Solved Poor Overall Performance Outlook missing PST files

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: sp2@sp.com:1.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_24.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/11 08:33:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Users\Owner\AppData\Local\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Users\Owner\AppData\Local\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com: C:\Program Files\Social Privacy\FF\

[2013/07/24 09:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2013/12/07 14:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions
[2013/12/01 12:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions
[2013/07/02 09:59:36 | 000,068,722 | R--- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\extensions\NoiaFoxoption@davidvincent.tld.xpi
[2013/07/02 09:59:36 | 002,511,800 | R--- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/12/01 10:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/01 10:55:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/12 00:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/07 09:41:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoScrSavPage = 0
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispApprearancePage = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..Trusted Domains: craigslist.org ([accounts] https in Trusted sites)
O15 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.228.160.7 216.228.160.8 216.228.160.5 216.228.160.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07AE6EC5-2B47-403F-BBC0-4AF2A6DB3EDE}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{153AD536-538C-4465-AFC8-58B94BDEC93D}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22542FF5-7590-40F2-9B2A-5FB89C04FAA9}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A}: DhcpNameServer = 198.224.166.135 198.224.167.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DCB2D10-C777-443E-89A6-979AD115657B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{518CD836-4FC2-4A22-AE14-B86249DAFE29}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: DhcpNameServer = 216.228.160.7 216.228.160.8 216.228.160.5 216.228.160.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B819E948-EA6F-41CF-9848-95199EBFC197}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B925B4EC-95DC-4FC3-9E8E-68F2E330D626}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E17B4E4D-9C95-4C58-B453-5AA9E72A2EC8}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF1A7DF2-51C7-439F-AD61-408A50762872}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\belarc - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O32 - AutoRun File - [2011/09/23 07:18:38 | 000,000,090 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/07 13:58:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/07 13:55:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Broni
[2013/12/07 10:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/12/07 10:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2013/12/07 09:41:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/12/07 09:39:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/07 09:24:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/12/01 16:48:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2013/12/01 16:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\REPORTS
[2013/12/01 16:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\LOGFILES
[2013/12/01 16:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\INFECTED
[2013/12/01 14:57:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbar
[2013/12/01 14:55:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\mbar
[2013/12/01 14:54:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\mbar
[2013/12/01 14:29:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
[2013/12/01 11:55:28 | 000,000,000 | ---D | C] -- C:\temp
[2013/12/01 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2013/12/01 09:48:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2013/12/01 09:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CrypKey
[2013/12/01 09:46:20 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2013/12/01 09:46:20 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
[2013/12/01 09:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Outlook PST Repair
[2013/12/01 09:45:51 | 010,016,840 | ---- | C] (Stellar Information Systems Ltd ) -- C:\spopr.exe
[2013/12/01 09:45:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/12/01 09:12:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple Computer
[2013/12/01 08:35:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft Help
[2013/11/30 11:50:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2013/11/30 11:49:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2013/11/30 11:23:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Diagnostics
