Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer having massive slowdowns, all kinds of spyware popups and oth

Started by chaldo , Dec 23 2014 04:59 PM

  • This topic is locked This topic is locked

#1
chaldo
Posted 23 December 2014 - 04:59 PM

chaldo

    Member

  • Member
  • PipPip
  • 31 posts

I just ran a system restore, uninstalled a bunch of programs, and ran CCleaner, so unfortunately I don't know the name of the spyware ads that were popping up. Here is my OTL log:

OTL logfile created on: 12/23/2014 5:43:03 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 55.04% Memory free
7.93 Gb Paging File | 6.15 Gb Available in Paging File | 77.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.90 Gb Total Space | 226.91 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/12/23 17:42:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/04 22:39:22 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/03 03:08:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
PRC - [2014/09/12 13:14:56 | 004,812,048 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014/09/12 04:43:26 | 000,041,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014/12/04 22:39:20 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/12/04 03:34:17 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/12/04 03:25:20 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\6c97a46aff5154a7217a528e86698ab3\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/12/04 03:25:11 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/12/04 03:25:07 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/12/04 03:25:05 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/12/04 03:25:04 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/12/04 03:25:02 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/12/04 03:25:00 | 001,947,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\b597c30ed765fa6d99a12f00c3314394\Microsoft.VisualBasic.ni.dll
MOD - [2014/12/04 03:24:59 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/12/04 03:24:56 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/12/04 03:24:54 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/10/03 03:08:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
MOD - [2014/02/27 03:02:55 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/27 03:02:54 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/04 22:39:20 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2014/12/23 17:23:54 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2014/12/23 06:23:14 | 000,048,776 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64.sys -- ({8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64)
DRV:[b]64bit:[/b] - [2014/12/18 07:24:04 | 000,048,776 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{993baf86-643c-42e9-95e5-094f337533f0}Gw64.sys -- ({993baf86-643c-42e9-95e5-094f337533f0}Gw64)
DRV:[b]64bit:[/b] - [2014/12/16 02:30:38 | 000,048,776 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64.sys -- ({47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64)
DRV:[b]64bit:[/b] - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2013/09/25 22:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:[b]64bit:[/b] - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2009/11/06 15:52:52 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/10/04 04:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\EX64.SYS -- (NAVEX15)
DRV - [2013/10/04 04:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\ENG64.SYS -- (NAVENG)
DRV - [2013/09/25 21:40:34 | 001,525,848 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/23 21:24:26 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C97AE766-4933-4AA7-AE3D-1E4200DF20C6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{C97AE766-4933-4AA7-AE3D-1E4200DF20C6}: "URL" = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_14_51_ie&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0FzztBtDyCtAtCyE0C0BtN0D0Tzu0StCtDzztDtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyB0EtAzy0DyCyCtCtGtCzyyByBtGtA0B0AyCtG0BtCtAyEtGyB0D0ByEtAtCzz0F0DyDtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0D0ByEyEyBtC0AtGtDtDzzyDtGyEtAzytDtGzytC0BzytGtDtCtD0D0AyDyDyD0B0AyBzy2Q&cr=1513552347&ir=
IE - HKCU\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112612&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DFC25293-F318-46A2-92BE-3FC664D84FE3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Vosteran"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/12/23 17:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/12/23 17:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/04 22:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/16 14:35:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/04 22:39:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/16 14:35:33 | 000,000,000 | ---D | M]
 
