Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help Getting Rid of fbDownloader

fbDownloader

  • This topic is locked This topic is locked

#16
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Here you go ;)

 

OTL Fix log;

 

 

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

Service UxTuneUp stopped successfully!

Service UxTuneUp deleted successfully!

File move failed. C:\Windows\SysNative\uxtuneup.dll scheduled to be moved on reboot.

Service TuneUp.UtilitiesSvc stopped successfully!

Service TuneUp.UtilitiesSvc deleted successfully!

C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe moved successfully.

Error: No service named UxTuneUp was found to stop!

Service\Driver key UxTuneUp not found.

C:\Windows\SysWOW64\uxtuneup.dll moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.

C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs folder moved successfully.

C:\ProgramData\AVAST Software\Persistent Data\Avast folder moved successfully.

C:\ProgramData\AVAST Software\Persistent Data folder moved successfully.

C:\ProgramData\AVAST Software folder moved successfully.

========== FILES ==========

C:\Users\Zoltan\AppData\Roaming\AVG\Track Eraser folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\Rescue\Internet Optimizer folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\Rescue\AVG Registry Cleaner folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\Rescue folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\PC Tuneup 2011\Logs folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\PC Tuneup 2011\Disk Doctor\User Reports folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\PC Tuneup 2011\Disk Doctor\Logs folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\PC Tuneup 2011\Disk Doctor folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\PC Tuneup 2011\Data folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\Disk Defrag\Reports folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\Disk Defrag folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2014\TuningIndex folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2014\StartUp Manager folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2014\Speed Optimizer folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2014\Dashboard folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2014\Backups folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2014 folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2012\TuningIndex folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2012\StartUp Manager\Disabled objects folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2012\StartUp Manager folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2012\Speed Optimizer folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2012\Dashboard folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2012\Backups folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL2012 folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL\CrashDumps folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG\AWL folder moved successfully.

C:\Users\Zoltan\AppData\Roaming\AVG folder moved successfully.

File\Folder C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) not found.

File\Folder C:\ProgramData\AVAST Software not found.

File\Folder C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Mcx1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Zoltan

->Temp folder emptied: 806488 bytes

->Temporary Internet Files folder emptied: 929037 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 34259375 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 5633024 bytes

->Flash cache emptied: 1045 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 2186958 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 25793619 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 1761 bytes

 

Total Files Cleaned = 66.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 10092014_081107

 

OTL Quick Scan:

 

 

OTL logfile created on: 10/9/2014 8:22:23 AM - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zoltan\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.99 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 61.09% Memory free

12.09 Gb Paging File | 9.67 Gb Available in Paging File | 79.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 683.57 Gb Total Space | 462.62 Gb Free Space | 67.68% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 6.11 Gb Free Space | 40.74% Space Free | Partition Type: NTFS

Drive J: | 931.51 Gb Total Space | 833.53 Gb Free Space | 89.48% Space Free | Partition Type: NTFS

 

Computer Name: ZOLTAN-PC | User Name: Zoltan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/10/03 11:52:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zoltan\Desktop\OTL.exe

PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2013/11/08 09:49:24 | 001,176,904 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2013/11/08 09:48:08 | 001,182,024 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE

PRC - [2013/11/08 08:50:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2012/03/14 05:06:40 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

PRC - [2011/06/17 10:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe

PRC - [2011/06/17 10:01:56 | 000,353,728 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe

PRC - [2010/12/02 19:57:50 | 001,423,520 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC30.exe

PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2008/05/05 09:53:00 | 000,221,300 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/11/08 09:48:46 | 000,138,568 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBMAPILibrary.dll

MOD - [2013/11/08 09:48:44 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBCompressor.DLL

MOD - [2013/11/08 09:48:32 | 000,042,824 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\mbpopup.dll

MOD - [2013/11/08 09:48:14 | 000,269,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll

MOD - [2013/11/08 09:48:14 | 000,176,968 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_serialization-vc90-mt-p-1_33.dll

MOD - [2013/11/08 09:48:12 | 000,380,744 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\BackupLib.dll

MOD - [2012/03/14 05:06:28 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\zlib1.dll

MOD - [2010/12/02 19:57:50 | 001,423,520 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC30.exe

MOD - [2010/07/07 12:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll

MOD - [2009/06/29 11:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2014/08/12 21:35:16 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2014/09/25 10:35:57 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/09/09 15:54:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/05/07 19:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/11/08 08:50:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/03/14 05:06:40 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)

SRV - [2012/03/14 05:06:32 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2011/06/17 10:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)

SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

SRV - [2009/07/09 11:38:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/07/01 08:55:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service)

SRV - [2009/07/01 08:55:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)

SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/10/09 08:17:28 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2014/05/12 07:26:06 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)

DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)

DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)

DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)

DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)

DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)

DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)

DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/07/14 20:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)

DRV:64bit: - [2009/03/16 08:51:38 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/12/18 01:43:24 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/12/15 04:37:38 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2008/12/15 01:09:30 | 000,174,592 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/12/11 04:58:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)

DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)

DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2013/12/16 15:34:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/25 10:35:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/25 10:35:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/25 10:35:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/25 10:35:42 | 000,000,000 | ---D | M]

 

