Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome reports Virus Scan Failed on all downloads, IE works FireFox Works


  • This topic is locked This topic is locked
48 replies to this topic

#1 DRRummel

DRRummel

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 17 July 2014 - 10:57 PM

I did not suspect that this was a virus.  But while Google-ing for a solution I came across a post here that resoved the issue. http://www.bleepingcomputer.com/forums/t/511425/virus-scan-failed-in-chrome/

 

Based on Chrome support forums suggestions:

1. Even though IE and FireFox can download files I have tried to disable the scanning of download.  via a registry change under MS\policy key.

2. Disable Anti-virus

3. Renaming AVG8.dlls and rebooting.

4. Running Malware AntiBytes

5. Uninstalling and reinstalling Chrome.

 

My futile attempts to clean the machine:

1. I have tried to disable any toolbars (AVGSafeSearch)

2. Uninstall all AntiVirus appliactions.  I found traces of AVG8, AVG9, Advast, and AVG2104.

3. When that failed I loaded MS Security Essentials

4.  Check for multiple firewalls running

5. Installed new copies of IE and Chrome

6. Ran windows update, just to be up to date.

7. Ran SFC /Scannow

8. Ran SuperAntiSpyware

9. Ran Spybot S&D

10. Ran TDSSLiller

11. Ran HitManPro 3.7

 

The registry has strange random numeric entries that I believe came from a virus.  I am in over my head and need the help of a professional volunteer.

 

 

DDS.log:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16561  BrowserJavaVersion: 10.51.2
Run by Severe Family at 23:34:37 on 2014-07-17
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\MyDrive Connect\MyDriveConnect.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
mStart Page = about:blank
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - LocalServer32 - <no file>
EB: {B0DE3308-5D5A-470D-81B9-634FC078393B} - <orphaned>
uRun: [MyDriveConnect.exe] c:\program files\mydrive connect\MyDriveConnect.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6A3E90C5-BD30-43A5-B881-B67808231127} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F62C4470-9CA5-4842-A9E8-DDB9838C16BC} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - LocalServer32 - <no file>
AppInit_DLLs= protector.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\severe family\appdata\roaming\mozilla\firefox\profiles\b8tlnkre.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - prefs.js: keyword.url - hxxp://www.goonsearch.com/web.html?source=ibr-ib-pdp-ins-dbs&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\severe family\appdata\roaming\mozilla\firefox\profiles\b8tlnkre.default\extensions\textlinks@lplay.com\components\lptlf.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - ExtSQL: 2014-07-16 22:50; firefox-hotfix@mozilla.org; c:\users\severe family\appdata\roaming\mozilla\firefox\profiles\b8tlnkre.default\extensions\firefox-hotfix@mozilla.org.xpi
FF - ExtSQL: !HIDDEN! 2009-09-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R? Amazon Download Agent;Amazon Download Agent
R? BLKWGD;Belkin Wireless G Desktop Card Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? CouponAlert_2pService;Coupon AlertService
R? MapsGalaxy_39Service;MapsGalaxyService
R? rt70x86;Linksys Home Wireless-G USB Adaptor Driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service
S? avgtp;avgtp
S? EPSON_PM_RPCV4_05;EPSON V3 Service4(05)
S? EpsonCustomerParticipation;EpsonCustomerParticipation
S? EpsonScanSvc;Epson Scanner Service
S? FontCache;Windows Font Cache Service
S? MBAMSwissArmy;MBAMSwissArmy
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
S? RtkAudioService;Realtek Audio Service
S? TomTomHOMEService;TomTomHOMEService
S? vToolbarUpdater17.0.1;vToolbarUpdater17.0.1
.
=============== Created Last 30 ================
.
2014-07-17 07:48:16 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{61721fba-5384-4a4a-88b2-e8bf0dac0609}\mpengine.dll
2014-07-16 07:47:13 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-11 07:50:31 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ecd95dea-9109-4c02-ba45-2ef93c08b7af}\gapaengine.dll
2014-07-05 16:52:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-07-05 16:52:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2014-07-05 11:42:22 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2a0c4e11-0c24-4667-81b8-405f9f6ecd9f}\gapaengine.dll
2014-07-04 12:52:33 -------- d-----w- c:\programdata\SUPERSetup
2014-07-04 03:22:23 -------- d-----w- c:\users\severe family\appdata\roaming\SUPERAntiSpyware.com
2014-07-04 03:21:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-07-04 03:21:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-06-30 19:16:51 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-06-29 16:55:15 -------- d-----w- c:\programdata\Malwarebytes
2014-06-29 03:53:27 -------- d--h--w- c:\windows\msdownld.tmp
2014-06-28 18:18:13 -------- d-----w- c:\program files\Microsoft Security Client
2014-06-28 18:12:55 221568 ----a-w- c:\windows\system32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-07-09 12:14:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 12:14:22 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-07 00:19:04 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll
.
============= FINISH: 23:35:44.35 ===============

