Solved Google Redirecting virus, also messes with cookies?

Status
Not open for further replies.
Afrosammy

Afrosammy

Posts: 24   +0
I've used MWB to attempt to remove it, but every time it do it comes back at some point less than two hours later. I know EXACTLY how I got it because I was being stupid and careless. There was some music I was downloading, and I mistakenly hit one of the fake "download now" links, and before I noticed the file was different from the others, it was too late. There was some kind of flashplayer installer involved as well.

Besides redirecting things on google after I click them (but not all the time for some reason), it's also made me unable to access my Gmail account because it says my browsers cookies are disabled. A few other websites tell me this as well despite them definitely being enabled. This not only happens in Firefox, but Internet Explorer as well. Besides that, I haven't noticed it doing anything else odd, but it's probably screwing things up behind the scenes as well. Anywhere, here's the info I need to paste, starting with MWB logs.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
afrosammy :: AFROSAMMY-PC [administrator]

2/11/2013 12:11:21 AM
mbam-log-2013-02-11 (00-11-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270729
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000032.@ (Trojan.Clicker) -> Quarantined and deleted successfully.

(end)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2
Run by afrosammy at 1:41:58 on 2013-02-13
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8191.5294 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.108\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.239\deploy\LolClient.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN34624778402302316&ctid=CT3268494&SSPV=SP_IENSP06
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SMessaging] C:\Users\afrosammy\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5CD69964-B7CC-476A-A253-4A530DF3CBD3} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{CE3735C2-2E93-4DBA-B0BD-3D9E0A48E49E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F01E3132-A3E1-4CCC-AE59-A950F4F4B92E} : DHCPNameServer = 7.254.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN21817309582264818
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\afrosammy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-11 16:24; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-5 8704]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-11 14456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-10 283200]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-8 3467768]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-10-31 66728]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2011-9-29 27136]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-19 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-11 38096]
S3 Neo_nic;VPN Client Device Driver - nic;C:\Windows\System32\drivers\Neo_0052.sys [2012-1-20 30072]
S3 Neo_po;VPN Client Device Driver - po;C:\Windows\System32\drivers\Neo_0112.sys [2012-1-20 30072]
S3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0049.sys [2012-1-20 30072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-1-5 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-5 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-19 738152]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-4 1255736]
.
=============== Created Last 30 ================
.
2013-02-12 03:01:36 38096 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2013-02-12 03:00:59 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-02-12 02:15:55 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\LavasoftStatistics
2013-02-11 22:26:40 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-02-11 22:25:54 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-02-11 22:25:54 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-02-11 22:24:46 -------- d-----w- C:\Users\afrosammy\AppData\Local\adawarebp
2013-02-11 22:24:46 -------- d-----w- C:\ProgramData\blekko toolbars
2013-02-11 22:24:45 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-02-11 22:24:41 -------- d-----w- C:\Program Files (x86)\adawaretb
2013-02-11 22:24:40 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-02-11 22:24:07 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
2013-02-11 10:47:52 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2013-02-11 02:43:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-02-09 11:04:51 -------- d-----w- C:\Users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
2013-02-09 04:52:23 -------- d-----w- C:\Users\afrosammy\AppData\Local\SplitMediaLabs
2013-02-09 04:50:59 -------- d-----w- C:\ProgramData\SplitMediaLabs
2013-02-09 04:50:59 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2013-02-09 04:50:15 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
2013-02-06 01:07:16 -------- d-----w- C:\Users\afrosammy\AppData\Local\TERA
2013-02-05 20:35:13 -------- d-----w- C:\ProgramData\HappyCloud
2013-02-05 06:33:28 -------- d-----w- C:\Program Files (x86)\Peach Princess
2013-02-04 04:04:52 -------- d-----w- C:\Users\afrosammy\Spice and Wolf Complete Series
2013-02-02 22:54:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 11:00:26 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\Malwarebytes
2013-02-02 10:56:33 -------- d-----w- C:\ProgramData\Tarma Installer
2013-02-02 10:41:15 -------- d-----w- C:\Users\afrosammy\AppData\Local\CRE
2013-02-02 10:40:10 -------- d-----w- C:\Users\afrosammy\AppData\Local\VisualBeeExe
2013-02-02 10:39:26 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2013-02-02 10:39:09 -------- d-----w- C:\Users\afrosammy\AppData\Local\Stronghold_LLC
2013-02-02 10:38:56 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-02-02 10:38:49 -------- d-----w- C:\ProgramData\VisualBee
2013-02-02 10:38:11 -------- d-----w- C:\Users\afrosammy\AppData\Local\Coupon Companion Plugin
2013-01-31 16:42:40 5999736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-01-27 04:22:49 -------- d-----w- C:\Users\afrosammy\.swt
2013-01-26 03:43:02 -------- d-----w- C:\Program Files (x86)\Carpe Fulgur
.
==================== Find3M ====================
.
2013-02-08 16:56:40 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 16:56:40 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-02 22:54:35 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-02-02 22:54:35 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-11 05:24:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-11 05:24:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-10 21:25:54 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-01 04:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-12-01 00:40:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 1:43:22.62 ===============
 