[2009/07/04 14:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Extensions

[2014/10/08 08:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions

[2014/09/25 10:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/09/25 10:35:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2014/10/06 21:57:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)

O4 - Startup: C:\Users\Zoltan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC30.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantacco...ncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)

O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantacco...ncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A6C15C-7F54-4E10-B581-DDBE797BFA51}: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A6C15C-7F54-4E10-B581-DDBE797BFA51}: NameServer = 156.154.70.22,156.154.71.22

O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\qbwc - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]

O32 - AutoRun File - [2009/08/27 16:55:47 | 000,000,062 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\shellexe.exe menu.pdf

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/10/06 11:24:45 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/10/06 11:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2014/10/06 11:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2014/10/05 10:22:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/10/03 20:05:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/10/03 12:08:41 | 000,000,000 | ---D | C] -- C:\Users\Zoltan\Desktop\Geeks2Go

[2014/10/03 11:52:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zoltan\Desktop\OTL.exe

[2014/09/25 10:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2009/07/30 09:13:29 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Zoltan\AppData\Roaming\DataSafeDotNet.exe

[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/10/09 08:21:51 | 000,000,475 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2014/10/09 08:18:09 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2014/10/09 08:18:09 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2014/10/09 08:17:28 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/10/09 08:17:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/10/09 08:15:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/10/09 08:15:18 | 2138,034,175 | -HS- | M] () -- C:\hiberfil.sys

[2014/10/09 08:12:43 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00441102}.rfx

[2014/10/09 08:12:43 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00441102}.rfx

[2014/10/09 08:12:43 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00441102}.rfx

[2014/10/09 07:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/10/09 07:26:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/10/08 13:11:24 | 000,002,341 | ---- | M] () -- C:\Users\Zoltan\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk

[2014/10/08 01:53:51 | 000,314,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/10/08 01:28:55 | 000,804,078 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/10/08 01:28:55 | 000,722,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/10/08 01:28:55 | 000,090,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/10/08 01:28:49 | 000,804,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/10/06 11:13:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2014/10/05 10:34:33 | 000,138,736 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2014/10/03 11:52:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zoltan\Desktop\OTL.exe

[2014/10/03 11:25:35 | 000,426,848 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1412517673905

[2014/10/03 10:57:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2014/10/02 10:46:30 | 682,881,547 | ---- | M] () -- C:\Windows\MEMORY.DMP

[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/10/06 11:13:00 | 000,001,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2014/10/05 10:34:33 | 000,138,736 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2014/10/02 10:46:30 | 682,881,547 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013/11/12 19:11:24 | 000,003,710 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

[2012/02/05 17:05:05 | 000,000,070 | ---- | C] () -- C:\Users\Zoltan\AppData\Local\ZOLTAN-PC.cfg

[2009/08/24 23:18:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/07/17 11:59:04 | 000,007,836 | ---- | C] () -- C:\Users\Zoltan\AppData\Local\d3d9caps.dat

[2009/07/06 15:49:05 | 000,103,784 | ---- | C] () -- C:\Users\Zoltan\GoToAssistDownloadHelper.exe

[2009/07/04 15:35:38 | 000,059,904 | ---- | C] () -- C:\Users\Zoltan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 12:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/08/11 18:22:23 | 000,000,000 | ---D | M] -- C:\Users\Zoltan\AppData\Roaming\Common

[2009/07/04 23:41:42 | 000,000,000 | ---D | M] -- C:\Users\Zoltan\AppData\Roaming\IrfanView

[2009/08/27 16:30:25 | 000,000,000 | ---D | M] -- C:\Users\Zoltan\AppData\Roaming\Leadertech

[2014/10/03 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Zoltan\AppData\Roaming\Seventh

[2014/09/09 09:15:47 | 000,000,000 | ---D | M] -- C:\Users\Zoltan\AppData\Roaming\Sixth

[2014/10/02 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\Zoltan\AppData\Roaming\Snz

[2009/07/21 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\Zoltan\AppData\Roaming\The Creative Assembly

 

========== Purity Check ==========

 

 

 

< End of report >

 

ESET Scan Report:

 

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
Note of concern:  Firefox homepage still being hijacked to fbDownloader.
 
Thanks,
 
Joe ;)

  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Lets try re-setting Firefox with search reset found Here

This add-on is very simple: on installation, it backs up and then resets your

search preferences and home page to their default values, and then uninstalls

itself. This affects the search bar, URL bar searches, and the home page.
  • 0

#18
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Wow!  That was easy.

 

What next, or are we done?

 

Thanks ;)


  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Hello,

If no further issues remain, lets remove our tools that were used.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
Thanks
Joe :)
  • 0

#20
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

# DelFix v10.8 - Logfile created 09/10/2014 at 23:14:00
# Updated 29/07/2014 by Xplode
# Username : Zoltan - ZOLTAN-PC
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Zoltan\Downloads\adwcleaner_3.216.exe
Deleted : C:\Users\Zoltan\Downloads\adwcleaner_3.311.exe
Deleted : C:\Users\Zoltan\Downloads\JRT-1.exe
Deleted : C:\Users\Zoltan\Downloads\JRT.exe
Deleted : C:\Users\Zoltan\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

Joe,

 

Thank you very much for all of your kind assistance.  You made it look easy :spoton:


  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
You're welcome,

Thank you for using Geeks to go..

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: fbDownloader

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP