Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malwarebytes 11 object detected


  • Please log in to reply

#1
arcadez

arcadez

    Member

  • Member
  • PipPip
  • 11 posts

Hi,

 

I 'm trying to help my gf's dad fix his laptop. I downloaded malwarebytes a few days ago and ran it. It found 11 objects and deleted them. I don't have the log for that, but I did a fresh new one today because the computer still seems to run poorly. I also delete a bunch of spam anti virus software, unknown casino games and other weird things her father didn't even know what they were.

 

Please help it get's hard to even type it loads so slow.

 

 

 

 

OTL logfile created on: 5/7/2014 9:15:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\faustino\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.44 Mb Total Physical Memory | 195.88 Mb Available Physical Memory | 19.33% Memory free
2.23 Gb Paging File | 1.33 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 98.53 Gb Free Space | 66.76% Space Free | Partition Type: NTFS
 
Computer Name: TINO-PC | User Name: faustino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/07 09:14:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\faustino\Desktop\OTL.exe
PRC - [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/10 15:22:26 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/07 15:50:50 | 003,772,416 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 02:45:54 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 17:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 17:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 17:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 17:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2006/11/06 09:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (jswpsapi)
SRV - [2014/04/28 18:52:47 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/03 12:51:04 | 000,088,064 | ---- | M] () [Disabled | Stopped] -- C:\DocSmartzPlatinum\WinService.exe -- (DocSmartzPrintSpooler)
SRV - [2011/07/20 17:57:54 | 000,062,928 | R--- | M] (iS3, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2007/04/12 14:55:02 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/22 18:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/09/12 09:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/07/20 13:54:28 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\faustino\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKG.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/10/01 16:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/10/28 20:21:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111.sys -- (MRV6X32U)
DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/11 03:23:46 | 000,015,360 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrveap32.sys -- (Mrvleap)
DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/30 09:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 23:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 20:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/31 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/08/16 14:43:22 | 000,553,984 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMW145.sys -- (NETMW145)
DRV - [2006/07/06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/02/14 11:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2005/09/27 16:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/08/01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...5533122175&UM=2
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...5533122175&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012/03/20 09:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faustino\AppData\Roaming\Mozilla\Extensions
[2013/03/30 20:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions
[2013/03/30 20:51:35 | 000,000,000 | ---D | M] ("Solid Savings") -- C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com
[2013/03/30 20:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode
[2009/09/02 03:01:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MixiDJ V1 = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.15.0.62_0\
CHR - Extension: Google Wallet = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/05/06 16:01:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07AF7347-0A5E-4A6C-BB12-52843A784293}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A2C0994-C43E-43FD-96D0-E5CF66D10B06}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/07 09:14:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\faustino\Desktop\OTL.exe
[2014/05/06 19:16:20 | 000,000,000 | ---D | C] -- C:\Users\faustino\AppData\Roaming\Malwarebytes
[2014/05/06 17:11:59 | 000,000,000 | ---D | C] -- C:\ERDNT
[2014/05/06 17:11:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/06 17:10:23 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2014/05/06 16:08:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/05/06 15:06:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/05/06 14:56:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/07 09:21:27 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/07 09:21:27 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/07 09:20:12 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0402308A-A0AC-46D3-85C6-F95786E47C31}.job
[2014/05/07 09:14:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\faustino\Desktop\OTL.exe
[2014/05/07 08:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/07 08:29:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/07 07:29:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/06 23:19:37 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/05/06 23:19:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/06 20:42:03 | 002,113,856 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/06 20:42:03 | 000,636,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/06 18:35:12 | 161,078,000 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/06 17:48:01 | 000,326,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/06 16:46:27 | 000,000,954 | ---- | M] () -- C:\Users\faustino\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/06 16:01:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/04/29 15:12:47 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/28 18:52:42 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/28 18:52:41 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/06 18:34:45 | 161,078,000 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/05/06 16:46:27 | 000,000,954 | ---- | C] () -- C:\Users\faustino\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/09 14:36:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/09 14:36:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/09 14:36:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/09 14:36:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/09 14:36:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/02 23:39:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/20 21:38:48 | 000,000,000 | ---- | C] () -- C:\Users\faustino\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 05:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 21:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 02:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

Edited by arcadez, 07 May 2014 - 10:55 AM.