[2013/11/30 11:20:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2013/11/30 09:42:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2013/11/30 09:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/11/30 09:35:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/11/30 09:35:04 | 000,067,680 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013/11/30 09:35:04 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/11/30 09:35:03 | 000,137,208 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/11/30 09:35:03 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/11/30 09:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/11/28 13:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/11/28 13:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2013/11/28 12:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\sp
[2013/11/28 11:43:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla Firefox
[2013/11/28 11:06:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/24 09:05:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/24 08:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/11/24 08:27:48 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/16 10:42:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Philip II
[2013/11/09 15:44:08 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/11/09 15:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/11/09 15:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2013/11/09 15:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/09 15:33:43 | 000,000,000 | ---D | C] -- C:\Mozilla Plugins
[2013/11/09 15:33:43 | 000,000,000 | ---D | C] -- C:\iTunesMiniPlayer.Resources
[2013/11/09 15:33:42 | 000,000,000 | ---D | C] -- C:\iTunesHelper.Resources
[2013/11/09 15:33:06 | 000,000,000 | ---D | C] -- C:\iTunes.Resources
[2013/11/09 15:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/09 15:32:59 | 000,000,000 | ---D | C] -- C:\CD Configuration
[2013/11/09 15:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/07 14:03:07 | 000,017,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 14:03:07 | 000,017,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 13:54:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/07 12:03:33 | 000,000,678 | ---- | M] () -- C:\Users\Owner\Desktop\.thumbnails - Shortcut (2).lnk
[2013/12/07 12:00:44 | 000,000,678 | ---- | M] () -- C:\Users\Owner\Desktop\.thumbnails - Shortcut.lnk
[2013/12/07 11:45:25 | 000,663,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/07 11:45:24 | 000,122,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/07 10:46:58 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/12/07 10:44:55 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/12/07 10:44:54 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/12/07 10:44:54 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/12/07 10:44:54 | 000,067,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013/12/07 10:44:54 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/12/07 09:44:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/07 09:41:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/07 09:22:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef370f644efdf.job
[2013/12/01 15:40:23 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/12/01 15:27:46 | 000,000,590 | ---- | M] () -- C:\Users\Owner\Desktop\settings.ini
[2013/12/01 12:25:43 | 000,071,732 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20131201_122521.reg
[2013/12/01 11:16:02 | 000,000,127 | ---- | M] () -- C:\Windows\Crypkey.ini
[2013/12/01 10:55:53 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/01 10:45:37 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.ind
[2013/12/01 10:22:24 | 000,001,103 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/12/01 09:47:44 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.nlp
[2013/12/01 09:47:44 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat
[2013/12/01 09:46:04 | 010,016,840 | ---- | M] (Stellar Information Systems Ltd ) -- C:\spopr.exe
[2013/11/30 11:49:35 | 000,001,105 | ---- | M] () -- C:\Users\Owner\Desktop\Mozilla Firefox.lnk
[2013/11/28 14:12:10 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/11/28 13:02:39 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/11/28 12:07:03 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/28 11:06:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/24 09:24:45 | 002,489,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\Procmon.exe
[2013/11/24 08:10:53 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\RootkitRevealer.exe
[2013/11/18 13:02:56 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/17 13:46:35 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/16 10:24:45 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/16 09:37:01 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/11/09 15:43:32 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/11/09 15:35:04 | 000,017,232 | ---- | M] () -- C:\Users\Owner\Documents\cc_20131109_153458.reg
[2013/11/09 15:33:48 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/07 12:03:33 | 000,000,678 | ---- | C] () -- C:\Users\Owner\Desktop\.thumbnails - Shortcut (2).lnk
[2013/12/07 12:00:44 | 000,000,678 | ---- | C] () -- C:\Users\Owner\Desktop\.thumbnails - Shortcut.lnk
[2013/12/07 09:22:53 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef370f644efdf.job
[2013/12/01 12:25:32 | 000,071,732 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20131201_122521.reg
