Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Services not working in Vista Home Premium from browsers or command line


  • This topic is locked This topic is locked
28 replies to this topic

#1 elfmagic

elfmagic

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 24 April 2016 - 03:39 AM

I did a malware scan using a copy of malwarebytes that I think was counterfeit. Since that time Neither Firefox, Chrome, or Opera will return web pages, and each reports a host not found message.  Can't ping, or tracreroute any named host from the command line,either. 
 
I loaded a copy of SLAX 7 on a CD and when I boot it on the same computer, on the same network, I have no problem connecting to websites. (I'm connecting to this site, on that computer using slax, now).
 
I'd never heard of your group before, and connected to another board on this site and opened up a thread asking for help, and got very understanding advice.  After some diagnostics there, I got referred to this board, and I'd like to open up a new thraad.
 
I've used Avast and AVG on the computer already, and a varified, legitimate copy of malwarebytes and don't show any malware.
 
My windows firewall service won't start, and can't get windows defender or security center to work.

Also I haven't got enough disk space to perform a backup. I have an OEM Dell version of Visa, and no original CDs.  If you help me at all, I'd really appreciate it.
 
 
Here are the results of the FRST logs......

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by bruce (administrator) on MOBILE (24-04-2016 00:53:01)
Running from D:\rescue
Loaded Profiles: bruce (Available Profiles: bruce & thomas & Administrator)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ladybridge Systems Ltd) C:\QMSYS\bin\qmsvc.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe
(Spotify Ltd) C:\Users\bruce\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Run: [Spotify Web Helper] => C:\Users\bruce\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-11-12] (Spotify Ltd)
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Run: [Google Update] => C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\MountPoints2: F - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 76.14.0.8 76.14.0.9 76.14.96.14
Tcpip\..\Interfaces\{6A414FFE-2965-4B89-8250-A3B5A503A5D6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C08420C7-64D1-4555-BFCB-4176A9FF54F4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C08420C7-64D1-4555-BFCB-4176A9FF54F4}: [DhcpNameServer] 76.14.0.8 76.14.0.9 76.14.96.14