  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hello Arcadez :welcome:

My name around here is SleepyDude and I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.
I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

.
IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.
 

«»«»«»

 

I need some time to revise your log in the meantime can you please copy & paste the Extras.txt log OTL created on the Desktop?


  • 0

#3
arcadez

arcadez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thank you for helping me sleepydude! here is the extra.txt

 

 

OTL Extras logfile created on: 5/7/2014 9:15:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\faustino\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.44 Mb Total Physical Memory | 195.88 Mb Available Physical Memory | 19.33% Memory free
2.23 Gb Paging File | 1.33 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 98.53 Gb Free Space | 66.76% Space Free | Partition Type: NTFS
 
Computer Name: TINO-PC | User Name: faustino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13EE2BFB-D0AF-4859-A3DB-319053F76DC7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{2F67E00E-DA83-4A5D-99CE-EE07AAAF347E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4910E52E-DA88-43C7-9576-266C2798F912}" = lport=139 | protocol=6 | dir=in | app=system | 
"{50380080-9F3A-4710-861D-EB3502A32544}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5B099B88-B367-4DCF-B8D8-0602ED8558CF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6D4FA5B5-D75E-4A8F-BDE4-94604F48C29E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{78D06B82-944D-47AD-A7B4-08D2526C5424}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A254F014-1CA0-4584-B4B8-A03794852A4F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter | 
"{B2872F2C-67DB-4635-B62E-EC2B6556C03C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CD973288-245A-4743-9B1D-24D65F84E821}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F55C9F41-2168-43D2-A1D9-865972A5B211}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D43B21D-71D9-4BCF-97C6-EA9C1E7CA4D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11DE8131-66D4-4847-9203-F09A29236ECF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4AD26D9A-D276-45C2-AB01-3D549A339FA0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | 
"{520CB66D-0ACD-4D8E-8F77-D78B2F18E519}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{6110C5BC-D0E3-45AB-B53A-BA7EBBAA8E35}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7E974FA3-EF08-4620-A84A-28C3C18C50C4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7ED3A338-C22B-4BE4-8F8A-E9ED09C92CF0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{880447CE-91FE-4EEA-8996-9028AEAD0282}" = protocol=1 | dir=out | [email protected],-28544 | 
"{956F82CF-6758-490D-8D25-7987D2DD100B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E775A44-F7CA-450F-B8F3-E2C0A8F62800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4766AF1-9774-4638-96A6-8096BF47F501}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | 
"{B76AD87C-10F7-4C45-B350-43536A973788}" = protocol=1 | dir=in | [email protected],-28543 | 
"{B92EC238-D833-4181-A339-7921F0F9FDA6}" = protocol=1 | dir=in | [email protected],-28543 | 
"{C36C4414-A59C-4173-8F3D-B7338AD7D9EC}" = protocol=58 | dir=in | [email protected],-28545 | 
"{D5CF1117-7931-4E69-8AB6-2B18703AF5D7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D9D9E07A-16A9-4B8A-8441-909776C1F66E}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E9458BAA-8B31-4616-BE00-51F1625E5629}" = protocol=58 | dir=in | [email protected],-28545 | 
"{EAA2CEDD-AF9E-4096-8549-B0B5E7DF16EE}" = protocol=58 | dir=out | [email protected],-28546 | 
"{F88CD148-B674-4B73-8600-8670990DBED0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FEA2A1A6-8DFA-49A3-83BE-F3DEBAD1976E}" = protocol=1 | dir=out | [email protected],-28544 | 
"TCP Query User{1A376E69-CA3B-47D8-B22B-1A510D492E2D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{7BB014C0-51E7-412E-AA59-C53D8530C31B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{2ABCB142-9439-4FB5-A957-3D6C72D20C0C}" = Luvinia
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{530241F4-D15B-4E0B-B3F3-47F83BC285AA}" = STOPzilla
"{55532499-5676-4DAE-9A57-AEB907A0A1DD}" = QuickShare
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74892A2F-57B2-48E4-81C3-1E21E12A470B}" = TOSHIBA Supervisor Password
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B77A308F-85F5-4D68-8CB5-313332CB2779}" = TOSHIBA Hardware Setup
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E820F6CD-75FD-4DCA-A293-A76F4D2C56EC}" = Luvinia
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"Desktop Dialer" = Desktop Dialer
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"WT015802" = Bejeweled 2 Deluxe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/4/2011 8:48:28 AM | Computer Name = Tino-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 11/4/2011 8:48:28 AM | Computer Name = Tino-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 11/5/2011 6:00:35 AM | Computer Name = Tino-PC | Source = VSS | ID = 8194
Description = 
 
Error - 11/5/2011 6:01:02 AM | Computer Name = Tino-PC | Source = VSS | ID = 12301
Description = 
 
Error - 11/5/2011 6:01:02 AM | Computer Name = Tino-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 11/5/2011 9:32:59 AM | Computer Name = Tino-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 11/5/2011 9:32:59 AM | Computer Name = Tino-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 11/5/2011 9:33:00 AM | Computer Name = Tino-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 11/6/2011 7:00:38 AM | Computer Name = Tino-PC | Source = VSS | ID = 8194
Description = 
 
Error - 11/6/2011 7:01:14 AM | Computer Name = Tino-PC | Source = VSS | ID = 12301
Description = 
 
[ Media Center Events ]
Error - 5/24/2008 8:54:19 PM | Computer Name = Tino-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 5/26/2008 4:08:02 PM | Computer Name = Tino-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 5/30/2008 10:22:42 AM | Computer Name = Tino-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 6/6/2008 11:02:24 AM | Computer Name = Tino-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 12/28/2008 12:58:18 AM | Computer Name = Tino-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/13/2009 3:31:52 PM | Computer Name = Tino-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
 
Error encountered while reading event logs.
 
< End of report >

  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi,

 

Can you please post the OTL.txt log again because it doesn't seems to be complete.


  • 0

#5
arcadez

arcadez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

sorry it gets so slow it freezes sometimes specially when using the internet. 

 

OTL logfile created on: 5/7/2014 9:15:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\faustino\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.44 Mb Total Physical Memory | 195.88 Mb Available Physical Memory | 19.33% Memory free
2.23 Gb Paging File | 1.33 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 98.53 Gb Free Space | 66.76% Space Free | Partition Type: NTFS
 
Computer Name: TINO-PC | User Name: faustino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/07 09:14:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\faustino\Desktop\OTL.exe
PRC - [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/10 15:22:26 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/07 15:50:50 | 003,772,416 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 02:45:54 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 17:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 17:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 17:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 17:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2006/11/06 09:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (jswpsapi)
SRV - [2014/04/28 18:52:47 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/03 12:51:04 | 000,088,064 | ---- | M] () [Disabled | Stopped] -- C:\DocSmartzPlatinum\WinService.exe -- (DocSmartzPrintSpooler)
SRV - [2011/07/20 17:57:54 | 000,062,928 | R--- | M] (iS3, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2007/04/12 14:55:02 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/22 18:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/09/12 09:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/07/20 13:54:28 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\faustino\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKG.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/10/01 16:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/10/28 20:21:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111.sys -- (MRV6X32U)
DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/11 03:23:46 | 000,015,360 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrveap32.sys -- (Mrvleap)
DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/30 09:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 23:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 20:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/31 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/08/16 14:43:22 | 000,553,984 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMW145.sys -- (NETMW145)
DRV - [2006/07/06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/02/14 11:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2005/09/27 16:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/08/01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...5533122175&UM=2
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...5533122175&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012/03/20 09:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faustino\AppData\Roaming\Mozilla\Extensions
[2013/03/30 20:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions
[2013/03/30 20:51:35 | 000,000,000 | ---D | M] ("Solid Savings") -- C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com
[2013/03/30 20:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode
[2009/09/02 03:01:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MixiDJ V1 = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.15.0.62_0\
CHR - Extension: Google Wallet = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/05/06 16:01:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07AF7347-0A5E-4A6C-BB12-52843A784293}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A2C0994-C43E-43FD-96D0-E5CF66D10B06}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/07 09:14:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\faustino\Desktop\OTL.exe
[2014/05/06 19:16:20 | 000,000,000 | ---D | C] -- C:\Users\faustino\AppData\Roaming\Malwarebytes
[2014/05/06 17:11:59 | 000,000,000 | ---D | C] -- C:\ERDNT
[2014/05/06 17:11:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/06 17:10:23 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2014/05/06 16:08:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/05/06 15:06:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/05/06 14:56:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/07 09:21:27 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/07 09:21:27 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/07 09:20:12 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0402308A-A0AC-46D3-85C6-F95786E47C31}.job
[2014/05/07 09:14:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\faustino\Desktop\OTL.exe
[2014/05/07 08:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/07 08:29:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/07 07:29:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/06 23:19:37 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/05/06 23:19:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/06 20:42:03 | 002,113,856 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/06 20:42:03 | 000,636,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/06 18:35:12 | 161,078,000 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/06 17:48:01 | 000,326,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/06 16:46:27 | 000,000,954 | ---- | M] () -- C:\Users\faustino\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/06 16:01:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/04/29 15:12:47 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/28 18:52:42 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/28 18:52:41 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/06 18:34:45 | 161,078,000 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/05/06 16:46:27 | 000,000,954 | ---- | C] () -- C:\Users\faustino\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/09 14:36:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/09 14:36:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/09 14:36:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/09 14:36:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/09 14:36:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/02 23:39:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/20 21:38:48 | 000,000,000 | ---- | C] () -- C:\Users\faustino\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 05:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 21:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 02:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >

  • 0

#6
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Thanks for the logs.

 

I'm preparing a fix for you... will post soon.


  • 0

#7
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi Arcadez,

I have checked the logs you provided and I found that we have some work to do let's start.


Multiple Antivirus

Your log show that you have several Antivirus and Security programs installed, STOPzilla, Microsoft Security Essentials and Malwarebytes Anti-Malware!

Contrary to what some people think, having more than one antivirus program doesn't give you more protection. With several Real-Time protections active the computer becomes slower accessing files and could crash due to resource conflicting, also you could get False Alarms when one AV starts identifying as virus the files from the other antivirus program. On next steps I will ask you to remove some of those programs.
.
!!! Registry Optimizer/Cleaner !!!

You have a program named Eusing Free Registry Cleaner on your computer that are supposedly registry Optimizers/cleaners. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that users don't use this kind of sketchy programs. If you have doubts about this please read Registry Junk: A Windows Fact of Life by Mark Russinovich’s, Mark is a well know Windows specialist that works now for Microsoft.
You can read more about this type of programs here from one of our members.


Step 1 - Uninstall Programs

Besides the Antivirus programs you have also some outdated programs that need to be removed, running old versions make the computer vulnerable to infections..

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them:

  • STOPzilla
  • Eusing Free Registry Cleaner
  • Java™ 6 Update 33 (Outdated and vulnerable)
  • Java™ SE Runtime Environment 6 (Outdated and vulnerable)
  • Java Auto Updater

Notes:
- If you can't uninstall any of the programs on the list don't worry we will remove it latter just move to the next item.
- After the programs have been uninstalled Restart the computer. If requested by the uninstallers reboot the computer between uninstalls.


Step 2 - Run OTL Fix

 

!!! WARNING: !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

 

Right click on the icon OTL.gif and choose Run as Administrator to execute the tool. Make sure all other windows are closed.