[2013/12/01 10:55:53 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/01 10:52:51 | 000,001,105 | ---- | C] () -- C:\Users\Owner\Desktop\Mozilla Firefox.lnk
[2013/12/01 09:47:44 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/12/01 09:47:24 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.nlp
[2013/12/01 09:47:24 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.ind
[2013/12/01 09:47:00 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/12/01 09:46:20 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2013/12/01 09:46:20 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2013/12/01 09:46:20 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2013/12/01 09:46:20 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/11/30 09:35:28 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/11/28 13:00:45 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/11/16 10:24:45 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/09 15:35:01 | 000,017,232 | ---- | C] () -- C:\Users\Owner\Documents\cc_20131109_153458.reg
[2013/11/09 15:33:48 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/01 13:49:19 | 000,385,768 | ---- | C] () -- C:\Users\Owner\COCC-certificates.PNG
[2013/08/01 13:17:16 | 015,046,808 | ---- | C] () -- C:\Users\Owner\COCC-4 001.tif
[2013/08/01 13:15:34 | 018,402,336 | ---- | C] () -- C:\Users\Owner\COCC-3 001.tif
[2013/08/01 13:08:54 | 001,029,195 | ---- | C] () -- C:\Users\Owner\COCC-2 001.jpg
[2013/08/01 13:04:40 | 018,367,284 | ---- | C] () -- C:\Users\Owner\COCC-1 005.tif
[2013/07/25 14:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/25 14:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/25 14:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/25 12:42:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/25 12:42:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/25 12:42:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/25 12:42:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/25 12:42:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/24 13:23:14 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/03/09 19:11:02 | 000,030,926 | ---- | C] () -- C:\Users\Owner\alex7.jpg
[2013/03/09 19:10:45 | 000,022,789 | ---- | C] () -- C:\Users\Owner\alex6.jpg
[2013/03/09 19:09:28 | 000,065,555 | ---- | C] () -- C:\Users\Owner\alex5.jpg
[2013/03/09 19:09:04 | 000,044,542 | ---- | C] () -- C:\Users\Owner\alex4.jpg
[2013/03/09 19:07:58 | 000,040,506 | ---- | C] () -- C:\Users\Owner\alex3.jpg
[2013/03/09 19:06:51 | 000,031,286 | ---- | C] () -- C:\Users\Owner\alex2.jpg
[2013/03/09 19:06:03 | 000,002,575 | ---- | C] () -- C:\Users\Owner\alex1.jpg
[2012/12/02 12:07:59 | 000,002,012 | ---- | C] () -- C:\Users\Owner\Avira Control Center.lnk
[2012/11/22 12:00:12 | 000,000,592 | ---- | C] () -- C:\Windows\RegistryKit.ini
[2012/11/22 11:59:41 | 000,001,032 | ---- | C] () -- C:\Users\Owner\Registry Kit.lnk
[2012/11/10 13:21:27 | 000,001,815 | ---- | C] () -- C:\Users\Owner\QuickTime Player.lnk
[2012/11/04 13:59:53 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012/10/29 14:31:29 | 000,001,787 | ---- | C] () -- C:\Users\Owner\Tech-101 - Shortcut.lnk
[2012/10/29 13:01:46 | 000,001,385 | ---- | C] () -- C:\Users\Owner\google gmail name philipmoore59passworduserid - Shortcut.lnk
[2012/10/29 11:04:42 | 000,000,512 | ---- | C] () -- C:\Users\Owner\MBR.dat
[2012/10/07 14:04:14 | 000,001,142 | ---- | C] () -- C:\Users\Owner\bettycrockeruserid - Shortcut.lnk
[2012/09/15 14:11:05 | 000,000,099 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/09/06 07:53:03 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2012/09/04 18:17:27 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/08/30 10:00:08 | 000,001,688 | ---- | C] () -- C:\Users\Owner\08-30-2012.reg
[2012/08/30 08:00:09 | 000,005,602 | ---- | C] () -- C:\Users\Owner\ESETexe-fix.bat
[2012/08/20 00:18:30 | 000,602,112 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2012/08/08 14:00:33 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2012/08/02 09:17:07 | 000,000,984 | ---- | C] () -- C:\Users\Owner\PDF Reader.lnk
[2012/07/20 13:19:43 | 000,001,683 | ---- | C] () -- C:\Users\Owner\Google Drive.lnk
[2012/06/25 15:19:10 | 000,646,461 | ---- | C] () -- C:\Users\Owner\OED.pdf
[2012/06/25 15:09:42 | 000,650,648 | ---- | C] () -- C:\Users\Owner\IMG_0001_NEW.pdf
[2012/06/25 14:53:41 | 000,475,979 | ---- | C] () -- C:\Users\Owner\2011IRSTaxTranscriptII.pdf
[2012/06/25 14:52:27 | 000,674,649 | ---- | C] () -- C:\Users\Owner\2011IRSTaxTranscript.pdf
[2012/06/09 13:39:36 | 004,116,163 | ---- | C] () -- C:\Users\Owner\SGC Power Point.pdf
[2012/05/25 09:53:57 | 000,169,078 | ---- | C] () -- C:\Users\Owner\RMH letter for donations.pdf
[2012/05/15 06:35:31 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/05/11 12:23:43 | 000,009,097 | ---- | C] () -- C:\Users\Owner\3.2 Solving Linear Equations.SAV
[2012/04/05 17:46:10 | 000,215,220 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/28 09:52:33 | 000,000,040 | ---- | C] () -- C:\Users\Owner\Access.cod
[2012/03/23 12:18:34 | 000,000,288 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\MSBlint.dat