[2012/02/17 18:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/12/23 17:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions
[2014/12/23 17:38:56 | 000,000,000 | ---D | M] (quickshop) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
[2014/12/23 17:38:55 | 000,000,000 | ---D | M] (offersoft) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
[2012/04/24 18:00:54 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
[2014/06/13 20:02:59 | 001,999,100 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
[2014/07/17 18:00:13 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2014/11/14 09:45:14 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/12/04 22:41:22 | 000,002,382 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\searchplugins\google-default.xml
[2014/12/16 15:36:13 | 000,002,831 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\searchplugins\Vosteran.xml
[2014/12/04 22:39:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/04 22:39:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Catalina Savings Printer (Enabled) = C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Shockwave Flash = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhajmhenjaioedgffndjbjbnaghlmhgh\1.0.1_0\
CHR - Extension: sound on click = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejchjkneplcffgcopialnjofdhhggjik\187\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/12/23 17:25:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe ()
O4 - HKCU..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B15C00-BCB8-4AAD-AF7E-C50C43273F51}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64FF79A6-ABEA-48E0-B5E6-B9F27F7BDF11}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/12/23 17:42:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/12/23 17:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\2355320829
[2014/12/23 17:23:54 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/12/23 17:22:59 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys
[2014/12/23 17:22:59 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys
[2014/12/23 17:22:59 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys
[2014/12/23 17:22:59 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys
[2014/12/23 17:22:59 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys
[2014/12/23 17:22:59 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys
[2014/12/23 17:22:59 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys
[2014/12/23 17:22:59 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM.sys
[2014/12/23 17:20:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\BRT
[2014/12/23 17:20:27 | 000,048,776 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64.sys
[2014/12/23 17:18:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/12/23 17:18:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1501000.012
[2014/12/23 17:18:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/12/22 09:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\rocketdeal
[2014/12/22 09:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\browseandshop
[2014/12/22 09:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\1e7681eb15fb13d7
[2014/12/18 12:19:49 | 000,048,776 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{993baf86-643c-42e9-95e5-094f337533f0}Gw64.sys
[2014/12/16 15:43:14 | 000,048,776 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64.sys
[2014/12/16 15:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/12/16 15:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/12/16 15:33:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\IsolatedStorage
[2014/12/16 15:33:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Vosteran
[2014/12/10 03:22:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/04 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/04 22:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/12/04 22:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2014/12/04 22:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Foolish IT
[2014/12/04 22:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foolish IT
[2014/12/04 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2014/12/04 22:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieBrowserModeList
[2014/12/04 22:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2014/12/04 22:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2014/12/04 22:15:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/12/03 22:31:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/12/02 19:14:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/12/01 19:32:01 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/01 19:25:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/01 19:15:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/28 19:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/11/27 22:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/27 22:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/27 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pics
[2014/11/27 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\docs
[2014/11/27 14:04:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\downloads
[2014/11/27 14:03:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\owner folder
[2014/11/23 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2013/03/26 21:45:33 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Owner\AppData\Local\BcsKtYcHW.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/12/23 17:42:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/12/23 17:38:02 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/23 17:38:02 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/23 17:30:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/23 17:30:27 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/23 17:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/23 17:25:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/12/23 17:24:59 | 000,783,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/23 17:24:59 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/23 17:24:59 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/23 17:24:26 | 002,371,409 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/12/23 17:23:54 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/12/23 17:23:54 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/12/23 17:23:54 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/12/23 17:18:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/12/23 06:23:14 | 000,048,776 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64.sys
[2014/12/19 03:00:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/18 07:24:04 | 000,048,776 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{993baf86-643c-42e9-95e5-094f337533f0}Gw64.sys
[2014/12/17 09:34:02 | 000,000,204 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
[2014/12/16 18:53:49 | 000,234,679 | ---- | M] () -- C:\Users\Owner\AppData\Local\dsi1.dat
[2014/12/16 18:53:49 | 000,161,916 | ---- | M] () -- C:\Users\Owner\AppData\Local\dsi2.dat
[2014/12/16 02:30:38 | 000,048,776 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64.sys
[2014/12/10 03:23:58 | 000,270,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/04 22:27:00 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2014/12/04 22:23:52 | 000,002,018 | ---- | M] () -- C:\Users\Owner\Desktop\FileHippo App Manager.lnk
[2014/12/04 20:41:31 | 000,008,068 | ---- | M] () -- C:\Users\Owner\Desktop\DOC BACKUP.reg
[2014/12/04 03:12:42 | 000,775,586 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/12/03 21:01:46 | 000,000,075 | ---- | M] () -- C:\Windows\SysNative\leiu.hss
[2014/12/02 21:38:26 | 000,121,745 | ---- | M] () -- C:\Users\Owner\Desktop\Baptism Cross.jpg
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/12/23 17:23:58 | 002,371,409 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/12/23 17:23:54 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/12/23 17:23:54 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/12/23 17:19:22 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA.inf
[2014/12/23 17:19:22 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS.inf
[2014/12/23 17:19:22 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymNet.inf
[2014/12/23 17:19:22 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.inf
[2014/12/23 17:19:22 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.inf
[2014/12/23 17:19:22 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symELAM.inf
[2014/12/23 17:19:21 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.inf
[2014/12/23 17:19:21 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Iron.inf
[2014/12/23 17:18:49 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymVTcer.dat
[2014/12/23 17:18:49 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM64.cat
[2014/12/23 17:18:49 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.cat
[2014/12/23 17:18:49 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.cat
[2014/12/23 17:18:49 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.cat
[2014/12/23 17:18:49 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnet64.cat
[2014/12/23 17:18:49 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.cat
[2014/12/23 17:18:49 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.cat
[2014/12/23 17:18:49 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\iron.cat
[2014/12/23 17:18:49 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\isolate.ini
[2014/12/23 17:18:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/12/16 18:53:49 | 000,234,679 | ---- | C] () -- C:\Users\Owner\AppData\Local\dsi1.dat
[2014/12/16 18:53:49 | 000,161,916 | ---- | C] () -- C:\Users\Owner\AppData\Local\dsi2.dat
[2014/12/04 22:27:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2014/12/04 22:23:52 | 000,002,048 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
[2014/12/04 22:23:52 | 000,002,018 | ---- | C] () -- C:\Users\Owner\Desktop\FileHippo App Manager.lnk
[2014/12/04 20:41:31 | 000,008,068 | ---- | C] () -- C:\Users\Owner\Desktop\DOC BACKUP.reg
[2014/12/02 21:38:25 | 000,121,745 | ---- | C] () -- C:\Users\Owner\Desktop\Baptism Cross.jpg
[2014/11/28 19:06:52 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\drivers\RaCoInst.dat
[2013/12/19 09:37:24 | 000,000,204 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
[2013/08/11 22:32:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/08/11 22:32:53 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/26 21:44:55 | 000,893,239 | ---- | C] () -- C:\Users\Owner\AppData\Local\a.zip
[2013/03/18 20:00:20 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2013/03/18 19:59:50 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2013/03/16 20:55:48 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014/11/23 21:32:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2014/12/23 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BRT
[2013/08/08 17:43:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2013/03/26 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Catalina – Print Savings
[2013/03/18 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Final Draft
[2012/03/24 18:10:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit Software
[2014/09/15 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2014/12/23 17:16:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/02/24 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2014/11/28 19:05:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

  • 0

Advertisements

#2
zep516
Posted 23 December 2014 - 07:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


I'd like to see a differet set of log files from you, could you please follow the instructions below.

Do not put log files in code boxes, post them directly to the forum.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
zep516
Posted 26 December 2014 - 04:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Are you going to continue ?
  • 0

#4
zep516
Posted 20 January 2015 - 08:56 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP