" [2001-08-23 50620]
"SpybotDeletingA2368"="command.com" [2001-08-23 50620]
"SpybotDeletingA8454"="command.com" [2001-08-23 50620]
"SpybotDeletingA9834"="command.com" [2001-08-23 50620]
"SpybotDeletingA580"="command.com" [2001-08-23 50620]
"SpybotDeletingA1131"="command.com" [2001-08-23 50620]
"SpybotDeletingA2541"="command.com" [2001-08-23 50620]
"SpybotDeletingA8941"="command.com" [2001-08-23 50620]
"SpybotDeletingA2802"="command.com" [2001-08-23 50620]
"SpybotDeletingA9145"="command.com" [2001-08-23 50620]
"SpybotDeletingA3487"="command.com" [2001-08-23 50620]
"SpybotDeletingA337"="command.com" [2001-08-23 50620]
"SpybotDeletingA3848"="command.com" [2001-08-23 50620]
"SpybotDeletingA2219"="command.com" [2001-08-23 50620]
"SpybotDeletingA7904"="command.com" [2001-08-23 50620]
"SpybotDeletingA1545"="command.com" [2001-08-23 50620]
"SpybotDeletingA1599"="command.com" [2001-08-23 50620]
"SpybotDeletingA3037"="command.com" [2001-08-23 50620]
"SpybotDeletingA840"="command.com" [2001-08-23 50620]
"SpybotDeletingA7034"="command.com" [2001-08-23 50620]
"SpybotDeletingA5248"="command.com" [2001-08-23 50620]
"SpybotDeletingA3967"="command.com" [2001-08-23 50620]
"SpybotDeletingA9946"="command.com" [2001-08-23 50620]
"SpybotDeletingA9781"="command.com" [2001-08-23 50620]
"SpybotDeletingA6758"="command.com" [2001-08-23 50620]
"SpybotDeletingA3616"="command.com" [2001-08-23 50620]
"SpybotDeletingA6889"="command.com" [2001-08-23 50620]
"SpybotDeletingA9391"="command.com" [2001-08-23 50620]
"SpybotDeletingA36"="command.com" [2001-08-23 50620]
"SpybotDeletingA2229"="command.com" [2001-08-23 50620]
"SpybotDeletingA6690"="command.com" [2001-08-23 50620]
"SpybotDeletingA6069"="command.com" [2001-08-23 50620]
"SpybotDeletingA6635"="command.com" [2001-08-23 50620]
"SpybotDeletingA8609"="command.com" [2001-08-23 50620]
"SpybotDeletingA5680"="command.com" [2001-08-23 50620]
"SpybotDeletingA1801"="command.com" [2001-08-23 50620]
"SpybotDeletingA8879"="command.com" [2001-08-23 50620]
"SpybotDeletingA6921"="command.com" [2001-08-23 50620]
"SpybotDeletingA7313"="command.com" [2001-08-23 50620]
"SpybotDeletingA8225"="command.com" [2001-08-23 50620]
"SpybotDeletingA2598"="command.com" [2001-08-23 50620]
"SpybotDeletingA8741"="command.com" [2001-08-23 50620]
"SpybotDeletingA390"="command.com" [2001-08-23 50620]
"SpybotDeletingA2911"="command.com" [2001-08-23 50620]
"SpybotDeletingA4674"="command.com" [2001-08-23 50620]
"SpybotDeletingA7322"="command.com" [2001-08-23 50620]
"SpybotDeletingA8441"="command.com" [2001-08-23 50620]
"SpybotDeletingA8444"="command.com" [2001-08-23 50620]
"SpybotDeletingA5760"="command.com" [2001-08-23 50620]
"SpybotDeletingA366"="command.com" [2001-08-23 50620]
"SpybotDeletingA9298"="command.com" [2001-08-23 50620]
"SpybotDeletingA5027"="command.com" [2001-08-23 50620]
"SpybotDeletingA2510"="command.com" [2001-08-23 50620]
"SpybotDeletingA1879"="command.com" [2001-08-23 50620]
"SpybotDeletingA9840"="command.com" [2001-08-23 50620]
"SpybotDeletingA8844"="command.com" [2001-08-23 50620]
"SpybotDeletingA2756"="command.com" [2001-08-23 50620]
"SpybotDeletingA3502"="command.com" [2001-08-23 50620]
"SpybotDeletingA8929"="command.com" [2001-08-23 50620]
"SpybotDeletingA8326"="command.com" [2001-08-23 50620]
"SpybotDeletingA1848"="command.com" [2001-08-23 50620]
"SpybotDeletingA4564"="command.com" [2001-08-23 50620]
"SpybotDeletingA87"="command.com" [2001-08-23 50620]
"SpybotDeletingA7205"="command.com" [2001-08-23 50620]
"SpybotDeletingA4214"="command.com" [2001-08-23 50620]
"SpybotDeletingA3030"="command.com" [2001-08-23 50620]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2010 16:10 691696]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{04185977-C61F-4216-AA10-A308CC904433}
TCP: DhcpNameServer = 192.168.0.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{919F7D4B-AA3F-BBB8-16C2-7F78E6740404}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalegdehmbdkhllepadm"=hex:62,61,70,6f,00,00
"jalegdehmbdkhllepahm"=hex:62,61,6d,70,00,00
"ialnkhjjmabbmkjlml"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,64,66,65,6e,
65,64,6d,6e,00,00
"hafoiabkojomeoef"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,67,65,6c,6d,
6a,62,63,62,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(420)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-07-25 19:46:07
ComboFix-quarantined-files.txt 2011-07-25 17:46
.
Pre-Run: 13 637 537 792 bytes free
Post-Run: 8 adresárov, 14 572 535 808 voľných bajtov
.
- - End Of File - - 165763C598A3BCE2B9BB7DBA3F606A8D
Re: proces vyťažuje procesor
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000000 [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] RegLock:: [HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*] [HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{919F7D4B-AA3F-BBB8-16C2-7F78E6740404}*] AtJob:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: proces vyťažuje procesor
ok, tu je log:
ComboFix 11-07-25.02 - Ľuboš 25.07.2011 20:16:32.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.779 [GMT 2:00]
Running from: c:\documents and settings\Grom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Grom\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:17 . 2011-07-25 17:17 -------- dc----w- c:\program files\trend micro
2011-07-25 17:17 . 2011-07-25 17:18 -------- d-----w- C:\rsit
2011-07-25 16:43 . 2011-07-25 16:48 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 14:06 . 2011-07-25 17:15 -------- dc----w- c:\program files\Spybot - Search & Destroy 2
2011-07-25 12:47 . 2011-07-25 12:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-24 16:19 . 2011-07-25 18:16 -------- d-----w- c:\windows\system32\CatRoot2
2011-07-24 14:36 . 2011-07-25 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
2011-07-23 21:01 . 2011-07-23 21:01 -------- d-----w- c:\documents and settings\Grom\Application Data\Leadertech
2011-07-20 19:25 . 2011-07-20 19:25 -------- d--h--w- c:\documents and settings\Default User.WINXP
2011-07-12 16:46 . 2011-07-12 16:46 -------- d-----w- c:\documents and settings\Grom\Application Data\ElevatedDiagnostics
2011-07-12 08:52 . 2011-07-12 08:52 -------- d-----w- c:\program files\Hewlett-Packard
2011-07-10 20:50 . 2011-07-10 20:50 -------- dc----w- c:\program files\Atari
2011-07-10 20:50 . 2011-07-10 20:50 -------- d-----w- c:\documents and settings\Grom\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 06:13 . 2011-05-14 08:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 16:49 . 2011-06-14 16:49 1409 ----a-w- c:\windows\system32\tmpF7F40.FOT
2011-06-14 16:49 . 2011-06-14 16:49 1409 ----a-w- c:\windows\system32\tmpA3050.FOT
2011-06-02 14:02 . 2005-10-06 00:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 12:23 . 2011-06-02 12:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-06-02 12:23 . 2011-06-02 12:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-02 15:31 . 2006-12-21 00:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 07:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-05-05 09:41 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2010 16:10 691696]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{04185977-C61F-4216-AA10-A308CC904433}
TCP: DhcpNameServer = 192.168.0.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{919F7D4B-AA3F-BBB8-16C2-7F78E6740404}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalegdehmbdkhllepadm"=hex:62,61,70,6f,00,00
"jalegdehmbdkhllepahm"=hex:62,61,6d,70,00,00
"ialnkhjjmabbmkjlml"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,64,66,65,6e,
65,64,6d,6e,00,00
"hafoiabkojomeoef"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,67,65,6c,6d,
6a,62,63,62,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(408)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-07-25 20:25:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 18:25
ComboFix2.txt 2011-07-25 17:46
.
Pre-Run: 14 576 476 160 bytes free
Post-Run: 8 adresárov, 14 569 771 008 voľných bajtov
.
- - End Of File - - 31EAE80C27C8726D54AD76DA2B4DAEDB
ComboFix 11-07-25.02 - Ľuboš 25.07.2011 20:16:32.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.779 [GMT 2:00]
Running from: c:\documents and settings\Grom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Grom\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:17 . 2011-07-25 17:17 -------- dc----w- c:\program files\trend micro
2011-07-25 17:17 . 2011-07-25 17:18 -------- d-----w- C:\rsit
2011-07-25 16:43 . 2011-07-25 16:48 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 14:06 . 2011-07-25 17:15 -------- dc----w- c:\program files\Spybot - Search & Destroy 2
2011-07-25 12:47 . 2011-07-25 12:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-24 16:19 . 2011-07-25 18:16 -------- d-----w- c:\windows\system32\CatRoot2
2011-07-24 14:36 . 2011-07-25 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
2011-07-23 21:01 . 2011-07-23 21:01 -------- d-----w- c:\documents and settings\Grom\Application Data\Leadertech
2011-07-20 19:25 . 2011-07-20 19:25 -------- d--h--w- c:\documents and settings\Default User.WINXP
2011-07-12 16:46 . 2011-07-12 16:46 -------- d-----w- c:\documents and settings\Grom\Application Data\ElevatedDiagnostics
2011-07-12 08:52 . 2011-07-12 08:52 -------- d-----w- c:\program files\Hewlett-Packard
2011-07-10 20:50 . 2011-07-10 20:50 -------- dc----w- c:\program files\Atari
2011-07-10 20:50 . 2011-07-10 20:50 -------- d-----w- c:\documents and settings\Grom\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 06:13 . 2011-05-14 08:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 16:49 . 2011-06-14 16:49 1409 ----a-w- c:\windows\system32\tmpF7F40.FOT
2011-06-14 16:49 . 2011-06-14 16:49 1409 ----a-w- c:\windows\system32\tmpA3050.FOT
2011-06-02 14:02 . 2005-10-06 00:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 12:23 . 2011-06-02 12:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-06-02 12:23 . 2011-06-02 12:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-02 15:31 . 2006-12-21 00:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 07:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-05-05 09:41 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2010 16:10 691696]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{04185977-C61F-4216-AA10-A308CC904433}
TCP: DhcpNameServer = 192.168.0.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{919F7D4B-AA3F-BBB8-16C2-7F78E6740404}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalegdehmbdkhllepadm"=hex:62,61,70,6f,00,00
"jalegdehmbdkhllepahm"=hex:62,61,6d,70,00,00
"ialnkhjjmabbmkjlml"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,64,66,65,6e,
65,64,6d,6e,00,00
"hafoiabkojomeoef"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,67,65,6c,6d,
6a,62,63,62,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(408)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-07-25 20:25:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 18:25
ComboFix2.txt 2011-07-25 17:46
.
Pre-Run: 14 576 476 160 bytes free
Post-Run: 8 adresárov, 14 569 771 008 voľných bajtov
.
- - End Of File - - 31EAE80C27C8726D54AD76DA2B4DAEDB
Re: proces vyťažuje procesor
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: proces vyťažuje procesor
zatiaľ to vyzerá ok, diky moc... pustil som aktualizácie a už sa aj zvládnu nainštalovať
ostal už len pôvodný problém... po bootovaní biosu, winu, nabehne modrá obrazovka s Vitajte a zamrzne plocha, dolná lišta, všetko
kliknem na aplikáciu, nereaguje to trvá asi 2 minúty a potom všetko ide normálne.... trvá to asi rok, zvykol som si na to
v každom prípade ďakujem
ostal už len pôvodný problém... po bootovaní biosu, winu, nabehne modrá obrazovka s Vitajte a zamrzne plocha, dolná lišta, všetko
kliknem na aplikáciu, nereaguje to trvá asi 2 minúty a potom všetko ide normálne.... trvá to asi rok, zvykol som si na to
v každom prípade ďakujem
Re: proces vyťažuje procesor
Tak jeste uklidime 
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner (viz muj podpis)
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
Odinstalujte Combofix
- Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
- Napiste ComboFix /UninstallA
- Stisknete Enter
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: proces vyťažuje procesor
zatiaľ všetko ok, dikes, CCleaner ostáva inštalovaný 
Re: proces vyťažuje procesor
Nemate zac, rad jsem pomohl Zase nekdy 
Zase nekdy "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?