Attachments

  • attach.txt
    8.2 KB · Views: 0
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    326 bytes · Views: 1
Everything seems to be back to normal, thanks a ton. I'm definitely going to have to be more careful when I go on download sprees.
 
Next steps to search for leftover malware and rootkits, redirects:

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Oddly enough, this fix caused my Firewall to start working, and it hasn't worked since I installed windows. I assumed it was because this wasn't a legit copy.

ComboFix 13-02-13.02 - afrosammy 4/2013 Thu 16:25:50.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8191.6037 [GMT -6:00]
Running from: c:\users\afrosammy\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-14 to 2013-02-14 )))))))))))))))))))))))))))))))
.
.
2013-02-14 22:38 . 2013-02-14 22:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-14 22:38 . 2013-02-14 22:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-02-14 22:38 . 2013-02-14 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-14 07:10 . 2013-02-14 07:10 -------- d-----w- C:\FRST
2013-02-14 06:17 . 2013-02-14 06:18 -------- d-----w- c:\programdata\COMODO
2013-02-14 06:16 . 2013-02-14 07:46 -------- d-----w- c:\program files (x86)\Comodo
2013-02-14 06:16 . 2013-02-14 06:16 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-02-14 06:16 . 2013-02-14 06:16 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-02-14 06:16 . 2013-02-14 06:16 -------- d-----w- c:\programdata\Comodo Downloader
2013-02-12 03:01 . 2012-12-17 12:43 38096 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-02-12 03:00 . 2013-02-12 03:00 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-02-12 02:15 . 2013-02-12 02:15 -------- d-----w- c:\users\afrosammy\AppData\Roaming\LavasoftStatistics
2013-02-11 22:26 . 2013-02-11 22:26 -------- d-----w- c:\programdata\Lavasoft
2013-02-11 22:26 . 2013-02-12 03:01 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-02-11 22:25 . 2013-02-11 22:25 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-11 22:25 . 2012-09-20 11:40 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\users\afrosammy\AppData\Local\adawarebp
2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\programdata\blekko toolbars
2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\program files (x86)\adawaretb
2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-02-11 22:24 . 2013-02-12 04:13 -------- d-----w- c:\users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
2013-02-11 10:47 . 2013-02-11 10:47 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2013-02-11 02:43 . 2013-02-11 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-02-09 11:04 . 2013-02-09 11:04 -------- d-----w- c:\users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
2013-02-09 04:52 . 2013-02-09 04:52 -------- d-----w- c:\users\afrosammy\AppData\Local\SplitMediaLabs
2013-02-09 04:50 . 2013-02-09 04:50 -------- d-----w- c:\programdata\SplitMediaLabs
2013-02-09 04:50 . 2013-02-09 04:50 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2013-02-09 04:50 . 2013-02-09 04:50 -------- d-----w- c:\users\afrosammy\AppData\Roaming\SplitMediaLabs
2013-02-06 01:07 . 2013-02-06 01:07 -------- d-----w- c:\users\afrosammy\AppData\Local\TERA
2013-02-05 20:35 . 2013-02-12 23:56 -------- d-----w- c:\programdata\HappyCloud
2013-02-05 06:33 . 2013-02-05 06:33 -------- d-----w- c:\program files (x86)\Peach Princess
2013-02-05 06:32 . 2013-02-05 06:32 -------- d-----w- c:\users\afrosammy\AppData\Roaming\InstallShield
2013-02-04 04:04 . 2013-02-04 16:57 -------- d-----w- c:\users\afrosammy\Spice and Wolf Complete Series
2013-02-02 22:54 . 2013-02-02 22:54 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 11:00 . 2013-02-02 11:00 -------- d-----w- c:\users\afrosammy\AppData\Roaming\Malwarebytes
2013-02-02 10:56 . 2013-02-02 10:59 -------- d-----w- c:\programdata\Tarma Installer
2013-02-02 10:41 . 2013-02-02 10:41 -------- d-----w- c:\users\afrosammy\AppData\Local\CRE
2013-02-02 10:40 . 2013-02-02 10:44 -------- d-----w- c:\users\afrosammy\AppData\Local\VisualBeeExe
2013-02-02 10:39 . 2013-02-02 10:39 -------- d-----w- c:\users\afrosammy\AppData\Local\Stronghold_LLC
2013-02-02 10:38 . 2013-02-02 10:55 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-02-02 10:38 . 2013-02-02 10:40 -------- d-----w- c:\programdata\VisualBee
2013-02-02 10:38 . 2013-02-02 10:44 -------- d-----w- c:\users\afrosammy\AppData\Local\Coupon Companion Plugin
2013-01-27 12:30 . 2013-01-27 12:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-27 04:22 . 2013-01-27 04:22 -------- d-----w- c:\users\afrosammy\.swt
2013-01-26 03:43 . 2013-01-26 03:43 -------- d-----w- c:\program files (x86)\Carpe Fulgur
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 16:56 . 2012-09-03 16:39 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 16:56 . 2012-09-03 16:39 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-02 22:54 . 2012-05-23 00:24 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-02 22:54 . 2012-01-06 00:18 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-14 22:49 . 2013-01-10 03:05 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 05:24 . 2012-12-01 00:40 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-11 05:24 . 2012-01-19 16:04 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-10 21:25 . 2012-01-19 16:04 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-03 15:47 . 2012-12-19 06:53 9271352 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:47 . 2012-12-19 06:53 841272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-12-03 15:47 . 2012-12-19 06:53 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-03 15:47 . 2012-12-19 06:53 7446192 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-03 15:47 . 2012-12-19 06:53 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-03 15:47 . 2012-12-19 06:53 2784104 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:47 . 2012-12-19 06:53 26811240 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-03 15:47 . 2012-12-19 06:53 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-03 15:47 . 2012-12-19 06:53 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:47 . 2012-12-19 06:53 245432 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-03 15:47 . 2012-12-19 06:53 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:47 . 2012-12-19 06:53 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-03 15:47 . 2012-12-19 06:53 201136 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-03 15:47 . 2012-12-19 06:53 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-03 15:47 . 2012-12-19 06:53 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-03 15:47 . 2012-12-19 06:53 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-03 15:47 . 2012-12-19 06:53 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-03 15:47 . 2012-11-23 06:30 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-08-17 00:42 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-03 15:47 . 2012-08-17 00:42 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-08-17 00:42 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-08-17 00:42 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-08-17 00:42 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2012-01-04 02:41 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-01-04 02:41 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-01 05:49 . 2012-08-17 00:43 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-08-17 00:29 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-08-17 00:29 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-08-17 00:29 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-08-17 00:29 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-08-17 00:29 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-01 04:43 . 2012-12-01 04:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-01 00:40 . 2012-01-19 16:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-14 21:51 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-22 1398680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BlackBox;BlackBox SR2; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096]
R3 Neo_nic;VPN Client Device Driver - nic;c:\windows\system32\DRIVERS\Neo_0052.sys [2012-01-20 30072]
R3 Neo_po;VPN Client Device Driver - po;c:\windows\system32\DRIVERS\Neo_0112.sys [2012-01-20 30072]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0049.sys [2012-01-20 30072]
R3 Normandy;Normandy SR2; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-04 1255736]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-11 14456]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-10 283200]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-15 1236968]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 82872]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-11-01 66728]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 16:56]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000Core.job
- c:\users\afrosammy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 19:12]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000UA.job
- c:\users\afrosammy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 19:12]
.
2013-02-10 c:\windows\Tasks\RegInOut Scheduled Scan - afrosammy.job
- c:\program files (x86)\RegInOut\RegInOut.exe [2011-12-30 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2012-09-20 201608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN34624778402302316&ctid=CT3268494&SSPV=SP_IENSP06
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF - ProfilePath - c:\users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN21817309582264818
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - ExtSQL: 2013-02-11 16:24; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-SMessaging - c:\users\afrosammy\AppData\Local\Strongvault Online Backup\SMessaging.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="???楴??汐杵?愠???敗?汐杵? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="???楴??汐杵?愠???敗?汐杵? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2013-02-14 16:47:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-14 22:47
.
Pre-Run: 170,780,729,344 bytes free
Post-Run: 175,072,235,520 bytes free
.
- - End Of File - - A08D4EFBF3E0BDB83A5D10AE89ABCE7C
 
