ads appearing

johnb35

johnb35

Administrator
Staff member
Ok. I just realized you ran combofix before running malwarebytes and malwarebytes actually deleted the file and folder so you are good to go.

I would assume you are not having any issues as this time?
 
bbudesa

bbudesa

Member
dang, I wish it were that simple.

Actually, I did go into Firefox/tools/options/content, and found and deleted an exception to the 'block popup windows' rule, but I'm still receiving these silly popup windows. Fewer than before, but they're still coming in.

Do the PUPs files that Rkill found get killed when I run MalwareBytes, or one of the other programs?

If I do run these various "anti" programs you had me download (thank you by the way), in what sequence should they be run? Always as administrator?

Any other tips? I'll run some of these by myself for a while, and see what happens. All of the popups occur when I'm in Firefox, which is my chosen browser. Hell, one just popped up while I was typing this!

Thanks John.

PS - when I closed this message, I noticed some of the words were in RED. What's that all about?
 
Last edited:
johnb35

johnb35

Administrator
Staff member
Not sure what you mean by words in red. What you are seeing with this is..

Code: 
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups

Just means you are running a custom hosts file that will block you from visiting those bad websites, which is a good thing.

You may want to try running an adblocker such as adblock plus.

https://adblockplus.org

sequence of running programs.

1. adwcleaner
2. Malwarebytes
3. Hijackhthis

And then we go from there.
 
bbudesa

bbudesa

Member
thanks a million John.

I'll take it from here, and let you know how it goes.

I really appreciate your expertise and time.

Bob
 
johnb35

johnb35

Administrator
Staff member
Not a problem. Just let me know if you continue to have issues after installing the adblocker.
 
johnb35

johnb35

Administrator
Staff member
Running this program may help us determine the cause of your popups. It's a little different type of scan just follow the directions.

It's a direct link so once it loads a download box should appear.

Download OTL to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

•Click on Minimal Output at the top

•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file.
 
bbudesa

bbudesa

Member
Thanks John. Take a look:

OTL logfile created on: 10/7/2013 9:05:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 79.86% Memory free
15.50 Gb Paging File | 12.72 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 315.77 Gb Free Space | 67.81% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 170.84 Gb Free Space | 36.68% Space Free | Partition Type: NTFS

Computer Name: BUDESAPC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 24 A3 19 FA 79 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49551;https=127.0.0.1:49551

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.msn.com/?ppud=4"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: twitter%40disconnect.me:2.1.2
FF - prefs.js..extensions.enabledAddons: extension%40FastFreeConverter.com:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 14:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/09/18 05:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/18 15:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/16 06:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 14:44:14 | 000,000,000 | ---D | M]

[2013/10/01 15:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Extensions
[2013/10/06 20:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions
[2012/11/29 10:42:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Toolbar) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Update) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2013/07/01 12:24:00 | 000,035,303 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\[email protected]
[2013/10/06 20:22:57 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/13 11:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/21 12:01:12 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/09/30 19:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/03 21:12:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/30 19:46:04 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/04/15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]\content
[2013/04/15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]\defaults

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/05 08:14:59 | 000,037,341 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.icksor.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.dungtank.com # hosts anti-adware / pups
O1 - Hosts: 619 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0134af61-7a0c-4649-aeca-90d776060cb3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/13 12:46:38 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC2C1E85-256B-4516-8B9E-255E48D3022D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/06 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/10/06 13:27:34 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\ATI
[2013/10/06 12:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/06 11:27:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/06 11:25:29 | 000,000,000 | ---D | C] -- C:\Combofix
[2013/10/06 10:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/06 10:32:26 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Bob\Desktop\rkill.com
[2013/10/06 09:25:06 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2013/10/05 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\ESET
[2013/10/05 12:14:47 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/05 12:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/05 12:14:09 | 027,878,304 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Bob\Desktop\SUPERAntiSpyware.exe
[2013/10/05 12:05:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2013/10/05 09:07:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2013/10/05 08:29:16 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/10/05 08:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/05 08:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/10/05 07:36:40 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HPAppData
[2013/10/04 22:40:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/04 22:40:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/04 22:40:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/04 22:31:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/04 22:31:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/04 22:22:04 | 005,130,782 | R--- | C] (Swearware) -- C:\Users\Bob\Desktop\Combofix.exe
[2013/10/04 20:54:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/03 20:51:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Diagnostics
[2013/10/03 18:44:41 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Anti-Malware
[2013/10/03 16:50:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/03 15:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/03 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Programs
[2013/10/02 06:45:00 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\SightSpeed Recordings
[2013/10/02 06:43:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2013/10/01 15:27:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Macromedia
[2013/10/01 09:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/10/01 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/10/01 06:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2013/09/30 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
[2013/09/30 15:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/30 15:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/24 19:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2013/03/30 22:01:42 | 002,000,040 | ---- | C] (Driver Restore) -- C:\Program Files (x86)\DriverRestore.exe
[2011/05/17 02:53:09 | 000,411,136 | ---- | C] (Google) -- C:\Program Files (x86)\googleearth.exe
[2011/05/17 02:18:36 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2011/05/17 02:18:36 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2011/05/17 02:14:05 | 005,816,320 | ---- | C] (OSGeo) -- C:\Program Files (x86)\gdal17.dll

========== Files - Modified Within 30 Days ==========

[2013/10/07 20:56:32 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
[2013/10/07 20:56:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/07 20:56:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/07 20:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 16:45:55 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 16:45:55 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 16:14:58 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/07 16:12:48 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/06 12:35:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 10:32:22 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Bob\Desktop\rkill.com
[2013/10/06 08:53:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/10/06 08:53:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/10/06 00:25:07 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2013/10/05 13:12:30 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
[2013/10/05 12:14:14 | 027,878,304 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Bob\Desktop\SUPERAntiSpyware.exe
[2013/10/05 12:05:59 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2013/10/05 09:07:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2013/10/05 08:29:16 | 000,002,965 | ---- | M] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2013/10/05 08:14:59 | 000,037,341 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/04 22:32:44 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/10/04 22:30:53 | 005,130,782 | R--- | M] (Swearware) -- C:\Users\Bob\Desktop\Combofix.exe
[2013/10/04 20:06:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/04 11:46:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/03 16:50:02 | 001,045,226 | ---- | M] () -- C:\Users\Bob\Desktop\adwcleaner.exe
[2013/10/02 22:46:31 | 000,000,258 | RHS- | M] () -- C:\Users\Bob\ntuser.pol
[2013/10/01 21:35:14 | 000,835,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/01 21:35:14 | 000,692,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 21:35:14 | 000,131,834 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 06:08:24 | 000,001,031 | ---- | M] () -- C:\Users\Bob\Desktop\WinDirStat.lnk
[2013/09/30 17:17:45 | 000,818,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/30 15:51:31 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/18 05:58:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/13 03:01:46 | 000,002,637 | ---- | M] () -- C:\Users\Bob\Desktop\Microsoft Office Excel 2007.lnk
[2013/09/12 15:46:00 | 001,931,335 | ---- | M] () -- C:\Users\Bob\Desktop\vrp-20130821-144401.mp4
[2013/09/12 03:30:16 | 000,334,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/06 12:35:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 08:49:18 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/10/06 08:49:18 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/10/05 12:15:01 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
[2013/10/05 12:15:00 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
[2013/10/05 08:29:16 | 000,002,965 | ---- | C] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2013/10/04 22:40:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/04 22:40:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/04 22:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/04 22:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/04 22:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/03 16:49:49 | 001,045,226 | ---- | C] () -- C:\Users\Bob\Desktop\adwcleaner.exe
[2013/10/01 06:08:24 | 000,001,031 | ---- | C] () -- C:\Users\Bob\Desktop\WinDirStat.lnk
[2013/09/30 19:46:19 | 000,000,258 | RHS- | C] () -- C:\Users\Bob\ntuser.pol
[2013/09/30 15:51:31 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/12 15:46:00 | 001,931,335 | ---- | C] () -- C:\Users\Bob\Desktop\vrp-20130821-144401.mp4
[2013/04/01 07:32:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Inst2891.dll
[2011/12/31 20:10:07 | 000,004,608 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 11:32:19 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/10/29 11:32:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/29 11:24:35 | 000,835,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/17 02:41:13 | 000,291,840 | ---- | C] () -- C:\Program Files (x86)\gpsbabel.exe
[2011/05/17 02:40:52 | 000,056,320 | ---- | C] () -- C:\Program Files (x86)\earthflashsol.exe
[2011/05/17 02:17:54 | 000,053,248 | ---- | C] () -- C:\Program Files (x86)\wavdest.ax
[2011/05/17 02:13:54 | 000,352,333 | ---- | C] () -- C:\Program Files (x86)\pcs.csv
[2011/05/17 02:13:54 | 000,233,102 | ---- | C] () -- C:\Program Files (x86)\ecw_cs.dat
[2011/05/17 02:13:54 | 000,145,621 | ---- | C] () -- C:\Program Files (x86)\projop_wparm.csv
[2011/05/17 02:13:54 | 000,107,562 | ---- | C] () -- C:\Program Files (x86)\gdal_datum.csv
[2011/05/17 02:13:54 | 000,031,394 | ---- | C] () -- C:\Program Files (x86)\s57objectclasses.csv
[2011/05/17 02:13:54 | 000,028,075 | ---- | C] () -- C:\Program Files (x86)\gcs.csv
[2011/05/17 02:13:54 | 000,021,893 | ---- | C] () -- C:\Program Files (x86)\s57expectedinput.csv
[2011/05/17 02:13:54 | 000,018,006 | ---- | C] () -- C:\Program Files (x86)\unit_of_measure.csv
[2011/05/17 02:13:54 | 000,011,875 | ---- | C] () -- C:\Program Files (x86)\ellipsoid.csv
[2011/05/17 02:13:54 | 000,010,573 | ---- | C] () -- C:\Program Files (x86)\stateplane.csv
[2011/05/17 02:13:54 | 000,009,236 | ---- | C] () -- C:\Program Files (x86)\seed_2d.dgn
[2011/05/17 02:13:54 | 000,007,452 | ---- | C] () -- C:\Program Files (x86)\s57attributes.csv
[2011/05/17 02:13:54 | 000,002,048 | ---- | C] () -- C:\Program Files (x86)\seed_3d.dgn
[2011/05/17 02:13:54 | 000,001,613 | ---- | C] () -- C:\Program Files (x86)\prime_meridian.csv
[2011/05/17 02:13:54 | 000,000,444 | ---- | C] () -- C:\Program Files (x86)\gdalicon.png
[2011/05/17 02:13:51 | 000,003,812 | ---- | C] () -- C:\Program Files (x86)\WMV9_Highest_Quality_Video_(16mbps).prx
[2011/05/17 02:13:51 | 000,003,794 | ---- | C] () -- C:\Program Files (x86)\WMV9_DVD_Quality_(6mbps).prx
[2011/05/17 02:13:39 | 000,005,219 | ---- | C] () -- C:\Program Files (x86)\ImporterUISettings.ini
[2011/05/17 02:13:39 | 000,001,013 | ---- | C] () -- C:\Program Files (x86)\ImporterGlobalSettings.ini
[2011/05/17 02:13:39 | 000,000,704 | ---- | C] () -- C:\Program Files (x86)\PCOptimizations.ini
[2011/05/17 02:13:31 | 000,075,289 | ---- | C] () -- C:\Program Files (x86)\drivers.ini
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\kh56
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\googleearth.exe.local
[2010/09/21 12:05:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/17 13:45:21 | 000,000,377 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/03 12:36:37 | 000,000,213 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\default.rss
[2010/05/03 12:32:50 | 000,000,000 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\downloads.m3u
[2009/12/30 16:45:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks
[2009/12/30 16:45:45 | 000,000,268 | RH-- | C] () -- C:\Users\Bob\AppData\Roaming\Trance Pad
[2009/12/30 16:45:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/14 14:34:48 | 000,024,601 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Comma Separated Values (Windows).ADR

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/29 14:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DeLorme
[2013/02/16 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DirectoryListPrintPro
[2013/10/02 06:43:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2013/10/04 21:38:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Dropbox
[2013/10/01 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Garmin
[2013/10/02 12:51:22 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\GlarySoft
[2010/09/21 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2013/10/01 15:18:11 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\NCH Swift Sound
[2009/12/30 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Nikon
[2009/12/11 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2010/02/16 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OverDrive
[2010/06/12 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
 
johnb35

johnb35

Administrator
Staff member
Ok, please do the following.

Open OTL again and copy and paste the following lines inside the custom scans box at the bottom.

Code: 
:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_80 0_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKLM\..\Toolbar: (no name) - {0134af61-7a0c-4649-aeca-90d776060cb3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720
:commands
[emptytemp]

Then click on the run fix button at the top. Post the log that it comes back with after running the fix.


Then I need to see a log that combofix produces but doesn't show you. Please navigate to C:\Qoobox and in that folder is a file named add-remove programs.txt Open that file and copy and paste the contents back here.
 
bbudesa

bbudesa

Member
Here's the file John. Thanks


Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 11.6
Advertising Center
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 4
Audacity 1.2.6
avast! Internet Security
Bagpipe Music Writer Gold
Bing Bar
BufferChm
C309g-m
CameraHelperMsi
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
D3DX10
DeLorme Topo North America 9.0
Destinations
DeviceDiscovery
DiMAGE Scan Dual4 ver.1.0
DolbyFiles
EPU-4 Engine
EQ5
EQ6
EQ6 Update
EQ7 Upgrade
erLT
Express Burn
Express Rip
File Uploader
Google Chrome
Google Earth
Google Earth Pro
GPBaseService2
HiJackThis
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ImagXpress
iSEEK AnswerWorks English Runtime
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 29
LAME v3.99.3 (for Windows)
LightScribe System Software
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Menu Templates - Starter Kit
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Templates - Starter Kit
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero 9 Trial
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Nikon Message Center
Nikon Transfer
OpenOffice.org 3.1
OrchidWiz Encyclopedia 9.0
OverDrive Media Console
Picasa 3
Platform
PS_AIO_06_C309g-m_SW_Min
QuickTime
Quilting Designs Volume 6
Realtek 8136 8168 8169 Ethernet Driver
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Skype Toolbars
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sql Server Customer Experience Improvement Program
Status
Supertintin 1.2.0.5
Switch Sound File Converter
swMSM
SysTools DBX Converter
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 woriper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wohiper
TurboTax 2010 woriper
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
WavePad Sound Editor
WebReg
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZOOM H Series Audio Driver
 
johnb35

johnb35

Administrator
Staff member
Ok. It's possible they have been deleted with one of the programs we have used already. I have looked over the logs though and can't find where they were deleted.

Have you ran the otl fix yet? Would like for you to check to see if you are still getting ads after running the fix.
 
bbudesa

bbudesa

Member
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0134af61-7a0c-4649-aeca-90d776060cb3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0134af61-7a0c-4649-aeca-90d776060cb3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ not found.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:373E1720 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 11000 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4017022 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 818 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Terri
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51104969 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10082013_125507

Files\Folders moved on Reboot...
C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


John - things seem to be working much better. No popup ads thus far.

Thanks Amigo! I sure appreciate your help.
 
Last edited:
bbudesa

bbudesa

Member
Much of what was accomplished in our work (your work, John) has been good.

What's happening now may not be pop-ups per se, but they're entire, full screen ads appearing as soon as I click on a button (sports on MSNBC, for instance).

Some screens (ads for detergent, or similar) I can just x-click my way out, others I have to shut the entire website down, and re-enter. Some screens are a gray opaque-looking screen that I can see through, but cannot move or function around.

I don't know what they're called except frustrating!

I've run adwCleaner, Malwarebytes, HiJackThis to no avail. they're still there.

any ideas?

sorry to be a pita!
 
johnb35

johnb35

Administrator
Staff member
Ok, do me a favor.

Try loading that page using a different browser and see if it still happens. If not, then you still have a browser addon causing this.

Also at this time, rerun the otl scan.

Download OTL to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

•Click on Minimal Output at the top

•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file.
 
bbudesa

bbudesa

Member
Haven't run the other browser test yet. Here's OTL log:

OTL logfile created on: 10/13/2013 7:20:59 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.51 Gb Available Physical Memory | 83.95% Memory free
15.50 Gb Paging File | 13.49 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 311.43 Gb Free Space | 66.88% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 166.68 Gb Free Space | 35.79% Space Free | Partition Type: NTFS

Computer Name: BUDESAPC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 24 A3 19 FA 79 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.msn.com/?ppud=4"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: twitter%40disconnect.me:2.1.2
FF - prefs.js..extensions.enabledAddons: extension%40FastFreeConverter.com:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 14:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/09/18 05:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/18 15:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/11 19:50:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 14:44:14 | 000,000,000 | ---D | M]

[2013/10/01 15:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Extensions
[2013/10/09 14:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions
[2012/11/29 10:42:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Toolbar) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Update) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2013/07/01 12:24:00 | 000,035,303 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\[email protected]
[2013/10/09 14:26:42 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/13 11:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/21 12:01:12 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/09/30 19:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/03 21:12:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/30 19:46:04 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/04/15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]\content
[2013/04/15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]\defaults

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: Chrome In-App Payments service = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\

O1 HOSTS File: ([2013/10/05 08:14:59 | 000,037,341 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.icksor.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.dungtank.com # hosts anti-adware / pups
O1 - Hosts: 619 more lines...
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC2C1E85-256B-4516-8B9E-255E48D3022D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/13 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Autoruns
[2013/10/08 13:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/08 13:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/08 13:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/08 07:20:10 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/10/08 06:35:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/06 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/10/06 13:27:34 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\ATI
[2013/10/06 12:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/06 11:27:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/06 11:25:29 | 000,000,000 | ---D | C] -- C:\Combofix
[2013/10/06 10:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/06 10:32:26 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Bob\Desktop\rkill.com
[2013/10/06 09:25:06 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2013/10/05 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\ESET
[2013/10/05 12:14:47 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/05 12:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/05 12:05:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2013/10/05 09:07:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2013/10/05 08:29:16 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/10/05 08:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/05 08:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/10/05 07:36:40 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HPAppData
[2013/10/04 22:40:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/04 22:40:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/04 22:40:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/04 22:31:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/04 22:31:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/04 22:22:04 | 005,130,782 | R--- | C] (Swearware) -- C:\Users\Bob\Desktop\Combofix.exe
[2013/10/04 20:54:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/03 20:51:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Diagnostics
[2013/10/03 18:44:41 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Anti-Malware
[2013/10/03 16:50:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/03 15:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/03 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Programs
[2013/10/02 06:45:00 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\SightSpeed Recordings
[2013/10/02 06:43:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2013/10/01 15:27:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Macromedia
[2013/10/01 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/10/01 06:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2013/09/30 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
[2013/09/30 15:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/30 15:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/24 19:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2013/03/30 22:01:42 | 002,000,040 | ---- | C] (Driver Restore) -- C:\Program Files (x86)\DriverRestore.exe
[2011/05/17 02:53:09 | 000,411,136 | ---- | C] (Google) -- C:\Program Files (x86)\googleearth.exe
[2011/05/17 02:18:36 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2011/05/17 02:18:36 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2011/05/17 02:14:05 | 005,816,320 | ---- | C] (OSGeo) -- C:\Program Files (x86)\gdal17.dll

========== Files - Modified Within 30 Days ==========

[2013/10/13 18:54:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/13 15:34:10 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
[2013/10/13 15:34:09 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
[2013/10/13 15:33:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/13 15:33:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/13 15:33:41 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/13 15:30:34 | 000,550,371 | ---- | M] () -- C:\Users\Bob\Desktop\Autoruns.zip
[2013/10/12 13:44:28 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/12 13:44:28 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/12 13:36:07 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/09 13:03:07 | 001,048,960 | ---- | M] () -- C:\Users\Bob\Desktop\AdwCleaner.exe
[2013/10/09 06:55:29 | 001,401,588 | ---- | M] () -- C:\Users\Bob\Desktop\Label-276901437-420054133.pdf
[2013/10/08 20:21:54 | 000,859,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/08 20:21:54 | 000,721,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/08 20:21:54 | 000,139,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/08 16:49:13 | 000,334,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 14:41:42 | 000,000,143 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\default.rss
[2013/10/06 12:35:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 10:32:22 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Bob\Desktop\rkill.com
[2013/10/06 08:53:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/10/06 08:53:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/10/06 00:25:07 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2013/10/05 12:05:59 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2013/10/05 09:07:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2013/10/05 08:29:16 | 000,002,965 | ---- | M] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2013/10/05 08:14:59 | 000,037,341 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/04 22:32:44 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/10/04 22:30:53 | 005,130,782 | R--- | M] (Swearware) -- C:\Users\Bob\Desktop\Combofix.exe
[2013/10/04 20:06:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/04 11:46:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/02 22:46:31 | 000,000,258 | RHS- | M] () -- C:\Users\Bob\ntuser.pol
[2013/10/01 21:35:14 | 000,835,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/01 06:08:24 | 000,001,031 | ---- | M] () -- C:\Users\Bob\Desktop\WinDirStat.lnk
[2013/09/30 15:51:31 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/18 05:58:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

========== Files Created - No Company Name ==========

[2013/10/13 15:30:47 | 000,550,371 | ---- | C] () -- C:\Users\Bob\Desktop\Autoruns.zip
[2013/10/09 13:03:18 | 001,048,960 | ---- | C] () -- C:\Users\Bob\Desktop\AdwCleaner.exe
[2013/10/09 06:55:39 | 001,401,588 | ---- | C] () -- C:\Users\Bob\Desktop\Label-276901437-420054133.pdf
[2013/10/06 12:35:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 08:49:18 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/10/06 08:49:18 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/10/05 12:15:01 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
[2013/10/05 12:15:00 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
[2013/10/05 08:29:16 | 000,002,965 | ---- | C] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2013/10/04 22:40:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/04 22:40:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/04 22:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/04 22:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/04 22:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/01 06:08:24 | 000,001,031 | ---- | C] () -- C:\Users\Bob\Desktop\WinDirStat.lnk
[2013/09/30 19:46:19 | 000,000,258 | RHS- | C] () -- C:\Users\Bob\ntuser.pol
[2013/09/30 15:51:31 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/01 07:32:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Inst2891.dll
[2011/12/31 20:10:07 | 000,004,608 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 11:32:19 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/10/29 11:32:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/29 11:24:35 | 000,835,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/17 02:41:13 | 000,291,840 | ---- | C] () -- C:\Program Files (x86)\gpsbabel.exe
[2011/05/17 02:40:52 | 000,056,320 | ---- | C] () -- C:\Program Files (x86)\earthflashsol.exe
[2011/05/17 02:17:54 | 000,053,248 | ---- | C] () -- C:\Program Files (x86)\wavdest.ax
[2011/05/17 02:13:54 | 000,352,333 | ---- | C] () -- C:\Program Files (x86)\pcs.csv
[2011/05/17 02:13:54 | 000,233,102 | ---- | C] () -- C:\Program Files (x86)\ecw_cs.dat
[2011/05/17 02:13:54 | 000,145,621 | ---- | C] () -- C:\Program Files (x86)\projop_wparm.csv
[2011/05/17 02:13:54 | 000,107,562 | ---- | C] () -- C:\Program Files (x86)\gdal_datum.csv
[2011/05/17 02:13:54 | 000,031,394 | ---- | C] () -- C:\Program Files (x86)\s57objectclasses.csv
[2011/05/17 02:13:54 | 000,028,075 | ---- | C] () -- C:\Program Files (x86)\gcs.csv
[2011/05/17 02:13:54 | 000,021,893 | ---- | C] () -- C:\Program Files (x86)\s57expectedinput.csv
[2011/05/17 02:13:54 | 000,018,006 | ---- | C] () -- C:\Program Files (x86)\unit_of_measure.csv
[2011/05/17 02:13:54 | 000,011,875 | ---- | C] () -- C:\Program Files (x86)\ellipsoid.csv
[2011/05/17 02:13:54 | 000,010,573 | ---- | C] () -- C:\Program Files (x86)\stateplane.csv
[2011/05/17 02:13:54 | 000,009,236 | ---- | C] () -- C:\Program Files (x86)\seed_2d.dgn
[2011/05/17 02:13:54 | 000,007,452 | ---- | C] () -- C:\Program Files (x86)\s57attributes.csv
[2011/05/17 02:13:54 | 000,002,048 | ---- | C] () -- C:\Program Files (x86)\seed_3d.dgn
[2011/05/17 02:13:54 | 000,001,613 | ---- | C] () -- C:\Program Files (x86)\prime_meridian.csv
[2011/05/17 02:13:54 | 000,000,444 | ---- | C] () -- C:\Program Files (x86)\gdalicon.png
[2011/05/17 02:13:51 | 000,003,812 | ---- | C] () -- C:\Program Files (x86)\WMV9_Highest_Quality_Video_(16mbps).prx
[2011/05/17 02:13:51 | 000,003,794 | ---- | C] () -- C:\Program Files (x86)\WMV9_DVD_Quality_(6mbps).prx
[2011/05/17 02:13:39 | 000,005,219 | ---- | C] () -- C:\Program Files (x86)\ImporterUISettings.ini
[2011/05/17 02:13:39 | 000,001,013 | ---- | C] () -- C:\Program Files (x86)\ImporterGlobalSettings.ini
[2011/05/17 02:13:39 | 000,000,704 | ---- | C] () -- C:\Program Files (x86)\PCOptimizations.ini
[2011/05/17 02:13:31 | 000,075,289 | ---- | C] () -- C:\Program Files (x86)\drivers.ini
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\kh56
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\googleearth.exe.local
[2010/09/21 12:05:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/17 13:45:21 | 000,000,377 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/03 12:36:37 | 000,000,143 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\default.rss
[2010/05/03 12:32:50 | 000,000,000 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\downloads.m3u
[2009/12/30 16:45:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks
[2009/12/30 16:45:45 | 000,000,268 | RH-- | C] () -- C:\Users\Bob\AppData\Roaming\Trance Pad
[2009/12/30 16:45:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/14 14:34:48 | 000,024,601 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Comma Separated Values (Windows).ADR

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/29 14:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DeLorme
[2013/02/16 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DirectoryListPrintPro
[2013/10/02 06:43:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2013/10/04 21:38:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Dropbox
[2013/10/01 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Garmin
[2010/09/21 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2013/10/01 15:18:11 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\NCH Swift Sound
[2009/12/30 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Nikon
[2009/12/11 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2010/02/16 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OverDrive
[2010/06/12 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Uniblue

========== Purity Check ==========



< End of report >
 
You must log in or register to reply here.
Top