Attached Files


Edited by DRRummel, 17 July 2014 - 11:01 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 22 July 2014 - 11:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541399 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 22 July 2014 - 11:18 PM

 

 

OS x86 Vista Home

new DDS.log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561  BrowserJavaVersion: 10.51.2
Run by Severe Family at 0:11:19 on 2014-07-23
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\MyDrive Connect\MyDriveConnect.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
mStart Page = about:blank
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - LocalServer32 - <no file>
EB: {B0DE3308-5D5A-470D-81B9-634FC078393B} - <orphaned>
uRun: [MyDriveConnect.exe] c:\program files\mydrive connect\MyDriveConnect.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6A3E90C5-BD30-43A5-B881-B67808231127} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F62C4470-9CA5-4842-A9E8-DDB9838C16BC} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - LocalServer32 - <no file>
AppInit_DLLs= protector.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\severe family\appdata\roaming\mozilla\firefox\profiles\b8tlnkre.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - prefs.js: keyword.url - hxxp://www.goonsearch.com/web.html?source=ibr-ib-pdp-ins-dbs&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\severe family\appdata\roaming\mozilla\firefox\profiles\b8tlnkre.default\extensions\textlinks@lplay.com\components\lptlf.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - ExtSQL: 2014-07-16 22:50; firefox-hotfix@mozilla.org; c:\users\severe family\appdata\roaming\mozilla\firefox\profiles\b8tlnkre.default\extensions\firefox-hotfix@mozilla.org.xpi
FF - ExtSQL: !HIDDEN! 2009-09-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R? Amazon Download Agent;Amazon Download Agent
R? BLKWGD;Belkin Wireless G Desktop Card Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? CouponAlert_2pService;Coupon AlertService
R? MapsGalaxy_39Service;MapsGalaxyService
R? MBAMSwissArmy;MBAMSwissArmy
R? rt70x86;Linksys Home Wireless-G USB Adaptor Driver
R? vToolbarUpdater17.0.1;vToolbarUpdater17.0.1
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service
S? avgtp;avgtp
S? EPSON_PM_RPCV4_05;EPSON V3 Service4(05)
S? EpsonCustomerParticipation;EpsonCustomerParticipation
S? EpsonScanSvc;Epson Scanner Service
S? FontCache;Windows Font Cache Service
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
S? RtkAudioService;Realtek Audio Service
S? TomTomHOMEService;TomTomHOMEService
.
=============== Created Last 30 ================
.
2014-07-22 04:23:00 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c04c71b5-9167-4ac7-affd-12a6669cd571}\gapaengine.dll
2014-07-22 04:20:40 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a31949f8-9907-4b08-855d-fa3ffe133dc4}\mpengine.dll
2014-07-21 04:20:26 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-11 07:50:31 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ecd95dea-9109-4c02-ba45-2ef93c08b7af}\gapaengine.dll
2014-07-05 16:52:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-07-05 16:52:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2014-07-04 12:52:33 -------- d-----w- c:\programdata\SUPERSetup
2014-07-04 03:22:23 -------- d-----w- c:\users\severe family\appdata\roaming\SUPERAntiSpyware.com
2014-07-04 03:21:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-07-04 03:21:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-06-30 19:16:51 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-06-29 16:55:15 -------- d-----w- c:\programdata\Malwarebytes
2014-06-29 03:53:27 -------- d--h--w- c:\windows\msdownld.tmp
2014-06-28 18:18:13 -------- d-----w- c:\program files\Microsoft Security Client
2014-06-28 18:12:55 221568 ----a-w- c:\windows\system32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-07-09 12:14:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 12:14:22 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-07 00:19:04 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll
.
============= FINISH:  0:12:18.61 ===============
 



#4 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 22 July 2014 - 11:19 PM

i have attached the Attach.log

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 PM

Posted 23 July 2014 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#6 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 23 July 2014 - 09:53 PM

AdwCleaner hung while deleting directories.

MBAM.log below.

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/23/2014
Scan Time: 8:34:49 PM
Logfile: MWAB.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.23.08
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Severe Family
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 269966
Time Elapsed: 28 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 23 July 2014 - 10:47 PM

AdwCleaner[R0].log

# AdwCleaner v3.216 - Report created 23/07/2014 at 21:13:04
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Severe Family - SEVEREFAMILY-PC
# Running from : C:\Users\Severe Family\Desktop\adwcleaner_3.216.exe
# Option : Scan

***** [ Services ] *****

Service Found : CouponAlert_2pService
Service Found : MapsGalaxy_39Service

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Found : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\invalidprefs.js
File Found : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\Askcom.xml
File Found : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\ask-search.xml
File Found : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\bingp.xml
File Found : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\SearchTheWeb.xml
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\GamesBar
Folder Found : C:\ProgramData\bProtector
Folder Found : C:\ProgramData\GamesBar
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Severe Family\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
Folder Found : C:\Users\Severe Family\AppData\LocalLow\Conduit
Folder Found : C:\Users\Severe Family\AppData\LocalLow\CouponAlert_2p
Folder Found : C:\Users\Severe Family\AppData\LocalLow\MixiDJ_V30
Folder Found : C:\Users\Severe Family\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Severe Family\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Severe Family\AppData\LocalLow\Zango
Folder Found : C:\Users\Severe Family\AppData\Roaming\DriverCure
Folder Found : C:\Users\Severe Family\AppData\Roaming\iWin
Folder Found : C:\Users\Severe Family\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Severe Family\AppData\Roaming\speedypc software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\alot
Key Found : HKCU\Software\AppDataLow\Software\iWon
Key Found : HKCU\Software\bProtector
Key Found : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CouponAlert_2pbar Uninstall
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\file2linkib
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MapsGalaxy_39bar Uninstall
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKCU\Software\speedypc software
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{60FC9013-4A5A-4306-9695-FCE0A6617F22}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7924FD2B-877C-4395-A063-A88AB887EA6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A4116F8C-A634-4536-B9EF-6B9EBCC5BAE1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\gamesbar
Key Found : HKLM\Software\GamesBarSetup
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\speedypc software
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Trymedia Systems
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\prefs.js ]

Line Found : user_pref("browser.search.selectedengine", "ask.com");
Line Found : user_pref("extensions.enabledaddons", "gamesbar@oberon-media.com:1.2.1.112,textlinks@lplay.com:1.0.0,toolbar@ask.com:3.15.4.23821,wecarereminder@bryan:4.0.10.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:8[...]
Line Found : user_pref("extensions.gamesbar.msnus.homepage", "hxxp://www.goonsearch.com/?source=ibr-ib-pdp-ins-hp");
Line Found : user_pref("keyword.url", "hxxp://www.goonsearch.com/web.html?source=ibr-ib-pdp-ins-dbs&q=");
Line Found : user_pref("smartbar.machineId", "KX90VSMUPTPBWMMIXDLZAUP8SH6H5CW5334YFRE12KB2WZHVXOKIAICGNYN9QYGSUDOJ+DGIQGTWGBQUY/UTIA");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : fdkednngfjmpnljkolbapdednncafhen

*************************

AdwCleaner[R0].txt - [24060 octets] - [23/07/2014 21:13:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [24121 octets] ##########



#8 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 23 July 2014 - 11:03 PM

Like I said, AdwCleaner was hung deleteing directories.  So I terminated the first run and ran it again.  This time the only directory it found was:

Folder Found : C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
 

 

Looks suspcious to me.  The second AdwCleaner scan \clean is hung again deleteing directories.

Here is the directory structure under the bracnch for the directory tree is attached.


directory tree for the chrome extension is attached.

Attached Files

  • Attached File  tree.log   115.02KB   1 downloads


#9 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 23 July 2014 - 11:10 PM

Farbar is running now.  I hope I will post up the results after work on Thursday.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 PM

Posted 24 July 2014 - 07:19 AM

Post the Farbar log and will take it from there.

I will keep an eye for this extention that should be removed.
C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen

#11 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 24 July 2014 - 11:35 AM

Thanks.

 

I let AdwCleaner ran overnight and it did complete by morning.  So mybe it did remove that Chrome extensions directory.  I wil post the Farbar log tonight.


Edited by DRRummel, 24 July 2014 - 07:00 PM.