  • Do not change any other settings unless otherwise told to do so.
  • Under the CustomScanBox.png box at the bottom, paste in the following (excluding the Quote line):

    :Commands
    [CreateRestorePoint]

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\faustino\AppData\Local\Temp\catchme.sys -- (catchme)
    IE - HKLM\..\URLSearchHook: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...5533122175&UM=2
    IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...5533122175&UM=2
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    [2013/03/30 20:51:35 | 000,000,000 | ---D | M] ("Solid Savings") -- C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com
    [2013/03/30 20:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode
    CHR - Extension: MixiDJ V1 = C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.15.0.62_0\
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
    [2013/03/09 14:36:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/03/09 14:36:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/03/09 14:36:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/03/09 14:36:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/03/09 14:36:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

    :Files
    netsh advfirewall reset /c
    netsh advfirewall set allprofiles state on /c
    C:\Program Files\Pando Networks
    C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com
    C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp
    C:\Program Files\Java\jre6

    :Commands
    [EmptyTemp]
    [Reboot]

  • click the RunFixButton.png button at the top. Let the program run uninterrupted.
  • click OK

Notes:

  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 3 - AdwCleaner Scan

Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Right click on the AdwCleaner_Icon.gif icon and choose Run as Administrator to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte)
    AdwCleaner_Clean.png
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt


Step 4 - Junkware Removal Tool (JRT)

Download JRT to your Desktop

  • Disable your AntiVirus and AntiSpyware applications
    (If you have difficulty properly disabling your security programs, refer to this link.)
  • Right click on the icon JRT.jpg and choose Run as Administrator. Make sure all other windows are closed & follow the prompts.
    (The tool will start scanning your system please be patient as this can take a while to complete depending on your system's specifications and the program you have installed)
  • On completion Notepad will open showing the log JRT.txt (the log is saved to your desktop). Please copy and paste its contents on your next reply
  • Enable your AntiVirus and AntiSpyware applications

 

Things I would like to see in your next reply:

  • The OTL Fix log
  • AdwCleaner log AdwCleaner[S0].txt
  • The JRT.txt log
  • Let me know how is the computer now?

  • 0

#8
arcadez

arcadez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

i may have to post one at a time is that each log one at a time is that fine?


