Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer windows are blank - Can't find infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 oldmuttonhead

oldmuttonhead

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 19 February 2015 - 11:55 AM

I am working on a computer for a friend of mine and usually I am really good at removing malware, but this one has me baffled. The computer was displaying some normal traits of having an infestation and running Malwarebytes removed a few minor bugs but nothing major. I believe everything was a PUP, but I didn't pay close attention because I assumed this was just a normal clean up. Well, there are two issues now that I can't seem to fix or find anything else wrong.

First, and this is kind of confusing and it has been difficult to search about because of the nature of it, but all Windows Explorer windows are blank. For example, if I click Start -> Computer it opens like normal, goes through a short "green bar" like normal but then is completely blank. If I hit [Alt]-T, then folder options, then reset the folder then everything appears normal. When I close that window and come back, it's blank again. Everything that uses an Explorer window is affected: control panel, system, Windows update, etc. Some things do not ever appear when using the above method, like System, for example.

One other issue, when attempting to run Roguekiller I get a message about wbemcomn.ddl can't be found.

Can you help me figure out this really weird issue?

Thanks so much!

BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 24 February 2015 - 09:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Can you run and post the logs created by the tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 oldmuttonhead

oldmuttonhead
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 27 February 2015 - 05:40 PM

Sorry for the delay. I had trouble getting access to the system. Pasted is the log you requested and attached is the text file. Thank you for your help!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by User (administrator) on USER-PC on 27-02-2015 17:34:47
Running from C:\Users\User\Desktop\BC Stuff
Loaded Profiles: User & Ashley♥ & Allie & Lexie & Guest (Available profiles: User & Ashley♥ & Allie & Lexie & Guest)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
() C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
() C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-09-13] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-10] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CarboniteSetupLite] => C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe [281744 2010-09-15] (Carbonite, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\Run: [HPADVISOR] => c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-08] (Google Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\Run: [DriverBoost] => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\MountPoints2: {42639589-157e-11e0-bd33-0026188ebc4c} - K:\Setup_FlipShare.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\MountPoints2: {ed5eff8e-d270-11df-857c-0026188ebc4c} - J:\setup.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\...\Run: [HPADVISOR] => c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-08] (Google Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-08] (Google Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\Run: [Spotify] => C:\Users\Lexie\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-27] (Spotify Ltd)
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\...\Run: [HPADVISOR] => c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-08] (Google Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\...\Policies\Explorer: [NofolderOptions] 0
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51464;https=127.0.0.1:51464
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh02202015
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
SearchScopes: HKLM -> {37AA7E32-291B-4BB0-B272-8CFB29F11A55} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {37AA7E32-291B-4BB0-B272-8CFB29F11A55} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {3DDA810F-3132-6100-40AF-650A20FCBBCA} URL = http://www.bing.com/search?q={searchTerms}&pc=Z003&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {41251F70-6A74-46EE-B84C-DC9F37F72273} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20101044,6901,0,8,0
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = http://search.kikin.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {37AA7E32-291B-4BB0-B272-8CFB29F11A55} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {3DDA810F-3132-6100-40AF-650A20FCBBCA} URL = http://www.bing.com/search?q={searchTerms}&pc=Z003&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {41251F70-6A74-46EE-B84C-DC9F37F72273} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20101044,6901,0,8,0
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = http://search.kikin.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {37AA7E32-291B-4BB0-B272-8CFB29F11A55} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {3DDA810F-3132-6100-40AF-650A20FCBBCA} URL = http://www.bing.com/search?q={searchTerms}&pc=Z003&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {41251F70-6A74-46EE-B84C-DC9F37F72273} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20101044,6901,0,8,0
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = http://search.kikin.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {37AA7E32-291B-4BB0-B272-8CFB29F11A55} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {3DDA810F-3132-6100-40AF-650A20FCBBCA} URL = http://www.bing.com/search?q={searchTerms}&pc=Z003&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {41251F70-6A74-46EE-B84C-DC9F37F72273} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20101044,6901,0,8,0
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = http://search.kikin.com/search/?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3808240009-2296782614-1650059941-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3808240009-2296782614-1650059941-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lexie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn [2010-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2015-02-27]
FF HKLM-x32\...\Firefox\Extensions: [fbdownloader@KMcore] - C:\Program Files (x86)\fbDownloader\_browser_extensions\xpi
FF HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Users\User\AppData\Local\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Users\User\AppData\Local\PasswordBox\Firefox [2012-10-12]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://xfinity.comcast.net/?cid=mtmh12232014"
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (Little Alchemy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [adkocghdlgfalpfkdohnkeaknpmcejpo] - C:\Users\User\AppData\Local\CRE\adkocghdlgfalpfkdohnkeaknpmcejpo.crx [Not Found]
CHR HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bdgldefdgecfggjdniencbihfhfnenke] - C:\Users\User\AppData\Local\PasswordBox\Chrome\extension [2013-04-24]
CHR HKLM-x32\...\Chrome\Extension: [adkocghdlgfalpfkdohnkeaknpmcejpo] - C:\Users\User\AppData\Local\CRE\adkocghdlgfalpfkdohnkeaknpmcejpo.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fjkcaddghdedgbifecmglibhhjijdimi] - C:\Program Files (x86)\fbDownloader\_browser_extensions\fbdownloader.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-15] (WildTangent)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-20] (Symantec Corporation)
S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-03-01] (PasswordBox, Inc.) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5432592 2015-02-17] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-16] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20150116.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20150118.025\ENG64.SYS [129752 2014-11-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20150118.025\EX64.SYS [2137304 2014-11-03] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-16] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-12-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-18] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 17:34 - 2015-02-27 17:34 - 00000000 ___DC () C:\FRST
2015-02-27 17:33 - 2015-02-27 17:34 - 00000000 ____D () C:\Users\User\Desktop\BC Stuff
2015-02-27 17:33 - 2015-02-27 17:33 - 02087936 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-02-27 17:32 - 2015-02-27 17:33 - 00000000 ____D () C:\Windows\LastGood
2015-02-27 17:31 - 2015-02-27 17:31 - 00000844 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10 Host.lnk
2015-02-27 17:31 - 2015-02-27 17:31 - 00000832 _____ () C:\Users\Public\Desktop\TeamViewer 10 Host.lnk
2015-02-27 17:31 - 2015-02-27 17:31 - 00000832 _____ () C:\ProgramData\Desktop\TeamViewer 10 Host.lnk
2015-02-27 17:31 - 2015-02-27 17:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-27 17:30 - 2015-02-27 17:30 - 08220544 _____ (TeamViewer) C:\Users\User\Downloads\TeamViewer_Host_Setup.exe
2015-02-21 14:01 - 2015-02-21 14:01 - 00001892 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-02-21 14:01 - 2015-02-21 14:01 - 00001892 _____ () C:\ProgramData\Desktop\TurboTax 2014.lnk
2015-02-21 14:01 - 2015-02-21 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-02-18 21:02 - 2015-02-18 21:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-18 21:02 - 2015-02-18 21:02 - 00000000 _____ () C:\Windows\setupact.log
2015-02-18 19:07 - 2015-02-18 19:07 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-18 19:07 - 2015-02-18 19:07 - 00001666 _____ () C:\ProgramData\Desktop\iTunes.lnk
2015-02-18 19:07 - 2015-02-18 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-18 19:06 - 2015-02-18 19:07 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-18 19:06 - 2015-02-18 19:07 - 00000000 ____D () C:\Program Files\iTunes
2015-02-18 19:06 - 2015-02-18 19:06 - 00000000 ____D () C:\Program Files\iPod
2015-02-18 15:35 - 2015-02-18 15:35 - 00000978 _____ () C:\Users\User\Downloads\Windows_7_Reset_All_Folders_To_Default_Folder_Views.bat
2015-02-18 15:33 - 2015-02-18 15:35 - 00000397 _____ () C:\Users\User\Downloads\Reset_Folder_View.zip
2015-02-18 13:23 - 2015-02-18 15:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-18 13:22 - 2015-02-18 14:41 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-02-18 13:20 - 2015-02-18 13:20 - 00001956 _____ () C:\Users\User\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-02-18 13:20 - 2015-02-18 13:20 - 00000000 ____D () C:\Users\User\Downloads\backups
2015-02-18 13:18 - 2015-02-18 13:18 - 00014210 _____ () C:\Users\User\Downloads\hijackthis.log
2015-02-18 13:18 - 2015-02-18 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-18 13:17 - 2015-02-18 13:17 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.exe
2015-02-18 13:16 - 2015-02-18 13:17 - 176521736 _____ () C:\Users\User\Downloads\EmsisoftAntiMalwareSetup.exe
2015-02-18 13:16 - 2015-02-18 13:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HijackThis.exe
2015-02-18 12:40 - 2015-02-25 18:07 - 00327560 _____ () C:\Windows\PFRO.log
2015-02-18 12:35 - 2015-02-18 12:35 - 00005170 _____ () C:\Users\User\Documents\cc_20150218_123552.reg
2015-02-18 11:57 - 2015-02-18 11:57 - 00054750 _____ () C:\Users\User\Documents\cc_20150218_115706.reg
2015-02-18 11:48 - 2015-02-18 11:48 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-18 11:47 - 2015-02-18 11:47 - 05325208 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup502.exe
2015-02-18 11:35 - 2015-02-18 11:35 - 00214528 _____ (Microsoft Corporation) C:\Users\User\Downloads\wbemcomn.dll
2015-02-12 20:22 - 2015-02-12 20:22 - 00153112 _____ () C:\Windows\system32\mlfcache.dat
2015-02-12 16:07 - 2015-02-12 16:07 - 00022343 ____C () C:\ComboFix.txt
2015-02-12 15:38 - 2015-02-12 16:07 - 00000000 ___DC () C:\ComboFix
2015-02-12 15:36 - 2015-02-12 15:34 - 05611930 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2015-02-12 15:30 - 2015-02-12 15:30 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-12 15:29 - 2015-02-12 15:29 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-12 14:57 - 2015-02-12 14:57 - 00000326 _____ () C:\Users\User\Documents\regBackup2.reg
2015-02-12 14:35 - 2015-02-18 12:31 - 00000000 ____D () C:\Windows\Minidump
2015-02-12 14:15 - 2015-02-18 13:10 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-12 14:15 - 2015-02-12 14:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-12 14:14 - 2015-02-12 14:14 - 15431256 _____ () C:\Users\User\Downloads\RogueKiller.exe
2015-02-12 05:39 - 2015-01-22 23:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 05:39 - 2015-01-22 22:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 05:39 - 2015-01-22 22:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 05:39 - 2015-01-22 21:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 03:10 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 03:10 - 2014-12-07 20:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 03:08 - 2015-01-08 19:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 03:07 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 03:07 - 2014-11-25 20:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 03:05 - 2015-01-12 20:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 03:05 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 03:00 - 2015-01-15 01:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 03:00 - 2015-01-14 23:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:43 - 2015-01-13 22:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:43 - 2015-01-13 21:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:43 - 2015-01-13 21:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 07:43 - 2015-01-13 21:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:43 - 2015-01-13 21:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:43 - 2015-01-13 21:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:43 - 2015-01-13 21:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:43 - 2015-01-13 21:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 07:43 - 2015-01-13 21:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:43 - 2015-01-13 21:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:43 - 2015-01-13 21:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 07:43 - 2015-01-13 21:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:43 - 2015-01-13 21:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:43 - 2015-01-13 21:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:43 - 2015-01-13 21:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:43 - 2015-01-13 21:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:43 - 2015-01-13 21:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:43 - 2015-01-13 21:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 07:43 - 2015-01-13 21:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 07:43 - 2015-01-13 21:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-11 07:43 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 07:43 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 07:43 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 07:43 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 07:43 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 07:43 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 07:43 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 07:43 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 07:43 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 07:43 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-11 07:43 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 07:43 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 07:43 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 07:43 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 07:43 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 07:43 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 07:43 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 07:43 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-11 07:43 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-11 07:43 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-29 21:35 - 2015-01-29 21:35 - 03077120 _____ () C:\Users\Lexie\Downloads\history slides (1).ppt
2015-01-29 21:34 - 2015-01-29 21:34 - 03077120 _____ () C:\Users\Lexie\Downloads\history slides 2.ppt
2015-01-29 21:32 - 2015-01-29 21:32 - 03077120 _____ () C:\Users\Lexie\Downloads\history slides.ppt
2015-01-29 21:24 - 2015-01-29 21:32 - 03106304 _____ () C:\Users\Lexie\Downloads\history vocab.ppt
2015-01-28 21:25 - 2015-01-28 21:26 - 03035648 _____ () C:\Users\User\Documents\history vocab.ppt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 17:29 - 2006-11-02 10:22 - 00003616 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 17:29 - 2006-11-02 10:22 - 00003616 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 17:23 - 2008-01-20 20:53 - 02093763 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 17:05 - 2014-09-27 10:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-02-27 17:03 - 2014-09-27 10:08 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-02-27 17:02 - 2012-04-04 12:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 16:49 - 2010-12-08 16:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 10:40 - 2010-10-29 09:54 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-27 07:29 - 2010-12-08 16:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 07:29 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 07:29 - 2006-11-02 10:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-27 06:36 - 2006-11-02 10:42 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-26 19:41 - 2011-10-11 19:40 - 00003678 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B2980477-8C99-411E-8AFA-63F17B0D1BFE}
2015-02-26 17:45 - 2010-10-07 01:18 - 00003572 _____ () C:\Windows\System32\Tasks\HP Health Check
2015-02-25 18:20 - 2006-11-02 07:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 06:22 - 2010-10-22 18:08 - 00005324 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2015-02-25 06:21 - 2014-09-28 10:12 - 00000000 ____D () C:\Users\Lexie\AppData\Roaming\Spotify
2015-02-24 19:41 - 2014-09-28 10:13 - 00000000 ____D () C:\Users\Lexie\AppData\Local\Spotify
2015-02-23 19:25 - 2013-02-02 15:55 - 00000000 ____D () C:\Users\User\Documents\TurboTax
2015-02-23 10:18 - 2010-12-12 19:43 - 00096184 _____ () C:\Users\Allie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-21 16:33 - 2011-10-01 18:27 - 00000000 ____D () C:\Users\User\.frostwire5
2015-02-21 14:04 - 2013-02-02 15:41 - 00001080 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-21 13:59 - 2013-02-02 15:39 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-02-18 20:19 - 2010-12-26 13:44 - 00096184 _____ () C:\Users\Lexie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-18 19:27 - 2010-12-26 14:31 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-18 19:06 - 2011-05-28 09:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-18 19:06 - 2010-10-07 19:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-18 15:36 - 2009-06-17 18:52 - 00000946 _____ () C:\Users\User\Downloads\Reset_Folder_View.reg
2015-02-18 14:50 - 2014-02-25 03:08 - 00759582 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-18 14:47 - 2010-10-07 17:13 - 00096184 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-18 14:44 - 2006-11-02 10:21 - 00357808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-18 13:50 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-18 13:23 - 2014-09-16 12:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-18 13:22 - 2014-09-16 12:30 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-18 13:09 - 2012-08-31 16:00 - 00004478 _____ () C:\Windows\System32\Tasks\PC Checkup 3 Weekly Scan
2015-02-18 12:40 - 2014-09-16 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-18 12:40 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Speech
2015-02-18 12:31 - 2010-10-07 20:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Azureus
2015-02-18 12:30 - 2013-03-17 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox
2015-02-18 11:59 - 2010-10-07 00:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-02-18 11:57 - 2011-02-26 14:58 - 00000000 ____D () C:\Program Files (x86)\Planet Horse Demo
2015-02-18 11:50 - 2013-12-13 20:05 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-02-18 11:49 - 2012-05-22 19:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\DriverFinder
2015-02-18 11:48 - 2014-12-18 20:06 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-18 11:33 - 2014-09-16 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-12 16:07 - 2014-12-18 20:44 - 00000000 ___DC () C:\Qoobox
2015-02-12 16:04 - 2006-11-02 07:34 - 00000215 ____C () C:\Windows\system.ini
2015-02-06 00:44 - 2010-12-08 16:38 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 00:44 - 2010-12-08 16:38 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 15:02 - 2012-04-04 12:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 15:02 - 2012-04-04 12:00 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 15:02 - 2011-05-15 06:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 17:08 - 2010-10-07 17:21 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-01-30 15:24 - 2010-12-26 13:44 - 00000000 ____D () C:\Users\Lexie
2015-01-29 18:57 - 2011-07-31 21:21 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
 
==================== Files in the root of some directories =======
 
2014-09-07 15:17 - 2014-09-07 15:17 - 0000044 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2010-11-07 16:08 - 2013-05-05 18:41 - 0000144 _____ () C:\Users\User\AppData\Roaming\wklnhst.dat
2010-10-22 18:08 - 2015-02-25 06:22 - 0005324 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2010-10-07 20:04 - 2015-01-25 16:19 - 0236032 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-22 19:20 - 2012-05-22 19:20 - 0351302 _____ () C:\Users\User\AppData\Local\dd_vcredistMSI14C0.txt
2010-10-07 20:28 - 2010-10-07 20:28 - 0423722 _____ () C:\Users\User\AppData\Local\dd_vcredistMSI4BC2.txt
2012-05-22 19:20 - 2012-05-22 19:20 - 0011458 _____ () C:\Users\User\AppData\Local\dd_vcredistUI14C0.txt
2010-10-07 20:28 - 2010-10-07 20:28 - 0013978 _____ () C:\Users\User\AppData\Local\dd_vcredistUI4BC2.txt
2011-05-18 18:50 - 2012-11-15 06:29 - 0001940 _____ () C:\Users\User\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2013-02-02 15:41 - 2015-02-21 14:04 - 0001080 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-27 07:38
 

 

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 28 February 2015 - 09:38 AM

Using the Add/Remove programs applet delete these updaters.
I'm not sure but there might be only one of them which is installed in the various profiles.

Ask Toolbar Updater (HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.19709 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.19709 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.19709 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-3808240009-2296782614-1650059941-501\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION

===

The following fix will also remove these proxy settings.
If you know you need them I suggest you remove these two lines before saving the Fixlog.txt file.

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51464;https=127.0.0.1:51464


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51464;https=127.0.0.1:51464
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=36AB0E34-B6DB-4EFC-81A8-1D98B9D541A9&apn_sauid=46765A5C-6E6D-4406-9A22-2CBD7BE2DE95
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {23088cf8-eaf8-4bb3-a251-9ba61557ac75} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm002YYus&ptb=3BF66E27-FD38-443D-8A18-BC8702CC9ACF&psa=&ind=2011031620&ptnrS=Z1xdm002YYus&si=&st=sb&n=77dde844&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm0027Lus&ptb=90246EE2-44A7-4084-9856-24BD849FCC26&psa=&ind=2011031918&ptnrS=XPxdm0027Lus&si=&st=sb&n=77dde96e&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=36AB0E34-B6DB-4EFC-81A8-1D98B9D541A9&apn_sauid=46765A5C-6E6D-4406-9A22-2CBD7BE2DE95
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {23088cf8-eaf8-4bb3-a251-9ba61557ac75} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm002YYus&ptb=3BF66E27-FD38-443D-8A18-BC8702CC9ACF&psa=&ind=2011040309&ptnrS=Z1xdm002YYus&si=&st=sb&n=77de0a35&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=36AB0E34-B6DB-4EFC-81A8-1D98B9D541A9&apn_sauid=46765A5C-6E6D-4406-9A22-2CBD7BE2DE95
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {23088cf8-eaf8-4bb3-a251-9ba61557ac75} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm002YYus&ptb=3BF66E27-FD38-443D-8A18-BC8702CC9ACF&psa=&ind=2011031817&ptnrS=Z1xdm002YYus&si=&st=sb&n=77dde909&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=36AB0E34-B6DB-4EFC-81A8-1D98B9D541A9&apn_sauid=46765A5C-6E6D-4406-9A22-2CBD7BE2DE95
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {23088cf8-eaf8-4bb3-a251-9ba61557ac75} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm002YYus&ptb=3BF66E27-FD38-443D-8A18-BC8702CC9ACF&psa=&ind=2011031620&ptnrS=Z1xdm002YYus&si=&st=sb&n=77dde844&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm0027Lus&ptb=90246EE2-44A7-4084-9856-24BD849FCC26&psa=&ind=2011031918&ptnrS=XPxdm0027Lus&si=&st=sb&n=77dde96e&searchfor={searchTerms}
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF HKLM-x32\...\Firefox\Extensions: [fbdownloader@KMcore] - C:\Program Files (x86)\fbDownloader\_browser_extensions\xpi
CHR HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [adkocghdlgfalpfkdohnkeaknpmcejpo] - C:\Users\User\AppData\Local\CRE\adkocghdlgfalpfkdohnkeaknpmcejpo.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [adkocghdlgfalpfkdohnkeaknpmcejpo] - C:\Users\User\AppData\Local\CRE\adkocghdlgfalpfkdohnkeaknpmcejpo.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fjkcaddghdedgbifecmglibhhjijdimi] - C:\Program Files (x86)\fbDownloader\_browser_extensions\fbdownloader.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
Task: {30264ED7-9472-455D-A6F1-69FD23C712F5} - \ShopperPro No Task File <==== ATTENTION
Task: {44A88180-EC78-45BB-9B46-E7277E319E8D} - \AmiUpdXp No Task File <==== ATTENTION
Task: {655E5941-AED5-4FE8-BA90-15B9AE3BEB51} - \Groovorio No Task File <==== ATTENTION
Task: {7AC2CBC6-607D-45B1-9469-73BD8D34C058} - \RealUpgradeLogonTaskS-1-5-21-3808240009-2296782614-1650059941-1000 No Task File <==== ATTENTION
Task: {CE77C390-F46A-42DB-90D4-1EF029D1C127} - \Updater19962.exe No Task File <==== ATTENTION
Task: {FE7E9107-EA81-4381-A0C8-541499FACE05} - \ShopperProJSUpd No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Ashley♥\Documents\IMG_0015.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Ashley♥\Documents\IMG_0017.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Ashley♥\Documents\IMG_0020.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Ashley♥\Documents\IMG_0021.mp4:TOC.WMV

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#5 oldmuttonhead

oldmuttonhead
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 February 2015 - 10:09 PM

When I try to uninstall the Ask Toolbar, I get an error that says "The feature you are trying to use is on a network resource that is unavailable." I've attached a screenshot of it. 

 

Here is the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by User at 2015-02-28 21:34:07 Run:1
Running from C:\Users\User\Desktop\BC Stuff
Loaded Profiles: User & Ashley♥ & Allie & Lexie & Guest (Available profiles: User & Ashley♥ & Allie & Lexie & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51464;https=127.0.0.1:51464
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1002 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1003 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-1004 -> No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {00F2C0C6-2194-484E-9064-44E57787867B} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-3808240009-2296782614-1650059941-501 -> No Name - {9494DED5-43F8-4571-BF19-FE88853FAA74} -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF HKLM-x32\...\Firefox\Extensions: [fbdownloader@KMcore] - C:\Program Files (x86)\fbDownloader\_browser_extensions\xpi
CHR HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [adkocghdlgfalpfkdohnkeaknpmcejpo] - C:\Users\User\AppData\Local\CRE\adkocghdlgfalpfkdohnkeaknpmcejpo.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [adkocghdlgfalpfkdohnkeaknpmcejpo] - C:\Users\User\AppData\Local\CRE\adkocghdlgfalpfkdohnkeaknpmcejpo.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fjkcaddghdedgbifecmglibhhjijdimi] - C:\Program Files (x86)\fbDownloader\_browser_extensions\fbdownloader.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
Task: {30264ED7-9472-455D-A6F1-69FD23C712F5} - \ShopperPro No Task File <==== ATTENTION
Task: {44A88180-EC78-45BB-9B46-E7277E319E8D} - \AmiUpdXp No Task File <==== ATTENTION
Task: {655E5941-AED5-4FE8-BA90-15B9AE3BEB51} - \Groovorio No Task File <==== ATTENTION
Task: {7AC2CBC6-607D-45B1-9469-73BD8D34C058} - \RealUpgradeLogonTaskS-1-5-21-3808240009-2296782614-1650059941-1000 No Task File <==== ATTENTION
Task: {CE77C390-F46A-42DB-90D4-1EF029D1C127} - \Updater19962.exe No Task File <==== ATTENTION
Task: {FE7E9107-EA81-4381-A0C8-541499FACE05} - \ShopperProJSUpd No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Ashley?\Documents\IMG_0015.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Ashley?\Documents\IMG_0017.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Ashley?\Documents\IMG_0020.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Ashley?\Documents\IMG_0021.mp4:TOC.WMV
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}" => Key deleted successfully.
HKCR\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key deleted successfully.
HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully.
HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}" => Key deleted successfully.
HKCR\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key deleted successfully.
HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}" => Key deleted successfully.
HKCR\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key deleted successfully.
HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}" => Key deleted successfully.
HKCR\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key deleted successfully.
HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key not found. 
"HKU\S-1-5-21-3808240009-2296782614-1650059941-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully.
HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00F2C0C6-2194-484E-9064-44E57787867B} => value deleted successfully.
HKCR\CLSID\{00F2C0C6-2194-484E-9064-44E57787867B} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9494DED5-43F8-4571-BF19-FE88853FAA74} => value deleted successfully.
HKCR\CLSID\{9494DED5-43F8-4571-BF19-FE88853FAA74} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => value deleted successfully.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => value deleted successfully.
HKCR\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} => value deleted successfully.
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00F2C0C6-2194-484E-9064-44E57787867B} => value deleted successfully.
HKCR\CLSID\{00F2C0C6-2194-484E-9064-44E57787867B} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9494DED5-43F8-4571-BF19-FE88853FAA74} => value deleted successfully.
HKCR\CLSID\{9494DED5-43F8-4571-BF19-FE88853FAA74} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => value deleted successfully.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => value deleted successfully.
HKCR\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} => value deleted successfully.
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00F2C0C6-2194-484E-9064-44E57787867B} => value deleted successfully.
HKCR\CLSID\{00F2C0C6-2194-484E-9064-44E57787867B} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9494DED5-43F8-4571-BF19-FE88853FAA74} => value deleted successfully.
HKCR\CLSID\{9494DED5-43F8-4571-BF19-FE88853FAA74} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => value deleted successfully.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => value deleted successfully.
HKCR\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} => value deleted successfully.
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00F2C0C6-2194-484E-9064-44E57787867B} => value deleted successfully.
HKCR\CLSID\{00F2C0C6-2194-484E-9064-44E57787867B} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => value deleted successfully.
HKCR\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => Key not found. 
HKU\S-1-5-21-3808240009-2296782614-1650059941-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9494DED5-43F8-4571-BF19-FE88853FAA74} => value deleted successfully.
HKCR\CLSID\{9494DED5-43F8-4571-BF19-FE88853FAA74} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fbdownloader@KMcore => value deleted successfully.
"HKU\S-1-5-21-3808240009-2296782614-1650059941-1000\SOFTWARE\Google\Chrome\Extensions\adkocghdlgfalpfkdohnkeaknpmcejpo" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\adkocghdlgfalpfkdohnkeaknpmcejpo" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjkcaddghdedgbifecmglibhhjijdimi" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
Beep => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30264ED7-9472-455D-A6F1-69FD23C712F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30264ED7-9472-455D-A6F1-69FD23C712F5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44A88180-EC78-45BB-9B46-E7277E319E8D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44A88180-EC78-45BB-9B46-E7277E319E8D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{655E5941-AED5-4FE8-BA90-15B9AE3BEB51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{655E5941-AED5-4FE8-BA90-15B9AE3BEB51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Groovorio" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AC2CBC6-607D-45B1-9469-73BD8D34C058}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AC2CBC6-607D-45B1-9469-73BD8D34C058}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-3808240009-2296782614-1650059941-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE77C390-F46A-42DB-90D4-1EF029D1C127}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE77C390-F46A-42DB-90D4-1EF029D1C127}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater19962.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE7E9107-EA81-4381-A0C8-541499FACE05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE7E9107-EA81-4381-A0C8-541499FACE05}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => Key not found. 
"C:\Users\Ashley?\Documents\IMG_0015.mp4" => ":TOC.WMV" ADS not found.
"C:\Users\Ashley?\Documents\IMG_0017.mp4" => ":TOC.WMV" ADS not found.
"C:\Users\Ashley?\Documents\IMG_0020.mp4" => ":TOC.WMV" ADS not found.
"C:\Users\Ashley?\Documents\IMG_0021.mp4" => ":TOC.WMV" ADS not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:34:08 ====
 