ZeroAccess trojan/rootkit causes a whole host of issues, including disabling your firewall, killing Windows Update, etc.

Please try Windows Update and let me know how it works. There may be a bit more problems...

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.
 
Wow, skimming these logs, it looks like I had a lot of crap on my computer. Adware one first.

# AdwCleaner v2.112 - Logfile created 02/15/2013 at 06:45:37
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : afrosammy - AFROSAMMY-PC
# Boot Mode : Normal
# Running from : C:\Users\afrosammy\Downloads\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\BitTorrentBar
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\afrosammy\AppData\Local\Conduit
Folder Deleted : C:\Users\afrosammy\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\adawaretb
Folder Deleted : C:\Users\afrosammy\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5E32ED8-17CF-4ABE-A118-6B9AF9A0E784}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D81FFEAB-BE9F-4B81-A02B-A4E7A9B1B96F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN34624778402302316&ctid=CT3268494&SSPV=SP_IENSP06 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\prefs.js

C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\user.js ... Deleted !

Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.1 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");
Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&Sea[...]
Deleted : user_pref("ct3268494.UserID", "UN21817309582264818");
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Deleted : user_pref("smartbar.machineId", "IQZYQWGDUI4LFW8GMAYCYTWETNRSMVIYI72KL2D+ITCT+DQXZY1FEE/TNNSCWIPKWVP[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v window_placement_www: {
bloodbowl-game: {
com_/: {
bottom: 670

File : C:\Users\afrosammy\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [329 octets] - [15/02/2013 06:45:15]
AdwCleaner[S2].txt - [11469 octets] - [15/02/2013 06:45:37]

########## EOF - C:\AdwCleaner[S2].txt - [11530 octets] ##########
 
Also, the windows update worked fine.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.3 (02.12.2013:1)
OS: Windows 7 Ultimate x64
Ran by afrosammy on 02/15/2013 Fri at 7:01:18.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_current_user\software\visualbee
Successfully deleted: [Registry Key] hkey_local_machine\software\visualbee
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\afrosammy\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\afrosammy\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\afrosammy\appdata\local\visualbeeexe"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\afrosammy\AppData\Roaming\mozilla\firefox\profiles\irxpqbgp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted the following from C:\Users\afrosammy\AppData\Roaming\mozilla\firefox\profiles\irxpqbgp.default\prefs.js

user_pref("extensions.crossrider.bic", "13c9a7c18a547be5a7b77bc17a239abc");
user_pref("extensions.jid1-yZwVFzbsyfMrqQ@jetpack.install-event-fired", true);
Emptied folder: C:\Users\afrosammy\AppData\Roaming\mozilla\firefox\profiles\irxpqbgp.default\minidumps [548 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/15/2013 Fri at 7:10:54.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Excellent. Let's check for remnants...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
Eset logs

C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000000.@ Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000032.@ Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000064.@ a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Program Files (x86)\RegInOut\engine.dll a variant of Win32/Adware.AntiMalwarePro.AD application cleaned by deleting - quarantined
C:\Program Files (x86)\RegInOut\RegInOut.exe a variant of Win32/Adware.PCFresher.A application cleaned by deleting - quarantined
C:\Users\afrosammy\Downloads\cbsidlm-tr1_10a-Efficient_Reminder_Free-SEO-10921373.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
 
OTL logfile created on: 2/16/2013 7:18:34 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\afrosammy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.47% Memory free
16.00 Gb Paging File | 14.21 Gb Available in Paging File | 88.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 149.82 Gb Free Space | 32.17% Space Free | Partition Type: NTFS

