API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 10th, 2013
226
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.97 KB | None | 0 0
raw download clone embed print report
  1. :services
  2.  
  3. :OTL
  4. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243
  5. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir=
  6. IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
  7. IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  8. IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir=
  9. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243
  10. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  11. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir=
  12. IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
  13. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  14. IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir=
  15. IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
  16. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  17. IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
  18. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  19. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=110825&babsrc=HP_ss&mntrId=cadc2f5e000000000000001e6588387c
  20. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243
  21. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804
  22. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=cadc2f5e0000000000000c6076fa9804
  23. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
  24. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=262062202
  25. FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Letícia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
  26. CHR - homepage: http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804
  27. CHR - homepage: http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804
  28. CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
  29. CHR - plugin: BrowserProtect (Enabled) = C:\Users\Let\u00EDcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
  30. CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Let\u00EDcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_0\BabylonChromeToolBar.dll
  31. O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
  32. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  33. O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
  34. O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  35. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  36. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
  37. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
  38. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  39. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  40. O3 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  41. O3 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  42. O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
  43. O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
  44. O4 - HKLM..\Run: [tuto4pc_pt_6] File not found
  45. O4 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001..\Run: [Facebook Update] C:\Users\Letícia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
  46. [2013-01-25 14:25:23 | 000,000,000 | ---D | C] -- C:\Users\Letícia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
  47. @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E1F04E8D
  48. @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
  49. @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
  50. @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
  51. :Reg
  52.  
  53. :Files
  54. C:\Program Files (x86)\SweetIM
  55. C:\Program Files (x86)\Windows Service
  56. C:\Users\Letícia\AppData\Local\Facebook
  57. C:\ProgramData\BrowserProtect
  58. C:\Program Files (x86)\Delta
  59. C:\Users\Letícia\AppData\Roaming\Delta
  60. C:\Users\Letícia\AppData\Roaming\BabSolution
  61. C:\Program Files (x86)\BabylonToolbar
  62. C:\Users\Letícia\AppData\Roaming\Babylon
  63. C:\Program Files (x86)\sweetpacks bundle uninstaller
  64. C:\Users\Letícia\AppData\Local\RavenBleuSA
  65. C:\Users\Letícia\Funmoods
  66. C:\ProgramData\FullRemove.exe
  67. C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4271489008-2781956344-773273156-1001UA.job
  68. C:\Windows\SysWow64\drivers\rlketnj.sys
  69. C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4271489008-2781956344-773273156-1001Core.job
  70. C:\Windows\tasks\cfdcall.bin
  71. ipconfig /flushdns /c
  72.  
  73. :Commands
  74. [purity]
  75. [resethosts]
  76. [CreateRestorePoint]
  77. [emptytemp]
  78. [EMPTYFLASH]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!