And here is the AdwCleaner log:
 
# AdwCleaner v4.111 - Logfile created 28/02/2015 at 21:48:02
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\BC Stuff\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\{4965EFCE-6978-4137-B293-4130A6875DB9}
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Deleted : C:\Users\User\AppData\Local\CrashRpt
[!] Folder Deleted : C:\Users\User\AppData\LocalLow\ilividtoolbargaw
[!] Folder Deleted : C:\Users\User\AppData\LocalLow\Yahoo! Companion
[!] Folder Deleted : C:\Users\User\AppData\Roaming\DriverFinder
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : HKCU\Software\ilividtoolbargaw
Key Deleted : HKCU\Software\AppDataLow\Software\ilividtoolbargaw
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\File Opener Packages
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbargaw
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Solution Real
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16609
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.115
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [43245 bytes] - [16/09/2014 21:57:39]
AdwCleaner[R1].txt - [2749 bytes] - [28/02/2015 21:44:38]
AdwCleaner[S0].txt - [35344 bytes] - [16/09/2014 21:59:47]
AdwCleaner[S1].txt - [2704 bytes] - [28/02/2015 21:48:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2763  bytes] ##########
 
 
The computer seems to be running a bit better, but I am still having the problem of the blank explorer windows. 
 
Thanks again for all of your help!
 
 
 
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 01 March 2015 - 09:43 AM

Can you give me the complete path of what is in the use source box shown in your previous image.

This looks like the msi file for the ask.com which is adaware.

#7 oldmuttonhead

oldmuttonhead
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 01 March 2015 - 02:54 PM

This is the full path:

 

 C:\Users\User\AppData\Local\Temp\{CEF137D2-5D46-49EF-B035-87F4DB46A771}\

 

Thanks



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 02 March 2015 - 08:31 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

C:\Users\User\AppData\Local\Temp\{CEF137D2-5D46-49EF-B035-87F4DB46A771}

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Is the issued still persisting?

#9 oldmuttonhead

oldmuttonhead
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 02 March 2015 - 01:46 PM

Yes, I still have the same issue. 

 

Here is the fixlog.txt file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by User at 2015-03-02 13:36:16 Run:2
Running from C:\Users\User\Desktop\BC Stuff
Loaded Profiles: User & Ashley♥ & Allie & Lexie & Guest (Available profiles: User & Ashley♥ & Allie & Lexie & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
C:\Users\User\AppData\Local\Temp\{CEF137D2-5D46-49EF-B035-87F4DB46A771}
 
End
*****************
 
Processes closed successfully.
"C:\Users\User\AppData\Local\Temp\{CEF137D2-5D46-49EF-B035-87F4DB46A771}" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:36:17 ====


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 02 March 2015 - 02:16 PM

I suspect that you have a malformed entry in the registry.

Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter CEF137D2-5D46-49EF-B035-87F4DB46A771 in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#11 oldmuttonhead

oldmuttonhead
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 02 March 2015 - 10:01 PM

Here are the results:

 

Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by User at 2015-03-02 21:59:14
Running from C:\Users\User\Desktop\BC Stuff
Boot Mode: Normal
 
================== Search Registry: "CEF137D2-5D46-49EF-B035-87F4DB46A771" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList]
"LastUsedSource"="n;7;C:\Users\User\AppData\Local\Temp\{CEF137D2-5D46-49EF-B035-87F4DB46A771}\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList\Net]
"7"="C:\Users\User\AppData\Local\Temp\{CEF137D2-5D46-49EF-B035-87F4DB46A771}\"
 
====== End Of Search ======


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 03 March 2015 - 08:24 AM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList]
"LastUsedSource"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList\Net]
"7"=-


Restart the when completed.

You can delete the fixme.reg file when done.

How is it now?

#13 oldmuttonhead

oldmuttonhead
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 03 March 2015 - 02:40 PM

Nothing has changed with the last update.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 04 March 2015 - 08:28 AM

One other issue, when attempting to run Roguekiller I get a message about wbemcomn.ddl can't be found.

The file name is wbemcomn.dll and is located in C:\Users\User\Downloads\wbemcomn.dll

This file is normally found in the System32 folder.

Lets check if you have a good copy on your computer.


Please run the Farbar Recovery Scan Tool. Enter wbemcomn.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#15 oldmuttonhead

oldmuttonhead
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 04 March 2015 - 09:02 PM

Here is search.txt:

 

Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by User at 2015-03-04 20:54:31
Running from C:\Users\User\Desktop\BC Stuff
Boot Mode: Normal
 
================== Search Files: "wbemcomn.dll" =============
 
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll
[2010-10-07 19:32][2009-04-11 01:28] 0357888 ____A (Microsoft Corporation) D0C7E27B155112D3A5E2B53BE5A95B4A [File is signed]
 
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wbemcomn.dll
[2008-01-20 21:17][2008-01-20 21:17] 0357888 ____A (Microsoft Corporation) 74B8C2EA72D43727142D12397D5A49F9 [File is signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6002.18005_none_6bd9ecdf0d126b18\wbemcomn.dll
[2008-01-20 21:48][2008-01-20 21:48] 0357888 ____A (Microsoft Corporation) 74B8C2EA72D43727142D12397D5A49F9 [File is signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6001.18000_none_69ee73d30ff09fcc\wbemcomn.dll
[2008-01-20 21:48][2008-01-20 21:48] 0357888 ____A (Microsoft Corporation) 74B8C2EA72D43727142D12397D5A49F9 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6002.18005_none_6185428cd8b1a91d\wbemcomn.dll
[2008-01-20 21:50][2008-01-20 21:50] 0528384 ____A (Microsoft Corporation) E9DBC876EC1C78A74A55D8D121016344 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6001.18000_none_5f99c980db8fddd1\wbemcomn.dll
[2008-01-20 21:50][2008-01-20 21:50] 0528384 ____A (Microsoft Corporation) E9DBC876EC1C78A74A55D8D121016344 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\wbemcomn.dll
[2010-10-07 19:32][2009-04-11 02:11] 0528384 ____A (Microsoft Corporation) B2ED89CCF7E25B73D5E820022B2BA978 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_657dfccc7fa7eb9a\wbemcomn.dll
[2008-01-20 21:17][2008-01-20 21:17] 0528384 ____A (Microsoft Corporation) E9DBC876EC1C78A74A55D8D121016344 [File is signed]
 
C:\Windows\SysWOW64\wbemcomn.dll
[2008-01-20 21:48][2008-01-20 21:48] 0357888 ____A (Microsoft Corporation) 74B8C2EA72D43727142D12397D5A49F9 [File is signed]
 
C:\Windows\System32\wbemcomn.dll
[2008-01-20 21:50][2008-01-20 21:50] 0528384 ____A (Microsoft Corporation) E9DBC876EC1C78A74A55D8D121016344 [File is signed]
 
C:\Users\User\Downloads\wbemcomn.dll
[2015-02-18 11:35][2015-02-18 11:35] 0214528 ____A (Microsoft Corporation) 4E39C36213E95FB971A61A247BDE2F61
 
====== End Of Search ======





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users