  • 0

#9
arcadez

arcadez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\faustino\AppData\Local\Temp\catchme.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{67097627-fd8e-4f6b-af4b-ecb65e50112e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67097627-fd8e-4f6b-af4b-ecb65e50112e}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33\ deleted successfully.
C:\Windows\system32\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\skin folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\locale\en-US folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\locale folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\defaults\preferences folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\defaults folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome\content\core folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome\content\api folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome\content folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome folder moved successfully.
C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com folder moved successfully.
Folder C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode\ not found.
File C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.15.0.62_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\faustino\Desktop\cmd.bat deleted successfully.
C:\Users\faustino\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\faustino\Desktop\cmd.bat deleted successfully.
C:\Users\faustino\Desktop\cmd.txt deleted successfully.
C:\Program Files\Pando Networks\Media Booster\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\Pando Networks\Media Booster folder moved successfully.
C:\Program Files\Pando Networks folder moved successfully.
File\Folder C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\extensions\[email protected]db8838882.com not found.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\_locales\en folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\_locales folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\sl folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\lib\jquery.alerts folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\lib folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\core folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\WEATHER folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\TWITTER folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\SEARCH folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\Optimizer folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\wa folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\menu\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\menu\img folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\menu\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\menu folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\gf\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\gf\img folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\gf\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\gf folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\dlg\restart\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\dlg\restart folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui\dlg folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ui folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\sp\spsd\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\sp\spsd folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\sp\spbd\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\sp\spbd folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\sp\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\sp folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\options\js\resources folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\options\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\options\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\options\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\options folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\msd folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\api folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ac\res folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ac\img folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ac\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\ac folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\aboutBox\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\aboutBox\images folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al\aboutBox folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb\al folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\tb folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\Search\NewTabPages\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\Search\NewTabPages\img folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\Search\NewTabPages\html folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\Search\NewTabPages\css folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\Search\NewTabPages\API folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\Search\NewTabPages folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\Search\html folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\Search folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\plugins folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\nativeMessaging folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\mam\scripts\contentScripts folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\mam\scripts folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\mam folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\js\toolbarAPI folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\js\tabs\back folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\js\tabs folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\js\options folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\js\lib folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\js folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0\APISupport folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp\10.30.1.502_0 folder moved successfully.
C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\SystemV folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Pacific folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Indian folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Europe folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Etc folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Australia folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Atlantic folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Asia folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Antarctica folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\North_Dakota folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Kentucky folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Indiana folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Argentina folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Africa folder moved successfully.
C:\Program Files\Java\jre6\lib\zi folder moved successfully.
C:\Program Files\Java\jre6\lib\servicetag folder moved successfully.
C:\Program Files\Java\jre6\lib\security folder moved successfully.
C:\Program Files\Java\jre6\lib\management folder moved successfully.
C:\Program Files\Java\jre6\lib\images\cursors folder moved successfully.
C:\Program Files\Java\jre6\lib\images folder moved successfully.
C:\Program Files\Java\jre6\lib\im folder moved successfully.
C:\Program Files\Java\jre6\lib\i386 folder moved successfully.
C:\Program Files\Java\jre6\lib\fonts folder moved successfully.
C:\Program Files\Java\jre6\lib\ext folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ie folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy folder moved successfully.
C:\Program Files\Java\jre6\lib\cmm folder moved successfully.
C:\Program Files\Java\jre6\lib\audio folder moved successfully.
C:\Program Files\Java\jre6\lib\applet folder moved successfully.
C:\Program Files\Java\jre6\lib folder moved successfully.
C:\Program Files\Java\jre6\bin\plugin2 folder moved successfully.
C:\Program Files\Java\jre6\bin\dtplugin folder moved successfully.
C:\Program Files\Java\jre6\bin\client folder moved successfully.
C:\Program Files\Java\jre6\bin folder moved successfully.
C:\Program Files\Java\jre6 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: faustino
->Temp folder emptied: 5279712 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 62359331 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sara
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Tino
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 672850 bytes
RecycleBin emptied: 563 bytes
 
Total Files Cleaned = 65.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05072014_140219
 
Files\Folders moved on Reboot...
C:\Windows\temp\TMP00000046FA2756AE2DC4ADE3 moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#10
arcadez

arcadez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
# AdwCleaner v3.207 - Report created 07/05/2014 at 14:28:32
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : faustino - TINO-PC
# Running from : C:\Users\faustino\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\faustino\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Tino\AppData\Local\Conduit
Folder Deleted : C:\Users\Tino\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tino\AppData\LocalLow\MixiDJ_V1
Folder Deleted : C:\Users\Tino\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Tino\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Tino\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Tino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\speedypc software
Folder Deleted : C:\Users\Tino\AppData\Roaming\Mozilla\Firefox\Profiles\b40x2nim.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Tino\AppData\Roaming\Mozilla\Firefox\Profiles\b40x2nim.default\Extensions\{d12b4ac5-7cfd-4189-9422-6a44f564d17c}
Folder Deleted : C:\Users\Tino\AppData\Roaming\Mozilla\Firefox\Profiles\b40x2nim.default\Extensions\[email protected]db8838882.com
Folder Deleted : C:\Users\Tino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292583
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC9D0463-9C1B-409F-B886-46C4EDD64831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{293EACBB-869D-41D1-817D-81B9CDC415CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8DDFC70-C29E-4547-B670-27ADF0030D41}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\Software\MixiDJ_V1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6001.18385
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\faustino\AppData\Roaming\Mozilla\Firefox\Profiles\mvrglwi6.default\prefs.js ]
 
Line Deleted : user_pref("extensions.crossriderapp26278.adsOldValue", -1);
 