[2012/03/23 12:18:33 | 000,000,288 | ---- | C] () -- C:\ProgramData\PDF2XL-4-14.TrialData
[2012/03/17 07:07:49 | 000,009,185 | ---- | C] () -- C:\Users\Owner\II.5 Metric System Weight and Volume.SAV
[2012/03/16 14:48:49 | 000,024,926 | ---- | C] () -- C:\Users\Owner\II.6 U.S. Customary Measurements and Metric Equivalents.SAV
[2012/03/02 07:13:52 | 000,197,608 | ---- | C] () -- C:\Users\Owner\Capture.PNG
[2012/01/14 18:16:50 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/12/17 15:55:55 | 000,000,359 | ---- | C] () -- C:\Users\Owner\Recycle Bin - Shortcut.lnk
[2011/12/17 12:44:21 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/12/14 07:41:02 | 000,000,359 | ---- | C] () -- C:\Users\Owner\Recycle Bin - Shortcut (2).lnk
[2011/09/17 11:08:44 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.googlewebacchosts
[2011/08/30 12:09:59 | 000,000,040 | ---- | C] () -- C:\Users\Owner\Access code.COD
[2011/05/23 07:21:54 | 000,000,598 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/17 08:43:48 | 000,012,945 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/05/17 08:37:28 | 000,038,383 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/11 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/01/11 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/10/13 14:35:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2012/05/15 08:15:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2012/08/30 05:42:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BACS.exe
[2012/01/24 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blackboard
[2013/05/11 13:29:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2012/01/24 17:25:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Collaborate
[2011/10/21 08:50:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ColorCop
[2011/12/26 07:39:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/09/27 13:36:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.webkinesis.PicasaUploaderDesktop
[2011/12/17 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CSR
[2012/12/02 17:08:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/08/02 16:21:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easeware
[2012/08/30 09:55:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeFixer
[2013/07/25 12:38:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2013/07/12 09:48:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GlarySoft
[2012/07/13 07:20:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICQ Search
[2012/08/11 14:05:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2012/08/26 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iolo
[2011/12/26 09:09:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2013/09/14 10:46:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KeeperData
[2012/07/22 11:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KompoZer
[2012/12/01 14:43:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MotoCast
[2012/12/01 10:33:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola
[2012/06/15 15:58:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola Mobility
[2011/03/12 07:05:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/05/15 07:34:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security
[2012/08/31 07:37:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
[2012/11/22 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Qualcomm
[2013/09/02 09:43:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Radiocom
[2012/11/22 12:00:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Kit
[2012/02/07 06:17:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SecondLife
[2012/10/30 10:55:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/10/13 11:52:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SumatraPDF
[2013/07/09 06:54:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SyncTunesDesktop
[2012/05/16 07:14:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2012/09/02 09:33:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/09/17 10:32:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2012/09/13 10:57:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\URSoft
[2012/03/29 05:45:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2011/12/08 12:37:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ZeoBIT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/10/19 11:21:07 | 101,983,560 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\㯄‌᭔a
[2013/10/19 11:21:07 | 101,983,560 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\㯄‌᭔a
[2013/10/18 14:44:49 | 101,880,815 | ---- | M] ()(C:\Windows\System32\???w) -- C:\Windows\System32\㎚烏᭔w
[2013/10/18 14:44:49 | 101,880,815 | ---- | C] ()(C:\Windows\System32\???w) -- C:\Windows\System32\㎚烏᭔w
[2013/10/13 07:15:14 | 100,742,045 | ---- | M] ()(C:\Windows\System32\???q) -- C:\Windows\System32\읃�᭔q
[2013/10/13 07:15:14 | 100,742,045 | ---- | C] ()(C:\Windows\System32\???q) -- C:\Windows\System32\읃�᭔q
[2013/09/29 13:02:51 | 098,466,785 | ---- | M] ()(C:\Windows\System32\???_) -- C:\Windows\System32\獵ᣉ᭔_
[2013/09/29 13:02:51 | 098,466,785 | ---- | C] ()(C:\Windows\System32\???_) -- C:\Windows\System32\獵ᣉ᭔_

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E5A9D792

< End of report >

The scan titled "extras" from OTL is not found after the scan.
 
I"m not yet able to recover my PST file from my Outlook email. Can you give me direction how to do that?
Click to expand...
I'd suggest asking that question in Windows forum.

redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\JQIVQWH.exe -- (JQIVQWH)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\eusingtools.sys -- (eusingtools)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btmcom.sys -- (BTMCOM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
IE - HKLM\..\URLSearchHook: {8480b7b1-a45c-4feb-8653-60f834f7ca4b} - No CLSID value found
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49163;https=127.0.0.1:49163 
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: File not found
O2 - BHO: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O15 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..Trusted Domains: craigslist.org ([accounts] https in Trusted sites)
O15 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O18 - Protocol\Handler\belarc - No CLSID value found
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E5A9D792

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
First of many scan texts :)
All processes killed
========== OTL ==========
Service JQIVQWH stopped successfully!
Service JQIVQWH deleted successfully!
File C:\Users\Owner\AppData\Local\Temp\JQIVQWH.exe not found.
Service wanatw stopped successfully!
Service wanatw deleted successfully!
File system32\DRIVERS\wanatw4.sys not found.
Service VGPU stopped successfully!
Service VGPU deleted successfully!
Service tsusbhub stopped successfully!
Service tsusbhub deleted successfully!
Service Synth3dVsc stopped successfully!
Service Synth3dVsc deleted successfully!
Service ProcObsrv stopped successfully!
Service ProcObsrv deleted successfully!
File C:\Program Files\Glary Utilities 3\ProcObsrv.sys not found.
Service eusingtools stopped successfully!
Service eusingtools deleted successfully!
File C:\Windows\system32\drivers\eusingtools.sys not found.
Service cpuz134 stopped successfully!
Service cpuz134 deleted successfully!
File C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Owner\AppData\Local\Temp\catchme.sys not found.
Service BTMCOM stopped successfully!
Service BTMCOM deleted successfully!
File System32\Drivers\btmcom.sys not found.
Service b57w2k stopped successfully!
Service b57w2k deleted successfully!
File system32\DRIVERS\b57xp32.sys not found.
Service ApfiltrService stopped successfully!
Service ApfiltrService deleted successfully!
File system32\DRIVERS\Apfiltr.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8480b7b1-a45c-4feb-8653-60f834f7ca4b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}\ not found.
HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nielsen/FirefoxTracker\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}\ not found.
Registry key HKEY_USERS\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\craigslist.org\accounts\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
ADS C:\ProgramData\TEMP:E5A9D792 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7902916 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38727431 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 59222 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4012 bytes
RecycleBin emptied: 7776588 bytes

Total Files Cleaned = 52.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12072013_143311

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E25A16A9-49FB-4B80-A196-CC4BF132CEB1}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{07DA0347-3F8F-4B44-88AF-14D5D80CDDB4}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0A4DCE8F-35D4-4B21-8D86-B926CB1B6E11}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{49F96B2A-0628-4580-A146-98EEFC02DC9F}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BFBF9F16-3ED1-4953-88AC-A9935D8C0BE7}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C8231B23-6AF0-40A7-8A66-0AE905D81020}.tmp not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
SlimCleaner
Adobe Flash Player 12.0.0.24
Adobe Reader XI
Mozilla Firefox (25.0.1)
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 05-12-2013
Ran by Owner (administrator) on 07-12-2013 at 14:58:02
Running from "C:\Users\Owner\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-11-16 10:23] - [2013-11-16 10:23] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-11-16 10:23] - [2013-11-16 10:23] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 15:54] - [2013-07-08 20:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
I'm at 69% it's found two infections. I'll get it to you just as soon as it complete. Thanks for checking up on me :)
 
This is the results of the eset online scan. I shut the scan down after 3.5 hours.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe Win32/AdWare.Adpeak.B application
C:\Program Files\Registry Kit\RegistryKit.exe a variant of Win32/Adware.RegGenie application
 
I will run the eset online scan tonight after I'm through with my system. I will post the scan after completion.
 
While still waiting on my eset online to finish, I thought I would ask if you can tell me if responding to online forums ie: Apple Support community is considered risky activity concerning picking up infections? Thanks
 
So my eset is still running and I'm about to call it a day. I will check on the results of the scan tonight. You made mention of the fact that when I initially shut down the scan that I didn't set it to automatically delete the infections. I carefully looked for this setting prior to restarting the scan. What will I see when the scan has completed and will I then have the option to delete what the results end up with ? The scan is currently at about 95% and it's showing 74 infections which is MORE that what is resulted last. How should I respond moving forward once the scan has completed? Thanks .
 
You can't change setting back now so just post a log when ready and I'll take a look.
 
Completed ESET scan as requested:


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=243fe4ce04c9704698edfd02957d58ee
# engine=16190
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-09 01:49:38
# local_time=2013-12-08 05:49:38 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 76 0 0 0 0
# compatibility_mode=1036 16777214 0 0 46332200 46332200 0 0
# compatibility_mode=5893 16776573 100 76 32504 138098569 0 0
# scanned=160466
# found=74
# cleaned=44
# scan_time=9798
sh=B2F2065D7E428C89A1972AC99058EC0B53A2D69D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=DB20E734B5C972AB6EBB25CE301370607FE6AF74 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=DB51332A37F65FD4863EE1B8A5BA62A02DA885F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CD6C49370804B033E758D7EC277EA0D08B95B890 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=2184DFBF93B03726607BF2C44682CF058FB2987B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=7FA1F70DC4D115E8332782563357A35C5E6445A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\SearchProtect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js.vir"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\Users\Owner\AppData\Local\temp\tbConn.dll"
sh=0426FF7F92792C8E0202A07286A02371FD4DB89C ft=1 fh=bb71dc653bc49e1b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\Users\Owner\AppData\LocalLow\TrustWorthy\ldrtbTrus.dll"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\Users\Owner\AppData\LocalLow\TrustWorthy\tbTrus.dll"
sh=50E707CDE70E3578C9711AC4B7D397E64AC65863 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Owner\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120515091559103.rsc"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\{d413fe4a-650f-79aa-0451-6294b57fcf03}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\{d413fe4a-650f-79aa-0451-6294b57fcf03}\components\SmartbarFireFoxRemotePlugin_21.dll"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\{d413fe4a-650f-79aa-0451-6294b57fcf03}\components\SmartbarFireFoxRemotePlugin_22.dll"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\{d413fe4a-650f-79aa-0451-6294b57fcf03}\components\SmartbarFireFoxRemotePlugin_23.dll"
sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\{d413fe4a-650f-79aa-0451-6294b57fcf03}\components\SmartbarFireFoxRemotePlugin_24.dll"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\{d413fe4a-650f-79aa-0451-6294b57fcf03}\components\SmartbarFireFoxRemotePlugin_25.dll"
sh=AD980B0D1C1DD260DD7E5FF422A6B1206FB460C7 ft=1 fh=a6a6080262c1e0bc vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Users\Owner\Downloads\avira_free_antivirus_en.exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B application" ac=I fn="C:\Users\Owner\Downloads\cbsidlm-cbsi145-123_Free_Solitaire-SEO-10022517.exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B application" ac=I fn="C:\Users\Owner\Downloads\cbsidlm-cbsi145-Remo_Repair_Outlook_PST-SEO-75185902.exe"
sh=88099B15F44085C604561CC3220037089ACF69D4 ft=1 fh=71c126d4d84d61a4 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Owner\Downloads\quicksolitaireforwindows-setup(1).exe"
sh=F1DF5FC447686437ED7596D42C506EE36EA473CF ft=1 fh=db34081ed84d61a4 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Owner\Downloads\quicksolitaireforwindows-setup.exe"
sh=B23C4ACD5772155646B8C7DA7D23D0153415641C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\43628.crx.vir"
sh=107D47D6D5A43A27E27ABB1CC3A3ABE8D11908B5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\43628.xpi.vir"
sh=E2132C25658DF80202D9976C31C6BF924854738C ft=1 fh=d3800358d72a5d7f vn="probably a variant of Win32/Toolbar.CrossRider.I application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\weDownload Manager Pro-helper.exe.vir"
sh=0B725D3D22F04E7E9A806331FD8ABCA697972A5F ft=1 fh=c774139e963126f3 vn="Win32/AdWare.Adpeak.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Mozilla Firefox\browser\nsprotector.js"
sh=CF7E356FE8C8D30D2F7F4322648F5115B54DFE92 ft=1 fh=feef088ae88f9d71 vn="a variant of Win32/Adware.RegGenie application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Registry Kit\RegistryKit.exe"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=05AFDDD9F2930AE5FC24A301EB8542795D09B5A9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=FBCA935E295A6F9DD0A6118DAE63ADB15EC5F2DD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CD6C49370804B033E758D7EC277EA0D08B95B890 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.8_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\125_arcadi2_m.js.vir"
 
I'm offline for tonight and likely until Thursday or Friday. THANK YOU so very much for your assistance. I'll check back latter part of the week.
 
Your Action Center is disabled.

Go Start and in "Start search" type:
services.msc
Press Enter

Services windows will open.
Scroll down to Security Center service, right click on it, click "Properties" and under "Startup type" select "Automatic" from drop down menu.
Restart computer.

===========================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
THANK YOU very much!
System is much better.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 32720791 bytes
->Temporary Internet Files folder emptied: 9193619 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 272270549 bytes
->Google Chrome cache emptied: 12179955 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1549 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1418 bytes
RecycleBin emptied: 79058284 bytes

Total Files Cleaned = 387.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12092013_112241

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

S
WHAT DOES THIS MEAN
Replies
4
Views
168
stumped
S
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
4K
Broni
Broni

Latest posts

Back