Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At times cannot type, IE redirecting back to home, Google image wont display


  • This topic is locked This topic is locked
17 replies to this topic

#1 tjlw

tjlw

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 16 November 2015 - 07:41 PM

Hi - Had opened a post here --> http://www.bleepingcomputer.com/forums/t/595557/at-times-cannot-type-ie-redirecting-back-to-home-page/page-2  BC Advisor directed me to open a topic here.

 

Basically have run Malware, super antispyware, adaware, plus everything BC Advisor suggested.  I have periods where the you cannot type into the computer and have to restart and IE randomly redirects back to my home page when doing Google searches.  When I go to Google the image above the search bar will not display (shows a black x) and the auto suggest will not work (though I have it turned on).  Other freezes and slowness happen and I restart to correct as best I can.  Any help you can provide would be greatly appreciated.

 

I have run FarBar and here are the logs (Addition.txt is attached)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-11-2015
Ran by Walker (administrator) on T (16-11-2015 17:31:14)
Running from C:\Users\T\Downloads
Loaded Profiles: Walker (Available Profiles: Walker & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Farbar) C:\Users\T\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-01] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1904824456-278268146-3315644187-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1904824456-278268146-3315644187-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-1904824456-278268146-3315644187-1002\...\Run: [GoogleChromeAutoLaunch_1D6907FCD7BA9EBE35AAD3F123F9727E] => C:\Users\T\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-03] (The Chromium Authors)
HKU\S-1-5-21-1904824456-278268146-3315644187-1002\...\MountPoints2: {1f707243-e1fa-11e4-82c9-a01d480d02bf} - "F:\TLBootstrap_WPP.exe"
HKU\S-1-5-21-1904824456-278268146-3315644187-1002\...\MountPoints2: {89b5e5b4-bd52-11e4-82b5-a01d480d02bf} - "F:\TL-Bootstrap.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-18] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{572714CA-733E-406F-AC98-A4D066E7FDFE}: [DhcpNameServer] 192.168.0.1 205.171.3.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1904824456-278268146-3315644187-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1904824456-278268146-3315644187-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKU\S-1-5-21-1904824456-278268146-3315644187-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKU\S-1-5-21-1904824456-278268146-3315644187-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-18] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-18] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1904824456-278268146-3315644187-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1904824456-278268146-3315644187-1002: @radvision.com/ConfClient -> C:\Users\T\AppData\Local\Radvision\Installer\1.5.0.5\npclientinstmgr.dll [2015-01-15] (Avaya, Inc.)
FF Plugin HKU\S-1-5-21-1904824456-278268146-3315644187-1002: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\T\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2014-09-01] (Nagravision)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-18] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
CHR DefaultSearchKeyword: Default -> Palikan.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\T\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-18]
CHR Extension: (Google Docs) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-18]
CHR Extension: (Google Drive) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18]
CHR Extension: (YouTube) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-18]
CHR Extension: (Google Search) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-18]
CHR Extension: (Google Sheets) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-18]
CHR Extension: (Avast Online Security) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-18]
CHR Extension: (Google Wallet) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-18]
CHR Extension: (Gmail) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-18]
CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1904824456-278268146-3315644187-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-18]
CHR HKLM-x32\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-23] (SUPERAntiSpyware.com)
S2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-06] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-18] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-17] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-17] (CyberLink)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-25] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [66560 2013-08-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-18] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-24] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
S3 sscdserd; C:\Windows\system32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-16 17:27 - 2015-11-16 17:27 - 00002013 _____ C:\Users\T\Desktop\Chromium.lnk
2015-11-16 17:26 - 2015-11-16 17:27 - 00000000 ____D C:\Users\T\AppData\Local\Chromium
2015-11-16 17:25 - 2015-11-16 17:31 - 00023234 _____ C:\Users\T\Downloads\FRST.txt
2015-11-16 17:25 - 2015-11-16 17:25 - 00002606 _____ C:\WINDOWS\System32\Tasks\Go_Palikan
2015-11-16 17:25 - 2015-11-16 17:25 - 00000268 _____ C:\WINDOWS\Tasks\Go_Palikan.job
2015-11-16 17:25 - 2015-11-16 17:25 - 00000000 ____D C:\Users\T\AppData\Local\{DB9AEDC6-FF32-817E-92AA-A496B6C2580E}
2015-11-16 17:24 - 2015-11-16 17:27 - 00000000 ____D C:\Users\T\AppData\Local\nada
2015-11-16 17:24 - 2015-11-16 17:24 - 29419944 _____ (Oracle Corporation) C:\Users\T\Downloads\jre-7u60-windows.exe
2015-11-16 17:24 - 2015-11-16 17:24 - 02008576 _____ (Farbar) C:\Users\T\Downloads\FRST64 (1).exe
2015-11-12 10:09 - 2015-11-12 10:09 - 00000294 _____ C:\WINDOWS\PFRO.log
2015-11-11 09:14 - 2015-11-11 09:20 - 00000000 ____D C:\f176146e6b838468df33
2015-11-11 08:59 - 2015-10-13 08:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 08:59 - 2015-10-13 08:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 08:59 - 2015-10-13 08:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 08:59 - 2015-10-13 08:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 08:59 - 2015-10-13 08:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 08:59 - 2015-10-13 08:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 08:59 - 2015-10-10 23:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 08:59 - 2015-10-10 23:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 08:59 - 2015-10-10 11:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 08:59 - 2015-10-10 11:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 08:59 - 2015-10-10 11:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 08:59 - 2015-10-10 10:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 08:59 - 2015-10-10 10:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 08:59 - 2015-10-10 10:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 08:59 - 2015-10-10 09:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 08:58 - 2015-10-30 16:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 08:58 - 2015-10-30 16:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 08:58 - 2015-10-30 16:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 08:58 - 2015-10-30 16:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 08:58 - 2015-10-30 16:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 08:58 - 2015-10-30 15:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 08:58 - 2015-10-30 15:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 08:58 - 2015-10-30 15:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 08:58 - 2015-10-30 15:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 08:58 - 2015-10-30 15:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 08:58 - 2015-10-30 15:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 08:58 - 2015-10-30 15:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 08:58 - 2015-10-30 15:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 08:58 - 2015-10-30 15:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 08:58 - 2015-10-30 15:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 08:58 - 2015-10-30 15:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 08:58 - 2015-10-30 15:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 08:58 - 2015-10-30 15:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 08:58 - 2015-10-30 15:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 08:58 - 2015-10-30 14:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 08:58 - 2015-10-30 14:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 08:58 - 2015-10-30 14:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 08:58 - 2015-10-30 14:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 08:58 - 2015-10-20 14:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-11 08:58 - 2015-10-20 07:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-11 08:58 - 2015-10-20 07:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-11 08:58 - 2015-10-20 07:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-11 08:58 - 2015-10-20 07:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-11 08:58 - 2015-10-20 07:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-11 08:58 - 2015-10-20 07:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-11 08:58 - 2015-10-20 07:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-11 08:58 - 2015-10-20 07:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-11 08:58 - 2015-10-20 07:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-11 08:58 - 2015-10-20 07:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-11 08:58 - 2015-10-20 07:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-11 08:58 - 2015-10-15 09:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 08:58 - 2015-10-15 08:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 08:58 - 2015-10-14 16:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 08:58 - 2015-10-14 16:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 08:58 - 2015-10-14 16:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 08:58 - 2015-10-14 16:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 08:58 - 2015-10-14 16:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 08:58 - 2015-10-13 10:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 08:58 - 2015-10-13 10:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 08:58 - 2015-09-29 05:24 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 08:58 - 2015-09-12 06:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 08:58 - 2015-09-07 09:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 08:58 - 2015-09-07 08:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 08:58 - 2015-09-07 08:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 08:58 - 2015-09-04 12:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 08:58 - 2015-08-28 15:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 08:58 - 2015-08-20 13:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 08:58 - 2015-08-20 10:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 08:58 - 2014-11-04 18:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-11 08:58 - 2014-11-04 18:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-11 08:57 - 2015-10-17 07:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 08:57 - 2015-10-08 09:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 08:57 - 2015-08-10 11:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 08:57 - 2015-08-10 11:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 08:57 - 2015-08-10 10:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 08:57 - 2015-08-10 09:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 08:57 - 2015-08-10 09:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-11 08:57 - 2014-11-10 11:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-08 19:07 - 2015-11-08 19:07 - 00000000 ____D C:\ProgramData\Sophos
2015-11-08 19:05 - 2015-11-08 19:05 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-11-08 19:05 - 2015-11-08 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-08 19:05 - 2015-11-08 19:05 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-11-08 18:26 - 2015-11-08 18:29 - 137878952 _____ (Sophos Limited) C:\Users\T\Downloads\Sophos Virus Removal Tool.exe
2015-11-08 18:26 - 2015-11-08 18:26 - 01801288 _____ (Malwarebytes) C:\Users\T\Downloads\JRT.exe
2015-11-08 18:25 - 2015-11-08 18:25 - 01712128 _____ C:\Users\T\Downloads\adwcleaner_5.019.exe
2015-11-08 18:17 - 2015-11-08 18:17 - 00448512 _____ (OldTimer Tools) C:\Users\T\Downloads\TFC.exe
2015-11-08 07:59 - 2015-11-08 07:59 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\T\Downloads\rkill.exe
2015-11-08 07:56 - 2015-11-08 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-08 07:55 - 2015-11-08 08:43 - 00000000 ____D C:\Users\T\Downloads\mbar
2015-11-08 07:54 - 2015-11-08 07:54 - 16563352 _____ (Malwarebytes Corp.) C:\Users\T\Downloads\mbar-1.09.3.1001.exe
2015-11-08 06:20 - 2015-11-08 06:20 - 00891392 _____ (Farbar) C:\Users\T\Downloads\MiniToolBox.exe
2015-11-08 06:16 - 2015-11-08 06:16 - 00899072 _____ (Farbar) C:\Users\T\Downloads\FSS.exe
2015-11-08 06:14 - 2015-11-08 06:14 - 00852720 _____ C:\Users\T\Downloads\SecurityCheck.exe
2015-11-07 17:52 - 2015-11-07 17:52 - 00659968 _____ C:\Users\T\Downloads\MicrosoftFixit50195.msi
2015-11-07 17:45 - 2015-11-16 17:29 - 01370186 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-07 17:37 - 2015-11-16 17:17 - 00002563 _____ C:\WINDOWS\setupact.log
2015-11-07 17:37 - 2015-11-07 17:37 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-07 17:33 - 2015-11-07 17:33 - 00632570 _____ C:\Users\T\Documents\cc_20151107_173225.reg
2015-11-07 12:16 - 2015-11-07 12:16 - 00002778 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-11-07 12:16 - 2015-11-07 12:16 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-07 12:16 - 2015-11-07 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-07 12:16 - 2015-11-07 12:16 - 00000000 ____D C:\Program Files\CCleaner
2015-11-07 12:15 - 2015-11-07 12:15 - 06677440 _____ (Piriform Ltd) C:\Users\T\Downloads\ccsetup510.exe
2015-10-22 12:14 - 2014-04-15 16:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-10-22 12:13 - 2014-04-15 16:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-16 17:31 - 2015-01-05 21:16 - 00000000 ____D C:\FRST
2015-11-16 17:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-16 16:52 - 2014-10-10 11:31 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-16 16:46 - 2013-08-25 23:09 - 00960480 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-15 13:46 - 2014-10-10 11:31 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 13:46 - 2014-04-23 13:11 - 00000000 ____D C:\Users\T\Documents\Youcam
2015-11-15 13:45 - 2014-04-26 09:17 - 00000000 __RDO C:\Users\T\SkyDrive
2015-11-15 13:45 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-15 13:44 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-12 21:58 - 2014-10-05 02:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1904824456-278268146-3315644187-1002
2015-11-12 11:26 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-12 10:09 - 2013-08-22 07:44 - 00485432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-11 21:11 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-11 09:42 - 2013-08-22 08:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 09:41 - 2014-10-05 05:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 09:20 - 2014-10-07 15:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 09:14 - 2014-10-07 15:01 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 12:30 - 2015-07-18 12:28 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-10 12:30 - 2015-07-18 12:27 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-08 18:44 - 2015-02-01 11:18 - 00000000 ____D C:\AdwCleaner
2015-11-08 07:55 - 2014-10-05 08:22 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-08 06:27 - 2014-10-05 08:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 15:48 - 2014-10-24 06:01 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-07 15:48 - 2013-08-25 23:57 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-07 10:47 - 2014-10-05 02:25 - 00000000 ____D C:\Users\T
2015-11-06 19:06 - 2015-07-22 17:59 - 11337112 _____ (SurfRight B.V.) C:\Users\T\Downloads\HitmanPro_x64.exe
2015-11-05 09:12 - 2015-07-18 12:30 - 00004052 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-02 17:23 - 2015-04-17 06:18 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-02 17:23 - 2015-04-17 06:18 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 09:20 - 2014-10-23 20:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-30 08:53 - 2015-08-03 20:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 08:52 - 2015-08-03 20:12 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-25 19:31 - 2014-10-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-25 19:31 - 2014-10-05 08:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-19 08:14 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-19 08:05 - 2014-04-25 16:40 - 00000251 _____ C:\Users\T\Desktop\Chaffee Co Database.url
2015-10-18 09:40 - 2014-10-04 13:00 - 00012640 _____ C:\Users\T\Desktop\BWEquip.xlsx

Some files in TEMP:
====================
C:\Users\T\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-12 11:25

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 tjlw

tjlw
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 16 November 2015 - 09:56 PM

An update - while installing FarBar to do the post above a "java like" update came up and then I had the wonderful Palikan virus installed.  I followed the tips found here to remove it.  https://malwaretips.com/blogs/remove-palikan-search/ running adwcleaner, JRT, Malwarebyte, HitmanPro. Got rid of Palikan but the google issues are still here.  Haven't searched a lot to see if I get redirects but I assume that is still here since all of these have been run before. 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:30 PM

Posted 19 November 2015 - 11:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1904824456-278268146-3315644187-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1904824456-278268146-3315644187-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKU\S-1-5-21-1904824456-278268146-3315644187-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
CHR Extension: (Avast Online Security) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-18]
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [X]
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {AF9BDF08-CB2F-4087-A585-52E19F0D52D4} - System32\Tasks\Go_Palikan => C:\Users\T\AppData\Local\{DB9AE~1\UNINST~1.EXE [2015-11-16] ()
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
 C:\Users\T\AppData\Local\{DB9AE~1

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Reset Internet Explorer if compromised.
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

How is the computer running now?

#4 tjlw

tjlw
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 19 November 2015 - 12:26 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by Walker (2015-11-19 10:18:36) Run:1
Running from C:\Users\T\Downloads
Loaded Profiles: Walker (Available Profiles: Walker & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1904824456-278268146-3315644187-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1904824456-278268146-3315644187-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
SearchScopes: HKU\S-1-5-21-1904824456-278268146-3315644187-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_47_ssg09&cd=2XzuyEtN2Y1L1Qzu0AtDtC0DyEzztD0DtDtB0B0FtAtAtByDtN0D0Tzu0StCyEtCyDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtA0EtB0DyE0DyDtGtB0CyC0EtGyBtAtD0AtGyDzzzytCtG0BzytCtCtAyC0DyD0EyDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzy0FtA0FyCzzyCtGyCyEyBzytGyE0E0ByCtG0B0DyC0DtGtB0CzyyDyD0A0AtD0E0B0C0C2QtN0A0LzutB&cr=478651420&ir=
CHR Extension: (Avast Online Security) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-18]
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [X]
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {AF9BDF08-CB2F-4087-A585-52E19F0D52D4} - System32\Tasks\Go_Palikan => C:\Users\T\AppData\Local\{DB9AE~1\UNINST~1.EXE [2015-11-16] ()
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
 C:\Users\T\AppData\Local\{DB9AE~1

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1904824456-278268146-3315644187-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1904824456-278268146-3315644187-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1904824456-278268146-3315644187-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => not found.
C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
HPWMISVC => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF9BDF08-CB2F-4087-A585-52E19F0D52D4} => key not found.
C:\WINDOWS\System32\Tasks\Go_Palikan => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go_Palikan => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
"C:\Users\T\AppData\Local\{DB9AE~1" => not found.
EmptyTemp: => 20.8 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-19 10:21:47)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 10:21:47 ====



#5 tjlw

tjlw
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 19 November 2015 - 12:44 PM

The google page still has the black x instead of the google picture and google instant is still unavailable even though I have it turned on.  The typing thing is back - very slow to type and doesn't catch all the key strokes.  I do use IE instead of Chrome.  In Chrome the picture and google instant works.  No redirects yet but haven't done a lot of browsing.  Thanks for your help and let me know what to try next.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:30 PM

Posted 19 November 2015 - 03:15 PM

The google page still has the black x instead of the google picture and google instant is still unavailable


They may have been compromised. I had no problems with Google instant.

https://www.instantstreetview.com/

Are you using https or http with the Url?

#7 tjlw

tjlw
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 19 November 2015 - 07:35 PM

https



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:30 PM

Posted 20 November 2015 - 08:45 AM

Delete all the cooking associated with these sites.

https://support.google.com/chrome/answer/95647?hl=en

and or

https://support.google.com/accounts/answer/32050?hl=en

This one looks promising.
https://productforums.google.com/forum/#!topic/websearch/koFyqaclWLM

Do not forget Google search is your friend.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:30 PM

Posted 26 November 2015 - 07:49 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 tjlw

tjlw
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 26 November 2015 - 03:09 PM

Still same thing - it does seem to type better now but as I was looking at the pages you sent and tried to check the Hosts file as one of them said, the entire computer froze - had to walk away for 5 min then in came back and was able to finally get to the search page to try to find Notepad.  And some of the IE pages freeze while trying to type in them.

 

I cleared cache and cookies, ran ccleaner again, checked the host file which looked normal - still IE wont show the google image but chrome will - and the instant search wont work.

 

Any other Ideas?  Believe me I've been searching for a solution but came to Bleeping since I couldn't find anything that worked.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:30 PM

Posted 27 November 2015 - 08:58 AM



still IE wont show the google image

In IE under Tools menu > Internet options > Advanced tab.
Under the MultiMedia section make sure that "Show Picture" is checked.

You may need to click the apply button if you make a change.
===

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    07 - Repair Internet Explorer
    09 - Repair HOSTS File
    10 - Remove Policies Set By Infections
    15 - Repair Proxy Settings
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    If the problem persists please run this fix.

    Restart the computer normally.

    How is the computer running now?

    =======================

    Any improvement?


#12 tjlw

tjlw
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 November 2015 - 01:20 PM

Here is the log from tweaking  - have seen some improvements - the google icon and instant suggestions are back - still freezing up - today was trying to buy something and everything froze - had to restart and do the order over - and the web pages are slow to load.

 

Tweaking.com - Windows Repair v3.7.0
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: T
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\T
Current Profile SID: S-1-5-21-1904824456-278268146-3315644187-1002
Current Profile Classes: S-1-5-21-1904824456-278268146-3315644187-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\T\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:24:47

Process Count: 72
Commit Total: 1.64 GB
Commit Limit: 4.08 GB
Commit Peak: 1.77 GB
Handle Count: 25358
Kernel Total: 666.01 MB
Kernel Paged: 540.56 MB
Kernel Non Paged: 125.45 MB
System Cache: 1.96 GB
Thread Count: 849
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.45 GB
Memory Used: 1.66 GB(48.2032%)
Memory Avail.: 1.79 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.45 GB
Memory Used: 1.32 GB(38.3315%)
Memory Avail.: 2.13 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (11/29/2015 10:13:32 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 197
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (11/29/2015 10:13:38 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\hku.7z
Done,  0.55 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\hklm.7z
Done,  7.42 seconds.

   Running Repair Under System Account
   Done (11/29/2015 10:35:33 AM)

03 - Reset Service Permissions
   Start (11/29/2015 10:35:34 AM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/29/2015 10:36:22 AM)

07 - Repair Internet Explorer
   Start (11/29/2015 10:36:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/29/2015 10:45:03 AM)

09 - Repair Hosts File
   Start (11/29/2015 10:45:03 AM)
   Running Repair Under System Account
   Done (11/29/2015 10:45:04 AM)

10 - Remove Policies Set By Infections
   Start (11/29/2015 10:45:04 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/29/2015 10:45:10 AM)

15 - Repair Proxy Settings
   Start (11/29/2015 10:45:11 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/29/2015 10:45:13 AM)

26 - Restore Important Windows Services
   Start (11/29/2015 10:45:13 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\services.7z
Done,  0.28 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/29/2015 10:45:35 AM)

27 - Set Windows Services To Default Startup
   Start (11/29/2015 10:45:35 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/29/2015 10:45:46 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (11/29/2015 10:45:46 AM)
   Total Repair Time: 00:32:16

...YOU MUST RESTART YOUR SYSTEM...

 

ERROR: Writing SD to <machine\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run> failed with: Access is denied.
ERROR: Writing SD to <machine\SYSTEM\CurrentControlSet\Services\BFE> failed with: Access is denied.
ERROR: Writing SD to <machine\SYSTEM\CurrentControlSet\Services\BFE\Parameters> failed with: Access is denied.

 

ERROR: Getting Security Info from <MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc110.crt_2036b14a11e83e4a_none_c373722873c01144> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_465fa0e2615861d0> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc110.crt_2036b14a11e83e4a_none_0b20a8ff883c3a4a> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_5679bb9c25dbf18d> failed with: The data area passed to a system call is too small.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: Access is denied.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: Access is denied.
ERROR: Getting Security Info from <MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast> failed with: The data area passed to a system call is too small.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run> failed with: Access is denied.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: Access is denied.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: Access is denied.
ERROR: Getting Security Info from <MACHINE\SYSTEM\Setup\Upgrade\DoMp\ADOVMPPackage> failed with: Access is denied.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswHwid> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswMonFlt> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswRvrt> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswSnx> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswSP> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswStm> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswVmm> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\BFE> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs> failed with: Access is denied.

 

ERROR: Getting Security Info from <MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc110.crt_2036b14a11e83e4a_none_c373722873c01144> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_465fa0e2615861d0> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc110.crt_2036b14a11e83e4a_none_0b20a8ff883c3a4a> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_5679bb9c25dbf18d> failed with: The data area passed to a system call is too small.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: The handle is invalid.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: The handle is invalid.
ERROR: Getting Security Info from <MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast> failed with: The data area passed to a system call is too small.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run> failed with: Access is denied.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: The handle is invalid.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: The handle is invalid.
ERROR: Getting Security Info from <MACHINE\SYSTEM\Setup\Upgrade\DoMp\ADOVMPPackage> failed with: Access is denied.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswHwid> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswMonFlt> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswRvrt> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswSnx> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswSP> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswStm> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\aswVmm> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\BFE> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs> failed with: Access is denied.
 

 

ERROR: Getting Security Info from <USERS\S-1-5-19\Software\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Access is denied.
ERROR: Getting Security Info from <USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Access is denied.
ERROR: Getting Security Info from <USERS\S-1-5-21-1904824456-278268146-3315644187-1002\Software\AVAST Software\Avast> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <USERS\S-1-5-21-1904824456-278268146-3315644187-1002\Software\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Access is denied.
 

 

ERROR: Getting Security Info from <USERS\S-1-5-19\Software\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Access is denied.
ERROR: Getting Security Info from <USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Access is denied.
ERROR: Getting Security Info from <USERS\S-1-5-21-1904824456-278268146-3315644187-1002\Software\AVAST Software\Avast> failed with: The data area passed to a system call is too small.
ERROR: Getting Security Info from <USERS\S-1-5-21-1904824456-278268146-3315644187-1002\Software\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Access is denied.
 

 

ERROR: Writing Security Info to <AppXSvc> failed with: Access is denied.
ERROR: Writing Security Info to <avast! Antivirus> failed with: Access is denied.
ERROR: Writing Security Info to <BFE> failed with: Access is denied.
ERROR: Writing Security Info to <DPS> failed with: Access is denied.
ERROR: Writing Security Info to <EFS> failed with: Access is denied.
ERROR: Writing Security Info to <gpsvc> failed with: Access is denied.
ERROR: Writing Security Info to <LSM> failed with: Access is denied.
ERROR: Writing Security Info to <msiserver> failed with: Access is denied.
ERROR: Writing Security Info to <sppsvc> failed with: Access is denied.
ERROR: Writing Security Info to <WdiServiceHost> failed with: Access is denied.
ERROR: Writing Security Info to <WdiSystemHost> failed with: Access is denied.
ERROR: Writing Security Info to <WdNisSvc> failed with: Access is denied.
ERROR: Writing Security Info to <WinDefend> failed with: Access is denied.
ERROR: Writing Security Info to <WSService> failed with: Access is denied.
ERROR: Writing Security Info to <AppXSvc> failed with: Access is denied.
ERROR: Writing Security Info to <avast! Antivirus> failed with: Access is denied.
ERROR: Writing Security Info to <BFE> failed with: Access is denied.
ERROR: Writing Security Info to <msiserver> failed with: Access is denied.
ERROR: Writing Security Info to <sppsvc> failed with: Access is denied.
ERROR: Writing Security Info to <WdNisSvc> failed with: Access is denied.
ERROR: Writing Security Info to <WinDefend> failed with: Access is denied.
ERROR: Writing Security Info to <WSService> failed with: Access is denied.


 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:30 PM

Posted 30 November 2015 - 09:05 AM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:30 PM

Posted 06 December 2015 - 09:23 AM

Are you still with me?

#15 tjlw

tjlw
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 10 December 2015 - 07:49 PM

Yes sorry.

 

Farbar Service Scanner Version: 10-06-2014
Ran by Walker (administrator) on 10-12-2015 at 17:48:36
Running from "C:\Users\T\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users