Computer Name: AFROSAMMY-PC | User Name: afrosammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/15 21:47:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afrosammy\Desktop\OTL.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/12/14 03:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/30 18:40:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/08 10:56:40 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 17:22:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 03:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/03 09:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/11/30 18:40:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/06/26 14:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/11 16:25:54 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/10/31 20:43:50 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/10 17:32:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/20 01:10:35 | 000,030,072 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Neo_0112.sys -- (Neo_po)
DRV:64bit: - [2012/01/20 01:09:36 | 000,030,072 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Neo_0052.sys -- (Neo_nic)
DRV:64bit: - [2012/01/20 00:12:13 | 000,030,072 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Neo_0049.sys -- (Neo_VPN)
DRV:64bit: - [2011/11/14 21:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/09/29 01:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/04/20 17:24:54 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:25:46 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/12/01 14:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/07/18 02:21:04 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2012/07/18 02:17:13 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 68 29 52 EF 54 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2
FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google+Search&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\afrosammy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\afrosammy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/11 16:24:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/15 06:45:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/11 16:24:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/15 06:45:54 | 000,000,000 | ---D | M]

[2012/01/03 21:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Extensions
[2012/01/03 21:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/03 21:34:13 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2013/02/15 07:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions
[2013/02/08 20:11:12 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/11/16 00:26:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/11/10 00:13:04 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/10/26 16:52:56 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\netvideohunter@netvideohunter.com
[2013/02/13 21:24:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/05 17:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 09:57:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/05 17:22:42 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 06:01:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 00:43:40 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?CUI=UN16514828533478195&ctid=CT3268494&SearchSource=48&sspv=SP_CHNSP06
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: No name found = C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/14 16:40:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe (GFI Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [AOLRebootNeeded] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab (PubPlugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CD69964-B7CC-476A-A253-4A530DF3CBD3}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE3735C2-2E93-4DBA-B0BD-3D9E0A48E49E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F01E3132-A3E1-4CCC-AE59-A950F4F4B92E}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 21:47:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\afrosammy\Desktop\OTL.exe
[2013/02/15 18:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/15 07:01:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/15 07:00:59 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/15 03:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/02/14 16:47:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/14 16:40:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/14 16:20:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/14 16:20:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/14 16:20:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/14 16:19:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/14 16:18:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/14 16:17:43 | 005,032,798 | R--- | C] (Swearware) -- C:\Users\afrosammy\Desktop\ComboFix.exe
[2013/02/14 01:10:50 | 000,000,000 | ---D | C] -- C:\FRST
[2013/02/14 00:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013/02/14 00:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/02/14 00:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/02/14 00:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013/02/13 01:41:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/13 01:41:09 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\afrosammy\Desktop\dds.com
[2013/02/11 21:01:36 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys
[2013/02/11 21:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/02/11 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\LavasoftStatistics
[2013/02/11 16:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/02/11 16:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/02/11 16:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/02/11 16:25:54 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/02/11 16:25:54 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/11 16:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/11 16:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/02/11 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
[2013/02/11 04:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/02/11 04:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013/02/10 20:43:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/02/09 05:04:51 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
[2013/02/08 22:52:23 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Local\SplitMediaLabs
[2013/02/08 22:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/02/08 22:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2013/02/08 22:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2013/02/08 22:50:15 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
[2013/02/07 23:10:49 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Desktop\playlists
[2013/02/06 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Desktop\Exist Trace
[2013/02/05 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Local\TERA
[2013/02/05 17:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/05 14:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud
[2013/02/05 00:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Peach Princess
[2013/02/05 00:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YUMEMIRUKUSURI
[2013/02/05 00:32:55 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\InstallShield
[2013/02/04 18:10:06 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Desktop\dream
[2013/02/03 22:04:52 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Spice and Wolf Complete Series
[2013/02/02 05:00:26 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\Malwarebytes
[2013/02/02 04:41:15 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Local\CRE
[2013/02/02 04:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/01/27 06:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/27 06:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/27 00:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2013/01/26 22:22:49 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\.swt
[2013/01/25 21:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carpe Fulgur
[2013/01/21 21:22:35 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Documents\Klei
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/16 06:57:58 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 06:57:58 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 06:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/16 06:27:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000UA.job
[2013/02/16 04:27:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000Core.job
[2013/02/15 23:23:27 | 002,248,579 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_15022013_212229.png
[2013/02/15 21:47:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afrosammy\Desktop\OTL.exe
[2013/02/15 17:42:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/15 17:42:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/02/15 17:42:32 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/15 17:36:48 | 000,018,286 | ---- | M] () -- C:\Users\afrosammy\Desktop\jaa1gl12bqm344owhhpdpape231515610.3.jpg
[2013/02/15 06:42:41 | 004,999,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/15 03:13:59 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/15 03:13:59 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/15 03:13:58 | 000,731,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/15 00:11:14 | 000,023,917 | ---- | M] () -- C:\Users\afrosammy\Desktop\bfdhbd.png
[2013/02/14 21:39:34 | 017,342,897 | ---- | M] () -- C:\Users\afrosammy\Desktop\Untitled.wmv
[2013/02/14 16:40:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/14 16:18:01 | 005,032,798 | R--- | M] (Swearware) -- C:\Users\afrosammy\Desktop\ComboFix.exe
[2013/02/13 01:41:10 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\afrosammy\Desktop\dds.com
[2013/02/12 17:29:16 | 001,108,935 | ---- | M] () -- C:\Users\afrosammy\Desktop\245245.PNG
[2013/02/11 16:25:54 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/11 16:19:00 | 000,283,067 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_11022013_171846.png
[2013/02/11 16:18:38 | 000,006,026 | ---- | M] () -- C:\Users\afrosammy\Desktop\ertreh.PNG
[2013/02/11 08:16:19 | 324,668,342 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Key of Evil Spirits - 01 [DF69701E].mkv
[2013/02/11 07:56:11 | 472,840,749 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 12 [338B0DF0].mkv
[2013/02/11 07:29:55 | 472,776,405 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 11 [1271FFDC].mkv
[2013/02/11 07:01:12 | 472,778,254 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 10 [7CC38101].mkv
[2013/02/11 06:31:55 | 472,437,037 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 09 [E0459180].mkv
[2013/02/11 05:56:24 | 472,790,003 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 08 [A550C060].mkv
[2013/02/11 05:23:46 | 472,797,178 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 06 [73D26B1A].mkv
[2013/02/11 05:12:15 | 000,001,456 | ---- | M] () -- C:\Users\afrosammy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/02/11 04:29:10 | 472,718,403 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 05 [10B9C848].mkv
[2013/02/11 04:00:29 | 472,631,923 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 04 [37566FF8].mkv
[2013/02/11 03:12:43 | 472,754,132 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 03 [CF28B9AA].mkv
[2013/02/11 02:47:04 | 472,765,992 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 02 [F5D471C9].mkv
[2013/02/11 02:32:35 | 472,471,923 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 01 [72632885].mkv
[2013/02/10 03:04:51 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - afrosammy.job
[2013/02/08 22:39:52 | 024,250,701 | ---- | M] () -- C:\Users\afrosammy\Desktop\MaidRPG Starter Resources.zip
[2013/02/08 19:16:21 | 000,139,155 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_08022013_201632.png
[2013/02/07 01:15:33 | 000,386,356 | ---- | M] () -- C:\Users\afrosammy\Desktop\waifu.PNG
[2013/02/02 04:09:19 | 000,116,039 | ---- | M] () -- C:\Users\afrosammy\Desktop\jhgjhg.png
[2013/02/02 03:34:02 | 000,400,813 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_02022013_043341.png
[2013/02/01 23:53:01 | 003,462,371 | ---- | M] () -- C:\Users\afrosammy\Desktop\P2010001.JPG
[2013/02/01 23:45:22 | 000,065,035 | ---- | M] () -- C:\Users\afrosammy\Desktop\dfhgh.png
[2013/02/01 23:40:26 | 000,194,885 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_02022013_003652.png
[2013/01/31 23:02:33 | 000,673,482 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_01022013_000217.png
[2013/01/31 21:41:46 | 000,330,538 | ---- | M] () -- C:\Users\afrosammy\Desktop\forbidden_knowledge.png
[2013/01/31 01:22:00 | 000,595,562 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_31012013_022159.png
[2013/01/29 02:10:45 | 000,620,530 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_29012013_031033.png
[2013/01/29 02:04:13 | 000,656,978 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_29012013_030408.png
[2013/01/27 23:08:24 | 000,455,800 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_28012013_000816.png
[2013/01/27 06:51:56 | 007,791,370 | ---- | M] () -- C:\Users\afrosammy\Desktop\Don't Starve Progress - YouTube.flv
[2013/01/25 03:59:56 | 000,184,665 | ---- | M] () -- C:\Users\afrosammy\Desktop\aetheth.png
[2013/01/24 19:48:16 | 000,147,806 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_24012013_204818.png
[2013/01/21 23:51:16 | 000,033,977 | ---- | M] () -- C:\Users\afrosammy\Desktop\Untitled.png
[2013/01/21 19:35:45 | 000,006,656 | ---- | M] () -- C:\Users\afrosammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/21 05:00:04 | 000,626,194 | ---- | M] () -- C:\Users\afrosammy\Desktop\fkunE.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/15 23:22:33 | 002,248,579 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_15022013_212229.png
[2013/02/15 17:36:47 | 000,018,286 | ---- | C] () -- C:\Users\afrosammy\Desktop\jaa1gl12bqm344owhhpdpape231515610.3.jpg
[2013/02/15 00:11:06 | 000,023,917 | ---- | C] () -- C:\Users\afrosammy\Desktop\bfdhbd.png
[2013/02/14 16:20:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/14 16:20:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/14 16:20:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/14 16:20:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/14 16:20:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/12 17:29:16 | 001,108,935 | ---- | C] () -- C:\Users\afrosammy\Desktop\245245.PNG
[2013/02/11 21:10:03 | 017,342,897 | ---- | C] () -- C:\Users\afrosammy\Desktop\Untitled.wmv
[2013/02/11 16:18:44 | 000,283,067 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_11022013_171846.png
[2013/02/11 16:18:38 | 000,006,026 | ---- | C] () -- C:\Users\afrosammy\Desktop\ertreh.PNG
[2013/02/11 07:57:06 | 324,668,342 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Key of Evil Spirits - 01 [DF69701E].mkv
[2013/02/11 07:30:23 | 472,840,749 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 12 [338B0DF0].mkv
[2013/02/11 07:01:29 | 472,776,405 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 11 [1271FFDC].mkv
[2013/02/11 06:32:18 | 472,778,254 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 10 [7CC38101].mkv
[2013/02/11 05:56:50 | 472,437,037 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 09 [E0459180].mkv
[2013/02/11 05:24:11 | 472,790,003 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 08 [A550C060].mkv
[2013/02/11 04:29:31 | 472,797,178 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 06 [73D26B1A].mkv
[2013/02/11 04:00:54 | 472,718,403 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 05 [10B9C848].mkv
[2013/02/11 03:13:01 | 472,631,923 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 04 [37566FF8].mkv
[2013/02/11 02:47:24 | 472,754,132 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 03 [CF28B9AA].mkv
[2013/02/11 02:00:13 | 472,765,992 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 02 [F5D471C9].mkv
[2013/02/10 20:03:00 | 472,471,923 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 01 [72632885].mkv
[2013/02/08 19:16:18 | 000,139,155 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_08022013_201632.png
[2013/02/07 01:15:33 | 000,386,356 | ---- | C] () -- C:\Users\afrosammy\Desktop\waifu.PNG
[2013/02/02 04:09:05 | 000,116,039 | ---- | C] () -- C:\Users\afrosammy\Desktop\jhgjhg.png
[2013/02/02 03:33:37 | 000,400,813 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_02022013_043341.png
[2013/02/01 23:52:35 | 003,462,371 | ---- | C] () -- C:\Users\afrosammy\Desktop\P2010001.JPG
[2013/02/01 23:45:21 | 000,065,035 | ---- | C] () -- C:\Users\afrosammy\Desktop\dfhgh.png
[2013/02/01 23:40:22 | 000,194,885 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_02022013_003652.png
[2013/01/31 23:02:26 | 000,673,482 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_01022013_000217.png
[2013/01/31 21:43:02 | 000,184,665 | ---- | C] () -- C:\Users\afrosammy\Desktop\aetheth.png
[2013/01/31 21:35:04 | 000,330,538 | ---- | C] () -- C:\Users\afrosammy\Desktop\forbidden_knowledge.png
[2013/01/31 01:21:56 | 000,595,562 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_31012013_022159.png
[2013/01/29 02:10:41 | 000,620,530 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_29012013_031033.png
[2013/01/29 02:04:09 | 000,656,978 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_29012013_030408.png
[2013/01/27 23:08:18 | 000,455,800 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_28012013_000816.png
[2013/01/27 06:49:37 | 007,791,370 | ---- | C] () -- C:\Users\afrosammy\Desktop\Don't Starve Progress - YouTube.flv
[2013/01/24 19:48:14 | 000,147,806 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_24012013_204818.png
[2013/01/22 16:34:14 | 024,250,701 | ---- | C] () -- C:\Users\afrosammy\Desktop\MaidRPG Starter Resources.zip
[2013/01/21 05:00:03 | 000,626,194 | ---- | C] () -- C:\Users\afrosammy\Desktop\fkunE.jpg
[2012/09/24 09:15:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/09/14 14:50:22 | 000,007,629 | ---- | C] () -- C:\Users\afrosammy\AppData\Local\Resmon.ResmonCfg
[2012/08/03 05:40:11 | 000,001,456 | ---- | C] () -- C:\Users\afrosammy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/18 02:21:04 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2012/07/18 02:16:50 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012/02/02 21:44:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/02/02 21:44:28 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/02/02 21:44:25 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/02/02 21:44:25 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/02/02 21:44:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/19 10:04:28 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/19 10:04:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/17 11:34:24 | 000,006,656 | ---- | C] () -- C:\Users\afrosammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/31 00:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 00:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
 
========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/01 01:28:06 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\.minecraft
[2012/07/29 03:45:41 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\.techniclauncher
[2012/01/19 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Ableton
[2012/01/03 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\acccore
[2013/02/11 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
[2012/12/14 15:26:00 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Audacity
[2013/02/16 07:17:50 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\BitTorrent
[2012/04/10 17:34:17 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\DAEMON Tools Pro
[2012/10/12 14:53:23 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Frogwares
[2012/08/27 18:46:48 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Gensokyo.org
[2012/11/04 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Hive Cluster
[2012/10/31 05:33:48 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Kalypso Media
[2013/02/12 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\KudosChatSearch
[2013/01/04 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\KudosChatSearchApp
[2012/01/16 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Leadertech
[2012/01/05 02:04:46 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\LolClient
[2012/05/23 12:00:18 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\LolClient2
[2012/01/05 05:30:42 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\ManyCam
[2012/04/23 06:38:59 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Mount&Blade Warband
[2012/02/27 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\OpenOffice.org
[2012/01/19 10:04:25 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\PunkBuster
[2013/01/26 20:56:16 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\puush
[2012/01/04 02:02:04 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\RenPy
[2012/06/27 23:36:08 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Screaming Bee
[2012/08/27 18:46:48 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\ShanghaiAlice
[2012/07/01 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\six-updater
[2012/06/28 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\six-zsync
[2013/02/08 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
[2012/06/26 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\SystemRequirementsLab
[2012/04/13 02:51:12 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\TeamViewer
[2013/01/29 03:15:27 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Tropico 4
[2012/07/01 17:26:10 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\TS3Client
[2012/09/24 09:15:22 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Tunngle

