Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan found, with computer boot problems and other issues

Started by ssundberg , Aug 25 2013 05:42 PM

  • Please log in to reply

#16
RKinner
Posted 02 September 2013 - 10:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Get rid of all of them.
  • 0

Advertisements

#17
ssundberg
Posted 06 September 2013 - 07:04 PM

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi, Ron

Done! And, yes, I would like to completely uninstall Adaware.

Thanks!
  • 0

#18
RKinner
Posted 08 September 2013 - 01:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
AdAware should uninstall the usual way. IF not run an OTL Quickscan and post the log and we will remove it like a virus.
  • 0

#19
ssundberg
Posted 08 September 2013 - 06:27 PM

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi, Ron

Here's another OTL file Thanks! The Adaware that remains appears on the toolbar.


OTL logfile created on: 9/8/2013 7:10:12 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.73% Memory free
7.50 Gb Paging File | 5.80 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.27 Gb Total Space | 76.95 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
Drive M: | 74.51 Gb Total Space | 15.34 Gb Free Space | 20.58% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\Owner\Downloads\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.)
PRC - C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Macromedia\HomeSite 5\Homesite5.exe (Macromedia, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Macromedia\bin\wddx_com.dll ()
MOD - C:\Windows\SysWOW64\xmlparse.dll ()
MOD - C:\Windows\SysWOW64\xmltok.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\drivers\RTL85n64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{BD776319-9155-41DC-8DC1-F7C17E525709}: "URL" = http://www.google.co...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7DC117D9-5C82-41C3-B205-95C7FE9BD1F9}: "URL" = http://www.google.co...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20110930
IE - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\..\SearchScopes\{25AD6587-7332-42D9-A5B0-70F431F3D04C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "https://webmail.mnmicro.net/"
FF - prefs.js..extensions.enabledAddons: jsobrier%40zscaler.com:1.7.2
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8.1
FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA6%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.6
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20110930&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/02 20:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/02 20:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/29 20:30:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/02 20:23:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/09/02 20:23:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/09/02 20:23:03 | 000,000,000 | ---D | M]

[2010/05/31 15:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/05/05 07:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/31 15:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/09/06 21:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions
[2013/09/06 21:15:20 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/05/08 07:09:58 | 000,000,000 | ---D | M] (ArchiveFacebook) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA6}
[2012/07/31 23:11:30 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013/08/29 18:57:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/19 10:17:09 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011/10/19 18:20:11 | 000,000,000 | ---D | M] ("BlackSheep") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\[email protected]
[2013/09/05 21:15:18 | 002,196,860 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\[email protected]
[2013/04/02 20:16:27 | 000,392,806 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\[email protected]
[2013/04/27 15:54:19 | 000,158,969 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\[email protected]
[2013/02/19 20:02:53 | 000,086,279 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\[email protected]
[2013/08/18 22:38:00 | 000,590,000 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\[email protected]
[2013/05/28 07:06:44 | 000,096,207 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/06/15 22:14:59 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/07/31 06:29:28 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/25 16:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/25 16:31:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/17 18:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 18:26:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/02 20:23:29 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/09/02 20:22:51 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: blekko (Enabled)
CHR - default_search_provider: search_url = http://safesearchr.l...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealDownloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2013/08/31 20:41:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1377445722-260433633-3850440793-1001..\Run: [Spotify Web Helper] C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1377445722-260433633-3850440793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F960C4F-F6F4-4020-85E2-63597165028B}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/26 05:11:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/08/27 09:27:18 | 000,000,000 | ---D | M] - M:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 20:24:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\RealNetworks
[2013/09/02 20:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/09/02 20:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/09/02 20:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/09/02 10:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2013/09/02 09:25:19 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Data Sources
[2013/08/31 20:48:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/31 20:48:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/31 20:23:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/31 20:23:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/31 20:23:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/31 20:23:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/31 20:23:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/31 20:20:09 | 005,114,906 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/08/29 20:46:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/29 20:33:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/18 23:08:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ImTOO Software Studio
[2013/08/18 23:08:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ImTOO Software Studio
[2013/08/17 18:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/15 02:44:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT

========== Files - Modified Within 30 Days ==========

[2013/09/08 19:08:40 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/08 19:08:40 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/08 19:01:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/08 19:01:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/08 19:01:27 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/08 18:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/08 18:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/08 10:49:36 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2013/09/08 10:49:36 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2013/09/04 00:46:35 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/02 20:23:37 | 000,001,266 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/09/02 20:22:45 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/09/01 22:45:01 | 000,697,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/01 22:45:01 | 000,603,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/01 22:45:01 | 000,099,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/31 20:41:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/31 20:19:17 | 000,061,440 | ---- | M] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2013/08/30 07:16:54 | 005,114,906 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/08/28 23:08:41 | 000,001,999 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\.ptbt0
[2013/08/25 14:12:44 | 000,000,632 | RHS- | M] () -- C:\Users\Owner\ntuser.pol
[2013/08/18 22:41:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/17 20:08:00 | 000,002,046 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2013/09/02 20:23:37 | 000,001,266 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/08/31 21:13:12 | 000,061,440 | ---- | C] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2013/08/31 20:23:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/31 20:23:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/31 20:23:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/31 20:23:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/31 20:23:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/28 23:08:41 | 000,001,999 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.ptbt0
[2012/09/02 04:22:28 | 000,000,355 | ---- | C] () -- C:\Users\Owner\Computer - Shortcut.lnk
[2012/01/14 23:04:40 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/24 04:27:37 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{992767E7-E75E-4617-9961-7C6F3D3B7589}
[2011/11/30 02:54:50 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2011/08/23 19:41:50 | 000,280,660 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2011/08/23 19:41:39 | 000,115,177 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2011/08/23 19:34:57 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/11/02 21:02:13 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\FileOut.cns
[2010/11/02 21:02:13 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\FileIn.cns
[2010/05/06 20:48:45 | 000,006,041 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/14 23:13:10 | 000,000,000 | ---D | M] -- C:\Users\Helen.Owner-PC.000\AppData\Roaming\APP_NAME_NON_STRING
[2012/08/19 10:04:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus
[2011/04/03 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
[2010/05/12 21:55:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AMPSoft
[2012/12/22 02:06:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2012/11/27 05:30:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\APP_NAME_NON_STRING
[2013/08/25 16:31:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2013/08/18 23:10:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\avidemux
[2011/10/14 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre
[2011/12/17 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CoffeeCup Software
[2012/09/20 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/09 01:33:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DiskAid
[2012/06/16 20:47:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Downloaded Installations
[2013/08/31 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2012/01/14 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2012/06/16 20:49:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileOpen
[2010/11/04 20:50:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Filter Forge 2
[2010/09/20 21:53:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FireShot
[2010/05/31 14:47:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\fltk.org
[2010/05/01 11:24:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GlobalSCAPE
[2010/05/31 15:23:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Greyfirst
[2010/05/06 20:47:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2013/08/18 23:08:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImTOO Software Studio
[2011/11/25 01:47:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LibreOffice
[2012/06/16 20:49:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nitro PDF
[2013/08/25 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2010/05/01 11:07:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/09/20 22:11:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PDAppFlex
[2012/11/27 05:33:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PDF Architect
[2011/12/17 10:03:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\pdftoepub
[2012/01/07 12:13:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Serif
[2013/06/12 04:01:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/01/19 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\storytron
[2010/05/05 07:14:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2010/05/12 01:23:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneAid
[2011/07/02 23:42:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

========== Purity Check ==========
  • 0

#20
RKinner
Posted 08 September 2013 - 07:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Which Browser

which toolbar
  • 0

#21
ssundberg
Posted 09 September 2013 - 06:21 PM

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
The Windows toolbar. My browser is Firefox.
  • 0

#22
RKinner
Posted 09 September 2013 - 08:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA6%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
[2013/08/29 18:57:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/19 10:17:09 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/08/25 16:31:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

:files
sc stop "Lavasoft Ad-Aware Service" /c
sc delete "Lavasoft Ad-Aware Service" /c
C:\Program Files (x86)\Lavasoft
reg export "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\bootexecute" %userprofile%\desktop\boot.txt /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\09092013-some number.log so look there if you don't see it.

This should put a file boot.txt on your desktop. Double click on it and it should open in Notepad. Copy and paste the text into a reply.
  • 0

#23
ssundberg
Posted 11 September 2013 - 06:39 PM

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi, Ron

Here's the OTL log. I couldn't find boot.txt on my desktop. I did see one titled aaw7boot.log, though. Is that the same?

========== OTL ==========
Prefs.js: %7B53A03D43-5363-4669-8190-99061B2DEBA6%7D:1.4 removed from extensions.enabledAddons
Prefs.js: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3 removed from extensions.enabledAddons
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37\ deleted successfully.
C:\Windows\SysWOW64\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\tests folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\lib folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\data folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults\preferences folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\amingm0o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
< sc stop "Lavasoft Ad-Aware Service" /c >
[SC] ControlService FAILED 1062:
The service has not been started.
C:\Users\Owner\Downloads\OTL\cmd.bat deleted successfully.
C:\Users\Owner\Downloads\OTL\cmd.txt deleted successfully.
< sc delete "Lavasoft Ad-Aware Service" /c >
[SC] DeleteService SUCCESS
C:\Users\Owner\Downloads\OTL\cmd.bat deleted successfully.
C:\Users\Owner\Downloads\OTL\cmd.txt deleted successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\ToolBox\LT folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\ToolBox folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\Resources folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\Languages folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\Drivers\i386 folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\Drivers\amd64 folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\Drivers\64 folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\Drivers\32 folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware\Drivers folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware folder moved successfully.
C:\Program Files (x86)\Lavasoft folder moved successfully.
< reg export "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\bootexecute" %userprofile%\desktop\boot.txt /c >
C:\Users\Owner\Downloads\OTL\cmd.bat deleted successfully.
C:\Users\Owner\Downloads\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Helen
->Flash cache emptied: 0 bytes

User: Helen.Owner-PC
->Flash cache emptied: 0 bytes

User: Helen.Owner-PC.000
->Flash cache emptied: 145956 bytes

User: Owner
->Flash cache emptied: 41320 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Helen

User: Helen.Owner-PC
->Java cache emptied: 0 bytes

User: Helen.Owner-PC.000
->Java cache emptied: 0 bytes

User: Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09112013_192832
  • 0

#24
RKinner
Posted 11 September 2013 - 07:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Different file.

I think I made a mistake in the reg export.

Copy the following:

reg export "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" %userprofile%\desktop\boot.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Yes. Right click in the newly opened command window and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter. Close the command window. Attach the file junk.txt on your desktop to your next post.
  • 0

#25
ssundberg
Posted 14 September 2013 - 08:42 AM

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
..

Edited by ssundberg, 14 September 2013 - 08:48 AM.

  • 0

Advertisements

#26
ssundberg
Posted 14 September 2013 - 08:44 AM

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
...

Edited by ssundberg, 14 September 2013 - 08:49 AM.

  • 0

#27
ssundberg
Posted 14 September 2013 - 08:46 AM

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi, Ron

Here's the boot.txt.
  • 0

#28
RKinner
Posted 14 September 2013 - 09:23 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Don't see it
  • 0

#29
ssundberg
Posted 14 September 2013 - 09:23 AM

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi, Ron

I'm having uploading issues this morning. I'll upload the boot.txt when able later today.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP