Cassiopesa Virus- Help me Remove

F

Freerunner

Member
After trying to download Vudu to Go, I found that I also must have caught the Cassiopesa virus. Every time I open either Chrome or Firefox, one of the tabs opens automatically to a blank cassiopesa.com site. Following the directions on the sticky note, I have run the different utilities and here are the results:

# AdwCleaner v4.201 - Logfile created 29/05/2015 at 15:45:19
# Updated 08/04/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Bob - SHADOW
# Running from : C:\Users\Bob\Desktop\System Maint\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v43.0.2357.81


-\\ Chromium v44.0.2392.0


*************************

AdwCleaner[R0].txt - [5305 bytes] - [05/01/2014 22:07:16]
AdwCleaner[R10].txt - [2127 bytes] - [14/04/2014 13:00:49]
AdwCleaner[R11].txt - [5086 bytes] - [19/08/2014 08:09:18]
AdwCleaner[R12].txt - [7035 bytes] - [15/04/2015 15:51:06]
AdwCleaner[R13].txt - [2345 bytes] - [15/04/2015 16:29:55]
AdwCleaner[R14].txt - [2405 bytes] - [16/04/2015 10:17:26]
AdwCleaner[R15].txt - [2525 bytes] - [17/04/2015 21:25:05]
AdwCleaner[R16].txt - [4890 bytes] - [29/05/2015 13:01:15]
AdwCleaner[R17].txt - [2798 bytes] - [29/05/2015 15:42:22]
AdwCleaner[R1].txt - [1024 bytes] - [13/01/2014 17:58:53]
AdwCleaner[R2].txt - [1146 bytes] - [04/02/2014 10:36:56]
AdwCleaner[R3].txt - [1266 bytes] - [05/02/2014 13:56:50]
AdwCleaner[R4].txt - [1387 bytes] - [05/02/2014 19:59:12]
AdwCleaner[R5].txt - [1507 bytes] - [05/02/2014 22:12:14]
AdwCleaner[R6].txt - [1764 bytes] - [06/02/2014 14:56:54]
AdwCleaner[R7].txt - [1769 bytes] - [08/02/2014 17:29:13]
AdwCleaner[R8].txt - [6258 bytes] - [14/04/2014 09:38:36]
AdwCleaner[R9].txt - [2006 bytes] - [14/04/2014 12:06:33]
AdwCleaner[S0].txt - [5138 bytes] - [05/01/2014 22:08:25]
AdwCleaner[S10].txt - [2190 bytes] - [14/04/2014 13:01:26]
AdwCleaner[S11].txt - [5218 bytes] - [19/08/2014 08:11:13]
AdwCleaner[S12].txt - [6884 bytes] - [15/04/2015 15:52:34]
AdwCleaner[S13].txt - [2471 bytes] - [16/04/2015 10:19:34]
AdwCleaner[S14].txt - [2590 bytes] - [17/04/2015 21:26:07]
AdwCleaner[S15].txt - [4645 bytes] - [29/05/2015 13:02:15]
AdwCleaner[S16].txt - [2191 bytes] - [29/05/2015 15:45:19]
AdwCleaner[S1].txt - [1086 bytes] - [13/01/2014 18:00:19]
AdwCleaner[S2].txt - [1208 bytes] - [04/02/2014 10:37:50]
AdwCleaner[S3].txt - [1328 bytes] - [05/02/2014 13:57:43]
AdwCleaner[S4].txt - [1448 bytes] - [05/02/2014 20:01:45]
AdwCleaner[S5].txt - [1568 bytes] - [05/02/2014 22:12:44]
AdwCleaner[S6].txt - [1827 bytes] - [06/02/2014 14:57:36]
AdwCleaner[S7].txt - [1830 bytes] - [08/02/2014 17:30:32]
AdwCleaner[S8].txt - [5063 bytes] - [14/04/2014 09:41:50]
AdwCleaner[S9].txt - [2067 bytes] - [14/04/2014 12:07:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S16].txt - [2782 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by Bob on Fri 05/29/2015 at 15:48:52.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Bob\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Bob\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Bob\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Bob\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/29/2015 at 15:52:23.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/29/2015
Scan Time: 3:53:57 PM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.29.06
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387132
Time Elapsed: 11 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

OTL logfile created on: 5/29/2015 4:08:08 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Desktop\System Maint
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17801)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.48 Gb Available Physical Memory | 74.81% Memory free
12.83 Gb Paging File | 11.22 Gb Available in Paging File | 87.51% Paging File free
Paging file location(s): c:\pagefile.sys 7000 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 794.61 Gb Free Space | 85.31% Space Free | Partition Type: NTFS

Computer Name: SHADOW | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (Avast Software s.r.o.)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)
PRC - C:\Users\Bob\Desktop\System Maint\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\log.dll ()
MOD - C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)
SRV:64bit: - (AvastVBoxSvc) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HPSupportSolutionsFrameworkService) -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (Avast Software s.r.o.)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (Avast Software s.r.o.)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (Avast Software s.r.o.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (Avast Software s.r.o.)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (Avast Software s.r.o.)
DRV:64bit: - (VBoxAswDrv) -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys (Avast Software)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (SIUSBXP) -- C:\Windows\SysNative\drivers\SiUSBXp.sys (Silicon Laboratories)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SRS_PremSoundMon) -- C:\Windows\SysNative\drivers\SRS_PremSoundMon_amd64.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (DSI_SiUSBXp_3_1) -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys (Silicon Laboratories)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (FXDrv32) -- C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FXDrv64.sys (Your Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D}: "URL" = https://www.google.com/search?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Old Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{F42DCC6F-7160-489D-B50B-D3D06C21ECFA}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Cassiopesa"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/04/27 07:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/04/05 17:23:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/04/28 21:15:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/04/28 21:15:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/04/28 21:15:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/04/28 21:15:26 | 000,000,000 | ---D | M]

[2010/05/07 04:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2015/05/29 12:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\64d8n0iz.default-1391808771890\extensions
[2015/04/28 21:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015/04/28 21:15:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2015/04/28 21:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/04/28 21:15:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/04/27 07:53:20 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2014/04/05 17:23:17 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.522.11440_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2014/02/06 09:59:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: checkfreeweb.com ([firstcitizens] https in Trusted sites)
O15 - HKCU\..Trusted Domains: firstcitizens.com ([banking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: firstcitizens.com ([billpay05] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://etciec102.coca-cola.com/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 11.40.2)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://apps.ko.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 11.40.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1224BF16-ED9B-4985-B37A-573484D794F3}: DhcpNameServer = 192.168.1.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9800ADBA-23E7-4656-B87F-F6D1EBD394BD}: DhcpNameServer = 192.168.2.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A58E3849-C45F-4942-AC56-437586CF302F}: DhcpNameServer = 64.33.128.10 209.143.0.10
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/05/29 15:33:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2015/05/29 11:57:41 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Chromium
[2015/05/29 11:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2015/05/29 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2015/05/20 07:45:12 | 000,000,000 | R--D | C] -- C:\Users\Bob\Desktop\Auto Recall Info
[2015/05/17 10:46:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\LogMeIn Rescue Applet
[2015/05/14 16:14:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartSwitch
[2015/05/13 20:15:48 | 000,000,000 | ---D | C] -- C:\c6931e2d25202ca450cd03d0fef332
[2015/05/13 07:24:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2015/05/12 09:01:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Outlook Files
[2015/05/09 09:03:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2015/05/07 17:53:52 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Skype
[2015/05/07 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Skype
[2015/05/07 17:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/05/07 17:53:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/05/07 17:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/05/07 17:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2015/05/29 15:55:33 | 000,022,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/05/29 15:55:33 | 000,022,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/05/29 15:53:52 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/05/29 15:47:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/05/29 15:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/05/29 15:46:07 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2015/05/29 15:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/05/29 15:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2015/05/29 15:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/05/25 17:55:25 | 000,000,092 | ---- | M] () -- C:\Users\Bob\Desktop\Product Manuals - Whirlpool Water Treatment.url
[2015/05/24 15:37:56 | 007,543,562 | ---- | M] () -- C:\Users\Bob\Desktop\2011.pdf
[2015/05/24 11:51:39 | 000,786,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/05/24 11:51:39 | 000,665,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/05/24 11:51:39 | 000,123,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/05/20 09:04:58 | 000,000,082 | ---- | M] () -- C:\Users\Bob\Desktop\Billing Software.url
[2015/05/17 12:34:57 | 001,381,991 | ---- | M] () -- C:\Users\Bob\Desktop\20150516_205249.jpg
[2015/05/17 12:34:40 | 000,910,749 | ---- | M] () -- C:\Users\Bob\Desktop\20150516_201345.jpg
[2015/05/17 12:34:02 | 003,825,337 | ---- | M] () -- C:\Users\Bob\Desktop\20150516_201444.jpg
[2015/05/17 12:33:52 | 001,508,217 | ---- | M] () -- C:\Users\Bob\Desktop\20150516_205241.jpg
[2015/05/17 12:30:56 | 001,632,598 | ---- | M] () -- C:\Users\Bob\Desktop\20150516_225313.jpg
[2015/05/17 10:52:57 | 000,024,411 | ---- | M] () -- C:\Users\Bob\Desktop\calendar copy.CSV
[2015/05/17 10:52:56 | 000,012,996 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Comma Separated Values.CAL
[2015/05/15 17:31:21 | 000,000,071 | ---- | M] () -- C:\Users\Bob\Desktop\Office 365 Home.url
[2015/05/15 14:56:25 | 000,000,816 | ---- | M] () -- C:\Users\Bob\Desktop\TeraCopy.lnk
[2015/05/15 13:51:10 | 000,000,226 | ---- | M] () -- C:\Users\Bob\Desktop\Office 365 support.url
[2015/05/15 13:29:16 | 000,000,225 | ---- | M] () -- C:\Users\Bob\Desktop\Outlook Chat Help.url
[2015/05/15 12:45:39 | 000,000,067 | ---- | M] () -- C:\Users\Bob\Desktop\Microsoft account - Home.url
[2015/05/14 16:44:46 | 000,002,147 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
[2015/05/14 16:44:46 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Smart Switch.lnk
[2015/05/14 11:28:54 | 000,599,801 | ---- | M] () -- C:\Users\Bob\Desktop\Statement_May 2015.pdf
[2015/05/13 20:29:05 | 000,442,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/05/13 07:23:38 | 000,002,317 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk
[2015/05/07 17:49:35 | 000,778,700 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2015/05/25 17:55:25 | 000,000,092 | ---- | C] () -- C:\Users\Bob\Desktop\Product Manuals - Whirlpool Water Treatment.url
[2015/05/24 15:37:51 | 007,543,562 | ---- | C] () -- C:\Users\Bob\Desktop\2011.pdf
[2015/05/20 09:04:58 | 000,000,082 | ---- | C] () -- C:\Users\Bob\Desktop\Billing Software.url
[2015/05/17 12:34:48 | 001,381,991 | ---- | C] () -- C:\Users\Bob\Desktop\20150516_205249.jpg
[2015/05/17 12:34:30 | 000,910,749 | ---- | C] () -- C:\Users\Bob\Desktop\20150516_201345.jpg
[2015/05/17 12:34:02 | 003,825,337 | ---- | C] () -- C:\Users\Bob\Desktop\20150516_201444.jpg
[2015/05/17 12:33:45 | 001,508,217 | ---- | C] () -- C:\Users\Bob\Desktop\20150516_205241.jpg
[2015/05/17 12:30:47 | 001,632,598 | ---- | C] () -- C:\Users\Bob\Desktop\20150516_225313.jpg
[2015/05/17 10:52:56 | 000,012,996 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Comma Separated Values.CAL
[2015/05/17 10:52:43 | 000,024,411 | ---- | C] () -- C:\Users\Bob\Desktop\calendar copy.CSV
[2015/05/15 17:31:21 | 000,000,071 | ---- | C] () -- C:\Users\Bob\Desktop\Office 365 Home.url
[2015/05/15 13:51:10 | 000,000,226 | ---- | C] () -- C:\Users\Bob\Desktop\Office 365 support.url
[2015/05/15 13:29:16 | 000,000,225 | ---- | C] () -- C:\Users\Bob\Desktop\Outlook Chat Help.url
[2015/05/15 12:45:39 | 000,000,067 | ---- | C] () -- C:\Users\Bob\Desktop\Microsoft account - Home.url
[2015/05/14 16:44:46 | 000,002,147 | ---- | C] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
[2015/05/14 16:44:46 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Smart Switch.lnk
[2015/05/14 11:28:53 | 000,599,801 | ---- | C] () -- C:\Users\Bob\Desktop\Statement_May 2015.pdf
[2015/05/13 07:23:38 | 000,002,317 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk
[2015/05/08 08:33:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/04/15 15:59:26 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-SHADOW-Windows-7-Home-Premium-(64-bit).dat
[2014/11/20 00:18:01 | 000,000,044 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\WB.CFG
[2014/02/06 09:52:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/06 09:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/06 09:52:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/06 09:52:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/06 09:52:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/24 12:16:41 | 000,038,442 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013/05/05 17:37:51 | 000,000,017 | ---- | C] () -- C:\Users\Bob\AppData\Local\resmon.resmoncfg
[2012/09/23 21:20:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/17 20:21:12 | 000,034,814 | ---- | C] () -- C:\Users\Bob\AppData\Local\dt.dat
[2011/12/09 18:51:41 | 000,000,508 | ---- | C] () -- C:\Users\Bob\AppData\Local\RT61_{1224BF16-ED9B-4985-B37A-573484D794F3}_ap
[2011/12/09 18:46:38 | 000,000,777 | ---- | C] () -- C:\Users\Bob\AppData\Local\RT61_{1224BF16-ED9B-4985-B37A-573484D794F3}_prof
[2010/01/17 15:58:29 | 000,038,424 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft Excel 97-2003.ADR

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 00:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 00:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/08 15:33:15 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\AVAST Software
[2014/11/20 00:56:34 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\com.adobe.air.settings.manager
[2014/11/20 00:56:34 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\com.adobe.air.settings.manager.419D633A757E8B26DD2BDB301927BA7BA7490F38.1
[2009/12/08 18:58:36 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/20 20:22:44 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\EssentialPIM
[2013/12/20 19:39:53 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FileOpen
[2013/03/13 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\GARMIN
[2009/12/25 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\ICAClient
[2014/04/05 17:24:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2014/04/23 16:53:53 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Oracle
[2015/05/14 16:44:37 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Samsung
[2014/01/06 21:08:51 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Smead
[2011/11/06 14:00:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Smith Micro
[2015/04/25 09:48:25 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TeraCopy
[2012/12/13 10:15:42 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TuneUp Software
[2009/12/09 21:25:49 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Wargaming.Net
[2013/12/24 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 
Looks like junkware removal tool removed the problem from chrome but didn't remove it from firefox. Rerun OTL again but this time copy and paste the following into the custom scans/fixes box at the bottom and click on the run fix button up top.
Code: 
:OTL
FF - prefs.js..browser.search.defaultenginename.US: "Cassiopesa"
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP1B5B4F1

If you still have the problem in chrome let me know.
 
You must log in or register to reply here.
Back
Top