Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Feb 10th, 2013  |  syntax: None  |  size: 7.97 KB  |  views: 100  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. :services
  2.  
  3. :OTL
  4. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243
  5. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir=
  6. IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
  7. IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  8. IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir=
  9. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243
  10. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  11. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir=
  12. IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
  13. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  14. IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir=
  15. IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
  16. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  17. IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
  18. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  19. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=110825&babsrc=HP_ss&mntrId=cadc2f5e000000000000001e6588387c
  20. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243
  21. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804
  22. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=cadc2f5e0000000000000c6076fa9804
  23. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
  24. IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=262062202
  25. FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Letícia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
  26. CHR - homepage: http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804
  27. CHR - homepage: http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804
  28. CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
  29. CHR - plugin: BrowserProtect (Enabled) = C:\Users\Let\u00EDcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
  30. CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Let\u00EDcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_0\BabylonChromeToolBar.dll
  31. O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
  32. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  33. O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
  34. O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  35. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  36. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
  37. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
  38. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  39. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  40. O3 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  41. O3 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  42. O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
  43. O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
  44. O4 - HKLM..\Run: [tuto4pc_pt_6]  File not found
  45. O4 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001..\Run: [Facebook Update] C:\Users\Letícia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
  46. [2013-01-25 14:25:23 | 000,000,000 | ---D | C] -- C:\Users\Letícia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
  47. @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E1F04E8D
  48. @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
  49. @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
  50. @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
  51. :Reg
  52.  
  53. :Files
  54. C:\Program Files (x86)\SweetIM
  55. C:\Program Files (x86)\Windows Service
  56. C:\Users\Letícia\AppData\Local\Facebook
  57. C:\ProgramData\BrowserProtect
  58. C:\Program Files (x86)\Delta
  59. C:\Users\Letícia\AppData\Roaming\Delta
  60. C:\Users\Letícia\AppData\Roaming\BabSolution
  61. C:\Program Files (x86)\BabylonToolbar
  62. C:\Users\Letícia\AppData\Roaming\Babylon
  63. C:\Program Files (x86)\sweetpacks bundle uninstaller
  64. C:\Users\Letícia\AppData\Local\RavenBleuSA
  65. C:\Users\Letícia\Funmoods
  66. C:\ProgramData\FullRemove.exe
  67. C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4271489008-2781956344-773273156-1001UA.job
  68. C:\Windows\SysWow64\drivers\rlketnj.sys
  69. C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4271489008-2781956344-773273156-1001Core.job
  70. C:\Windows\tasks\cfdcall.bin
  71. ipconfig /flushdns /c
  72.  
  73. :Commands
  74. [purity]
  75. [resethosts]
  76. [CreateRestorePoint]
  77. [emptytemp]
  78. [EMPTYFLASH]
clone this paste RAW Paste Data