#12 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 24 July 2014 - 07:02 PM

Second run of AdwCleaner log:

 

# AdwCleaner v3.216 - Report created 23/07/2014 at 23:22:51
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Severe Family - SEVEREFAMILY-PC
# Running from : C:\Users\Severe Family\Desktop\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\invalidprefs.js
File Deleted : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\bingp.xml
File Deleted : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\SearchTheWeb.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{60FC9013-4A5A-4306-9695-FCE0A6617F22}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7924FD2B-877C-4395-A063-A88AB887EA6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A4116F8C-A634-4536-B9EF-6B9EBCC5BAE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\gamesbar
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CouponAlert_2pbar Uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\file2linkib
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MapsGalaxy_39bar Uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.selectedengine", "ask.com");
Line Deleted : user_pref("extensions.enabledaddons", "gamesbar@oberon-media.com:1.2.1.112,textlinks@lplay.com:1.0.0,toolbar@ask.com:3.15.4.23821,wecarereminder@bryan:4.0.10.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:8[...]
Line Deleted : user_pref("extensions.gamesbar.msnus.homepage", "hxxp://www.goonsearch.com/?source=ibr-ib-pdp-ins-hp");
Line Deleted : user_pref("keyword.url", "hxxp://www.goonsearch.com/web.html?source=ibr-ib-pdp-ins-dbs&q=");
Line Deleted : user_pref("smartbar.machineId", "KX90VSMUPTPBWMMIXDLZAUP8SH6H5CW5334YFRE12KB2WZHVXOKIAICGNYN9QYGSUDOJ+DGIQGTWGBQUY/UTIA");
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : fdkednngfjmpnljkolbapdednncafhen
 
*************************
 
AdwCleaner[R0].txt - [24202 octets] - [23/07/2014 21:13:04]
AdwCleaner[R1].txt - [23016 octets] - [23/07/2014 23:17:21]
AdwCleaner[S0].txt - [1540 octets] - [23/07/2014 22:04:20]
AdwCleaner[S1].txt - [23007 octets] - [23/07/2014 23:22:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [23068 octets] ##########


#13 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 24 July 2014 - 07:06 PM

FRST.log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-07-2014
Ran by Severe Family (administrator) on SEVEREFAMILY-PC on 24-07-2014 00:08:39
Running from C:\Users\Severe Family\Desktop\FarBar
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\Severe Family\Desktop\adwcleaner_3.216.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter 
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter 
HKU\S-1-5-21-2987767724-3150818610-2699517615-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-2987767724-3150818610-2699517615-1000\...\Run: [CollaborationHost] => C:\Windows\system32\p2phost.exe [192000 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2987767724-3150818610-2699517615-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2987767724-3150818610-2699517615-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2987767724-3150818610-2699517615-1000\...\MountPoints2: {044cc6b0-59ff-11de-945f-001921a084db} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2987767724-3150818610-2699517615-1000\...\MountPoints2: {b47b264c-d648-11db-ab8f-001921a084db} - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
HKU\S-1-5-21-2987767724-3150818610-2699517615-1000\...\MountPoints2: {bbc84b9d-b2ed-11e3-9143-001921a084db} - G:\DPFMate.exe
AppInit_DLLs: protector.dll => C:\Windows\system32\protector.dll [748544 2012-01-04] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: sasnative32autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {30BE9173-249A-4F0B-B775-51E6E873F9B6} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.goonsearch.com/web.html?source=IBR-IB-PDP-INS-DBS&q={searchTerms}
SearchScopes: HKLM - {3E935B96-16B0-4512-8E7B-1E9632A5114D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} -  No File
Toolbar: HKLM - Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Google
FF SelectedSearchEngine: ask.com
FF Homepage: www.google.com
FF Keyword.URL: hxxp://www.goonsearch.com/web.html?source=ibr-ib-pdp-ins-dbs&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\SearchTheWeb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\bingober-2112983855.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\bingober11228437.xml
FF Extension: Oberon GamesBar - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\gamesbar@oberon-media.com [2012-03-19]
FF Extension: No Name - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\staged [2013-05-18]
FF Extension: LivingPlay TextLinks - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\textlinks@lplay.com [2011-09-10]
FF Extension: No Name - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-16]
FF Extension: No Name - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-04-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-15]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-10]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-16]
CHR Extension: (YouTube) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (MixiDJ V30) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2014-07-16]
CHR Extension: (RealDownloader) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]
CHR Extension: (Gmail) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Severe Family\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-09-24]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Severe Family\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-09-24]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-02-09] (SEIKO EPSON CORPORATION)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)
S2 CLTNetCnService; No ImagePath
S4 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-28] (AVG Technologies)
S3 HBtnKey; C:\Windows\System32\DRIVERS\tkbtnpn.sys [7463 2007-10-30] (Lenovo)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-07-23] (Malwarebytes Corporation)
R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2010-01-13] (Meetinghouse Data Communications) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [299520 2009-02-26] (Ralink Technology Corp.)
S3 Afc; No ImagePath
S4 blbdrive; No ImagePath
S3 BLKWGD; No ImagePath
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U2 WZCSVC; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 00:05 - 2014-07-24 00:24 - 00000000 ____D () C:\FRST
2014-07-24 00:04 - 2014-07-24 00:08 - 00000000 ____D () C:\Users\Severe Family\Desktop\FarBar
2014-07-23 22:01 - 2014-07-23 22:01 - 00024202 _____ () C:\Users\Severe Family\Desktop\AdwCleaner[R0].txt
2014-07-23 21:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-23 21:12 - 2014-07-23 23:22 - 00000000 ____D () C:\AdwCleaner
2014-07-23 21:12 - 2014-07-23 21:11 - 01354223 _____ () C:\Users\Severe Family\Desktop\adwcleaner_3.216.exe
2014-07-23 21:07 - 2014-07-23 21:07 - 00001068 _____ () C:\Users\Severe Family\Desktop\MBAM.txt
2014-07-23 20:36 - 2014-07-23 23:46 - 00000281 _____ () C:\Users\Severe Family\Desktop\chrome.url
2014-07-23 20:32 - 2014-07-23 20:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 20:31 - 2014-07-23 20:31 - 00000946 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 20:31 - 2014-07-23 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 20:31 - 2014-07-23 20:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-23 20:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-23 20:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-23 20:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-23 20:27 - 2014-07-23 20:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Severe Family\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-23 00:11 - 2014-07-23 00:12 - 00004604 _____ () C:\Users\Severe Family\Desktop\attach.txt
2014-07-23 00:09 - 2014-07-23 00:09 - 00688992 _____ (Swearware) C:\Users\Severe Family\Downloads\dds.com
2014-07-17 23:35 - 2014-07-23 00:12 - 00011810 _____ () C:\Users\Severe Family\Desktop\DDS.txt
2014-07-17 23:33 - 2014-07-17 23:33 - 00688992 ____R (Swearware) C:\Users\Severe Family\Desktop\dds.com
2014-07-16 23:01 - 2014-07-16 23:01 - 00002018 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 23:01 - 2014-07-16 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-16 22:45 - 2014-07-16 22:52 - 00000000 ____D () C:\Users\Severe Family\Downloads\Cleaners
2014-07-08 20:43 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 20:43 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 20:43 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 20:43 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 20:43 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 20:43 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 20:43 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 20:43 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 20:43 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 20:43 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 20:43 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 20:43 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 20:43 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 20:43 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 20:43 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 20:43 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 20:43 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 20:43 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 20:43 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 20:43 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 20:43 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 20:43 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 20:43 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 20:43 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-05 14:24 - 2014-07-05 14:24 - 00000196 _____ () C:\Windows\wininit.ini
2014-07-05 12:52 - 2014-07-05 14:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-05 12:52 - 2014-07-05 13:00 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-07-05 12:52 - 2014-07-05 12:52 - 00001102 _____ () C:\Users\Severe Family\Desktop\Spybot - Search & Destroy.lnk
2014-07-05 12:52 - 2014-07-05 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-07-03 23:22 - 2014-07-03 23:22 - 00000000 ____D () C:\Users\Severe Family\AppData\Roaming\SUPERAntiSpyware.com
2014-07-03 23:21 - 2014-07-03 23:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-03 23:21 - 2014-07-03 23:21 - 00001847 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-03 23:21 - 2014-07-03 23:21 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-03 23:21 - 2014-07-03 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-01 16:08 - 2014-07-01 16:08 - 00000628 _____ () C:\Users\Severe Family\Desktop\HitmanPro - Shortcut.lnk
2014-07-01 00:42 - 2014-07-01 00:42 - 00008382 _____ () C:\Windows\system32\.crusader
2014-06-29 14:07 - 2014-06-29 14:07 - 00001071 _____ () C:\trash1.txt
2014-06-29 12:55 - 2014-06-29 12:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 12:23 - 2014-06-29 12:23 - 00000127 _____ () C:\Users\Severe Family\Desktop\FileAttachmentIssues.url
2014-06-28 23:53 - 2014-06-28 23:53 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-28 23:09 - 2014-06-28 23:55 - 00005263 _____ () C:\Windows\IE9_main.log
2014-06-28 14:30 - 2014-06-28 14:30 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-06-28 14:21 - 2014-06-28 14:21 - 00001873 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-28 14:18 - 2014-06-28 14:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-28 14:12 - 2010-04-05 16:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-28 13:30 - 2014-07-18 00:06 - 00076948 _____ () C:\Windows\PFRO.log
2014-06-28 13:06 - 2014-07-23 22:51 - 00000068 _____ () C:\Windows\setupact.log
2014-06-28 13:06 - 2014-06-28 13:06 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 00:24 - 2014-07-24 00:05 - 00000000 ____D () C:\FRST
2014-07-24 00:14 - 2012-04-10 19:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 00:08 - 2014-07-24 00:04 - 00000000 ____D () C:\Users\Severe Family\Desktop\FarBar
2014-07-24 00:03 - 2013-08-10 13:54 - 00000000 ____D () C:\temp
2014-07-23 23:55 - 2010-01-28 22:23 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 23:46 - 2014-07-23 20:36 - 00000281 _____ () C:\Users\Severe Family\Desktop\chrome.url
2014-07-23 23:23 - 2006-12-18 19:14 - 01107626 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 23:22 - 2014-07-23 21:12 - 00000000 ____D () C:\AdwCleaner
2014-07-23 22:53 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 22:53 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 22:51 - 2014-06-28 13:06 - 00000068 _____ () C:\Windows\setupact.log
2014-07-23 22:01 - 2014-07-23 22:01 - 00024202 _____ () C:\Users\Severe Family\Desktop\AdwCleaner[R0].txt
2014-07-23 21:11 - 2014-07-23 21:12 - 01354223 _____ () C:\Users\Severe Family\Desktop\adwcleaner_3.216.exe
2014-07-23 21:07 - 2014-07-23 21:07 - 00001068 _____ () C:\Users\Severe Family\Desktop\MBAM.txt
2014-07-23 20:34 - 2014-07-23 20:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 20:31 - 2014-07-23 20:31 - 00000946 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 20:31 - 2014-07-23 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 20:31 - 2014-07-23 20:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-23 20:27 - 2014-07-23 20:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Severe Family\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-23 14:55 - 2010-01-28 22:23 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 00:53 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 00:49 - 2006-11-02 08:58 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-23 00:12 - 2014-07-23 00:11 - 00004604 _____ () C:\Users\Severe Family\Desktop\attach.txt
2014-07-23 00:12 - 2014-07-17 23:35 - 00011810 _____ () C:\Users\Severe Family\Desktop\DDS.txt
2014-07-23 00:09 - 2014-07-23 00:09 - 00688992 _____ (Swearware) C:\Users\Severe Family\Downloads\dds.com
2014-07-18 15:27 - 2007-03-19 08:09 - 00000000 ____D () C:\Users\Severe Family
2014-07-18 15:14 - 2006-11-02 06:33 - 00763630 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 00:06 - 2014-06-28 13:30 - 00076948 _____ () C:\Windows\PFRO.log
2014-07-17 23:33 - 2014-07-17 23:33 - 00688992 ____R (Swearware) C:\Users\Severe Family\Desktop\dds.com
2014-07-16 23:01 - 2014-07-16 23:01 - 00002018 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 23:01 - 2014-07-16 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-16 23:01 - 2007-10-02 21:15 - 00000000 ____D () C:\Users\Severe Family\AppData\Local\Google
2014-07-16 23:01 - 2007-10-02 21:14 - 00000000 ____D () C:\Program Files\Google
2014-07-16 22:52 - 2014-07-16 22:45 - 00000000 ____D () C:\Users\Severe Family\Downloads\Cleaners
2014-07-09 08:14 - 2012-04-10 19:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 08:14 - 2011-05-21 22:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 03:34 - 2006-11-02 08:44 - 00388000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:12 - 2013-08-08 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 21:57 - 2013-06-18 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 11:13 - 2006-11-30 04:59 - 00000996 _____ () C:\Users\Severe Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-06 11:12 - 2007-10-02 21:14 - 00000000 ____D () C:\ProgramData\Google
2014-07-05 14:25 - 2014-07-05 12:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-05 14:24 - 2014-07-05 14:24 - 00000196 _____ () C:\Windows\wininit.ini
2014-07-05 13:00 - 2014-07-05 12:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-07-05 12:52 - 2014-07-05 12:52 - 00001102 _____ () C:\Users\Severe Family\Desktop\Spybot - Search & Destroy.lnk
2014-07-05 12:52 - 2014-07-05 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-07-03 23:22 - 2014-07-03 23:22 - 00000000 ____D () C:\Users\Severe Family\AppData\Roaming\SUPERAntiSpyware.com
2014-07-03 23:22 - 2014-07-03 23:21 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-03 23:21 - 2014-07-03 23:21 - 00001847 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-03 23:21 - 2014-07-03 23:21 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-03 23:21 - 2014-07-03 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-01 16:08 - 2014-07-01 16:08 - 00000628 _____ () C:\Users\Severe Family\Desktop\HitmanPro - Shortcut.lnk
2014-07-01 00:43 - 2014-03-28 14:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-01 00:42 - 2014-07-01 00:42 - 00008382 _____ () C:\Windows\system32\.crusader
2014-07-01 00:42 - 2013-08-04 19:59 - 00000000 ____D () C:\Users\Public\Documents\Amazon Games & Software
2014-06-29 14:07 - 2014-06-29 14:07 - 00001071 _____ () C:\trash1.txt
2014-06-29 12:55 - 2014-06-29 12:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 12:23 - 2014-06-29 12:23 - 00000127 _____ () C:\Users\Severe Family\Desktop\FileAttachmentIssues.url
2014-06-28 23:55 - 2014-06-28 23:09 - 00005263 _____ () C:\Windows\IE9_main.log
2014-06-28 23:53 - 2014-06-28 23:53 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-28 14:30 - 2014-06-28 14:30 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-06-28 14:21 - 2014-06-28 14:21 - 00001873 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-28 14:21 - 2014-06-28 14:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-28 13:30 - 2014-03-28 15:05 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-28 13:30 - 2014-03-28 15:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-28 13:06 - 2014-06-28 13:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-28 06:54 - 2013-08-06 05:44 - 00000000 ____D () C:\Program Files\Big Kahuna Reef
2014-06-28 01:55 - 2007-03-19 15:02 - 00000000 ____D () C:\Users\Severe Family\Documents\Medical Expenses
2014-06-26 11:08 - 2011-11-02 18:07 - 00000000 ____D () C:\Users\Severe Family\Documents\ESTATE OF ELEONORE E SEVERE
2014-06-25 21:29 - 2007-03-19 15:02 - 00000000 ____D () C:\Users\Severe Family\Documents\Dave Folder
2014-06-25 21:27 - 2007-03-19 15:45 - 00002609 _____ () C:\Users\Severe Family\Desktop\Microsoft Office Word 2003.lnk
 
Some content of TEMP:
====================
C:\Users\Severe Family\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-23 13:01
 
==================== End Of Log ============================

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 PM

Posted 25 July 2014 - 08:02 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    ase copy the entire contents of the code box below.

    start
    AppInit_DLLs: protector.dll => C:\Windows\system32\protector.dll [748544 2012-01-04] ()
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    SearchScopes: HKLM - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=1C2CC7D0-2F5E-4FF2-963F-3291873A5932&ind=2011102807&ptnrS=CDxdm003YYus&si=CPTX9ZOpi6wCFcFw4AodOx2EnQ&n=77defe57&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM - {30BE9173-249A-4F0B-B775-51E6E873F9B6} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    SearchScopes: HKLM - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.goonsearch.com/web.html?source=IBR-IB-PDP-INS-DBS&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} ->  No File
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
    Toolbar: HKLM - No Name - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} -  No File
    Toolbar: HKLM - Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
    Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
    Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
    FF SelectedSearchEngine: ask.com
    FF Keyword.URL: hxxp://www.goonsearch.com/web.html?source=ibr-ib-pdp-ins-dbs&q=
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
    FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\ask-search.xml
    FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\askcom.xml
    FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\bingp.xml
    FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\safeguard-secure-search.xml
    FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\SearchTheWeb.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\bingober-2112983855.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\bingober11228437.xml
    FF Extension: Oberon GamesBar - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\gamesbar@oberon-media.com [2012-03-19]
    FF Extension: No Name - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\staged [2013-05-18]
    FF Extension: LivingPlay TextLinks - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\textlinks@lplay.com [2011-09-10]
    CHR Extension: (MixiDJ V30) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2014-07-16]
    CHR HKLM\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Severe Family\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-09-24]
    CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Severe Family\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-09-24]
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S4 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [X]
    S3 Afc; No ImagePath
    S4 blbdrive; No ImagePath
    S3 BLKWGD; No ImagePath
    S3 IpInIp; No ImagePath
    S3 NwlnkFlt; No ImagePath
    S3 NwlnkFwd; No ImagePath
    U2 WZCSVC; 
    Task: {95D99661-5A2B-40BD-B8B0-71B77DC3CE8A} - System32\Tasks\BFGLaunch_riseofatlantis_s1_l1_gF1481T1L1_d164460080[1] => C:\Users\SEVERE~1\AppData\Local\Temp\riseofatlantis_s1_l1_gF1481T1L1_d164460080[1].exe <==== ATTENTION
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?


#15 DRRummel

DRRummel
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 25 July 2014 - 07:22 PM

FIXLOG.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-07-2014
Ran by Severe Family at 2014-07-25 19:48:33 Run:1
Running from C:\Users\Severe Family\Desktop\FarBar
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
AppInit_DLLs: protector.dll => C:\Windows\system32\protector.dll [748544 2012-01-04] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKLM - {30BE9173-249A-4F0B-B775-51E6E873F9B6} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.goonsearch.com/web.html?source=IBR-IB-PDP-INS-DBS&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} ->  No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} -  No File
Toolbar: HKLM - Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
FF SelectedSearchEngine: ask.com
FF Keyword.URL: hxxp://www.goonsearch.com/web.html?source=ibr-ib-pdp-ins-dbs&q=
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\SearchTheWeb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\bingober-2112983855.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\bingober11228437.xml
FF Extension: Oberon GamesBar - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\gamesbar@oberon-media.com [2012-03-19]
FF Extension: No Name - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\staged [2013-05-18]
FF Extension: LivingPlay TextLinks - C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\textlinks@lplay.com [2011-09-10]
CHR Extension: (MixiDJ V30) - C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2014-07-16]
CHR HKLM\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Severe Family\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-09-24]
CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Severe Family\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-09-24]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [X]
S3 Afc; No ImagePath
S4 blbdrive; No ImagePath
S3 BLKWGD; No ImagePath
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U2 WZCSVC; 
Task: {95D99661-5A2B-40BD-B8B0-71B77DC3CE8A} - System32\Tasks\BFGLaunch_riseofatlantis_s1_l1_gF1481T1L1_d164460080[1] => C:\Users\SEVERE~1\AppData\Local\Temp\riseofatlantis_s1_l1_gF1481T1L1_d164460080[1].exe <==== ATTENTION
 
End
*****************
 
"protector.dll" => Value Data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key deleted successfully.
"HKCR\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30BE9173-249A-4F0B-B775-51E6E873F9B6}" => Key deleted successfully.
"HKCR\CLSID\{30BE9173-249A-4F0B-B775-51E6E873F9B6}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully.
"HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b}" => Key deleted successfully.
"HKCR\CLSID\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.
"HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} => value deleted successfully.
"HKCR\CLSID\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} => Value not found.
"HKCR\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
"HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.
"HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => value deleted successfully.
"HKCR\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}" => Key not found.
"HKCR\PROTOCOLS\Handler\viprotocol" => Key not found.
"HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key not found.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
"C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\ask-search.xml" => not found.
"C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\askcom.xml" => not found.
"C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\bingp.xml" => not found.
"C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\safeguard-secure-search.xml" => not found.
"C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\searchplugins\SearchTheWeb.xml" => not found.
C:\Program Files\mozilla firefox\searchplugins\bingober-2112983855.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\bingober11228437.xml => Moved successfully.
C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\gamesbar@oberon-media.com => Moved successfully.
C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\staged => Moved successfully.
C:\Users\Severe Family\AppData\Roaming\Mozilla\Firefox\Profiles\b8tlnkre.default\Extensions\textlinks@lplay.com => Moved successfully.
C:\Users\Severe Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen" => Key not found.
C:\Users\Severe Family\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen" => Key not found.
"C:\Users\Severe Family\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx" => File/Directory not found.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
vToolbarUpdater17.0.1 => Service deleted successfully.
Afc => Service deleted successfully.
blbdrive => Service deleted successfully.
BLKWGD => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
WZCSVC => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95D99661-5A2B-40BD-B8B0-71B77DC3CE8A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95D99661-5A2B-40BD-B8B0-71B77DC3CE8A}" => Key deleted successfully.
C:\Windows\System32\Tasks\BFGLaunch_riseofatlantis_s1_l1_gF1481T1L1_d164460080[1] => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BFGLaunch_riseofatlantis_s1_l1_gF1481T1L1_d164460080[1]" => Key deleted successfully.
 
==== End of Fixlog ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users