========== Purity Check ==========



< End of report >
 
OTL Fix

Please run OTL


It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advanced System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create


Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
All processes killed
========== OTL ==========
C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\afrosammy\Desktop\cmd.bat deleted successfully.
C:\Users\afrosammy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: afrosammy
->Temp folder emptied: 3195004 bytes
->Temporary Internet Files folder emptied: 325599990 bytes
->Java cache emptied: 266116 bytes
->FireFox cache emptied: 474923467 bytes
->Google Chrome cache emptied: 235075141 bytes
->Flash cache emptied: 83796 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8632576 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70043803 bytes
->Flash cache emptied: 57344 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 326443980 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 232350350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
RecycleBin emptied: 2570743545 bytes

Total Files Cleaned = 4,051.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02162013_102403

Files\Folders moved on Reboot...
C:\Users\afrosammy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\sndappv2.log scheduled to be moved on reboot.
C:\Windows\temp\~DF6B7544B9F59D7AEA.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.1
Java(TM) 6 Update 22
Java(TM) 6 Update 32
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0.2)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Hm, I seem to have a not-so-important problem now that I've done all this. Videos on most websites won't play until totally loaded.

Edit: Nevermind, found out the problem.
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Also, remove these two old versions of Java:

Java(TM) 6 Update 22
Java(TM) 6 Update 32


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
No, I think that's it. Thanks for all the help, I probably would've just had to deal with the crap on my computer without it
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
781
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back