[ File : C:\Users\Tino\AppData\Roaming\Mozilla\Firefox\Profiles\b40x2nim.default\prefs.js ]
 
Line Deleted : user_pref("extensions.crossriderapp26278.adsOldValue", -1);
Line Deleted : user_pref("extensions.enabledItems", "[email protected]:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.1.0,{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5,{[...]
Line Deleted : user_pref("extensions.wajam.affiliate_id", "3221");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Line Deleted : user_pref("extensions.wajam.supported_sites.amazon_product.priam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.amazon_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.ebay_product.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';w[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.ebay_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1364702444622 - processInstallationUpgrade - version set to : 1.26\n1364702444623 - processBrowserLoad - Bad mappingListJsonString: null\n1364702445524 - onFla[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "4E806364FF5DD0AB68A683923FCBBE1D");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\faustino\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : ndlegeeaeejpodkbnkkofpjpjeigcopp
 
[ File : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Tino\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : ndlegeeaeejpodkbnkkofpjpjeigcopp
 
*************************
 
AdwCleaner[R0].txt - [7590 octets] - [07/05/2014 14:24:53]
AdwCleaner[S0].txt - [7649 octets] - [07/05/2014 14:28:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7709 octets] ##########

  • 0

Advertisements


#11
arcadez

arcadez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by faustino on Wed 05/07/2014 at 14:42:05.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/07/2014 at 14:50:08.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

i may have to post one at a time is that each log one at a time is that fine?

 

It's fine how is the computer running now?


  • 0

#13
arcadez

arcadez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

the computer seems a little faster now I can type without lag.

 

*also I was able to uninstall everything mention except stopzilla. I can't even find it on the uninstall programs list.


Edited by arcadez, 07 May 2014 - 04:25 PM.

  • 0

#14
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi,

 

I would like you to run a new scan with Malwarebytes, get a fresh OTL log and do some more scans...

 

Step 1 - Malwarebytes

  • close all the other running programs, specially the Web browser
  • execute Malwarebytes MBAM.gif again
  • let's make sure the program is updated, click on tab Update next click the Check for Updates button
  • return to the Scanner tab and select the option Perform quick scan then click the Scan button
  • when the scan finish click the Show Results button to view the results
  • make sure that everything listed is Checked (right click and choose Select All) then click on the Remove Selected button
  • after the removal process Notepad with open showing the log, please Copy & Paste the contents into your next reply

Notes:
- If MBAM encounters a file that is difficult to remove, you will be presented with some prompts, click OK to accept them and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately;
- after restart you can find the MBAM log executing the program again and accessing the Logs tab, make sure you select the more recent one and click Open then Copy & Paste the log contents into your next reply;


Step 2 - Custom OTL Scan

  • Execute OTL by double clicking the icon OTL.gif. Make sure all other windows are closed.
    (On Windows Vista or higher right click the file, select Run as Administrator and accept the Security Warning.)
    OTL_default.Png
  • Do not change any other settings and tick only the following check box's:
    • Scan All Users
    • LOP Check
    • Purity Check
  • on the CustomScanBox.png box paste the following (excluding the Quote line):

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir %systemdrive%\* /S /A:L /C
    CREATERESTOREPOINT

  • Click the RunScanButton.png button. Let the program run uninterrupted, the scan won't take long.
  • When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic.

 

 

Step 3 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
ESET_Scan.png

  • UNCHECK the box's Remove found threats and Scan Archives.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications

 

Step 4 - Security Check

Download Security Check by screen317 from here or here.

  • Save it to the Desktop.
  • Double click the icon SecurityCheckIcon2.png to execute the program.
    SecurityCheck.png
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.

Things I would like to see in your next reply:

  • The MBAM log
  • The new OTL.txt log
  • The ESET log
  • The checkup.txt log

  • 0

#15
arcadez

arcadez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

On Eset I couldn't press the advance settings so I went on and now it's taking forever. I guess that's why you had me uncheck them, sorry about that.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP