Code:
:otl
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
[2011/05/11 18:46:31 | 000,002,191 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [YwvLwqew] E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O8 - Extra context menu item: Download with &Media Finder - E:\Program Files\Media Finder\hook.html File not found
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O20 - HKLM Winlogon: UserInit - (E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe) - E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
@Alternate Data Stream - 138 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9)
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\WINDOWS\system32\PnkBstrA.exe" =-
"E:\WINDOWS\system32\PnkBstrB.exe" =-
"C:\Program Files\uTorrent\uTorrent.exe" =-
"E:\Program Files\DNA\btdna.exe" =-
:files
ipconfig /flushdns /c
:commands
[emptytemp]
[resethosts]
[createrestorepoint]