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-27] (Oracle Corporation)
BHO: NXIECatcher Class -> {83B80A9C-D91A-4F22-8DCF-EA7204039F79} -> C:\Program Files\Xi\NetXfer\NXIEHelper.dll [2013-11-15] (Xi)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-27] (Oracle Corporation)
BHO: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
Toolbar: HKLM - FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll No File
Toolbar: HKLM - NetTransport - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll [2013-11-14] (Xi)
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\bruce\AppData\Roaming\Mozilla\Firefox\Profiles\hvj7ulh7.default-1433918343932
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-27] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-10] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2578581634-3352077680-782702857-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\bruce\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2578581634-3352077680-782702857-1000: @talk.google.com/O1DPlugin -> C:\Users\bruce\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2578581634-3352077680-782702857-1000: @tools.google.com/Google Update;version=3 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2578581634-3352077680-782702857-1000: @tools.google.com/Google Update;version=9 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npfd.dll [2015-06-17] (FreshDevices Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\bruce\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\bruce\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Video DownloadHelper - C:\Users\bruce\AppData\Roaming\Mozilla\Firefox\Profiles\hvj7ulh7.default-1433918343932\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-02-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-10] [not signed]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: No Name - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-03-05] [not signed]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: No Name - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-03-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://lyricstranslate.com/en/requests
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 8.0.400.26) - C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U40) - C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Skype Web Plugin) - C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Google Update) - C:\Users\bruce\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\bruce\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\bruce\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Flash Video Downloader) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-03-09]
CHR Extension: (Open Screenshot) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo [2016-03-11]
CHR Extension: (Google Docs) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Poke Machine) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\bghhnagkeahnijfcdjnenacmgliahbbh [2014-11-28]
CHR Extension: (YouTube) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Video Download Helper) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfmncdagnglibjiglbmchedcmainibbh [2014-10-26]
CHR Extension: (FB Auto-Poker) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhccgdbmajoblcbfbgmhnpiecmjiadh [2014-09-10]
CHR Extension: (Google Search) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Tampermonkey) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-15]
CHR Extension: (Right-Click Search Wikipedia) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikmpmafdimllogceehaijmnlndineje [2014-10-24]
CHR Extension: (Silver Bird) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2015-03-29]
CHR Extension: (Full Page Screen Capture) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-10-20]
CHR Extension: (Pin It Button) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Smooth Key Scroll) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphmhpfbknciemgfnfhjapilmcaecljh [2016-01-15]
CHR Extension: (Enable right click) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2015-04-24]
CHR Extension: (Video Downloader All) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpaglkhbmbmhlnpnehlffkgaaapoicnk [2016-02-28]
CHR Extension: (Video Download Helper) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-10-26]
CHR Extension: (User Agent Switcher, URL sniffer) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfpjnehmoiabkefmnjegmpdddgcdnpo [2016-01-12]
CHR Extension: (SaveFrom.net helper) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2016-03-04] [UpdateUrl: hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION
CHR Extension: (GetThemAll Video Downloader) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Better History) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-03-04]
CHR Extension: (Facebook Auto Poke) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklhkdfpcaljlnheehfkoloofoebhknp [2015-03-03]
CHR Extension: (Instagram for Chrome) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-02-04]
CHR Extension: (Gmail) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (RightToCopy) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2015-08-12]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [mdpljndcmbeikfnlflcggaipgnhiedbl] - hxxp://sf-addon.com/helper/chrome/updates-3.xml
CHR HKU\S-1-5-21-2578581634-3352077680-782702857-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 QMSvc; C:\QMSYS\bin\qmsvc.exe [199168 2014-04-01] (Ladybridge Systems Ltd) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.) [File not signed]
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.) [File not signed]
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2014-11-17] (LG Electronics Inc.)
R3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [22016 2014-11-21] (LG Electronics Inc.)
R3 UsbGps; C:\Windows\System32\DRIVERS\lgusbgps.sys [20096 2014-11-17] (LG Electronics Inc.)
R3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2014-11-17] (LG Electronics Inc.)
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [37888 2014-05-31] (MediaTek Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 rimmptsk; system32\DRIVERS\rimmptsk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-23 20:49 - 2016-04-23 20:49 - 00001850 _____ C:\Users\bruce\Documents\slax dear.dxp
2016-04-23 12:47 - 2016-04-23 12:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2016-04-23 12:40 - 2016-04-23 12:41 - 00000000 ____D C:\Program Files\ZTE_Handset_USB_Driver
2016-04-23 12:40 - 2016-04-23 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZTE Handset USB Driver
2016-04-23 12:40 - 2013-03-19 16:38 - 00821544 _____ C:\Windows\adb.exe
2016-04-23 12:40 - 2012-12-20 09:04 - 00107776 _____ (HS Coporation) C:\Windows\system32\Drivers\ghsser.sys
2016-04-23 12:40 - 2012-11-09 15:12 - 00053000 _____ (VIA Telecom) C:\Windows\system32\Drivers\viahsser.sys
2016-04-23 12:40 - 2012-10-31 16:02 - 00027016 _____ (Via Telecom, Inc.) C:\Windows\system32\Drivers\viahsets.sys
2016-04-23 12:40 - 2012-10-31 16:00 - 00116232 _____ (ZTE Corporation) C:\Windows\system32\Drivers\zghsser.sys
2016-04-23 12:40 - 2012-09-04 13:49 - 00137728 _____ (HS Coporation) C:\Windows\system32\Drivers\ghsnet.sys
2016-04-23 12:40 - 2012-06-20 11:51 - 00146184 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsnet.sys
2016-04-23 12:40 - 2012-06-20 11:51 - 00017672 _____ (HandSet Incorporated) C:\Windows\system32\Drivers\massfilter_hs.sys
2016-04-23 12:40 - 2012-06-08 14:56 - 00851176 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2016-04-23 12:40 - 2011-10-26 15:31 - 00067608 _____ (Google, inc) C:\Windows\AdbWinUsbApi.dll
2016-04-23 12:40 - 2011-08-15 16:43 - 00102936 _____ (Google, inc) C:\Windows\AdbWinApi.dll
2016-04-23 12:35 - 2016-04-23 12:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2016-04-23 09:54 - 2016-04-23 09:56 - 05541816 _____ C:\Users\bruce\Downloads\vlc-record-2016-04-23-09h53m58s-Watch To Have and Have Not Online Free Putlocker Putlocker - Watch Movies Online Free.mp4-.mp4
2016-04-13 15:10 - 2016-04-13 15:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-04-13 15:09 - 2016-04-13 15:09 - 00055176 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-13 15:09 - 2016-04-13 15:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-04-13 15:09 - 2016-04-13 15:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\TechSmith
2016-04-13 15:06 - 2016-04-13 15:06 - 00000911 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-13 15:06 - 2016-04-13 15:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2016-04-13 15:06 - 2016-04-13 15:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Opera Software
2016-04-13 15:05 - 2016-04-13 15:05 - 00000906 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-13 15:05 - 2016-04-13 15:05 - 00000877 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2016-04-13 15:05 - 2016-04-13 15:05 - 00000258 __RSH C:\Users\Administrator\ntuser.pol
2016-04-13 15:05 - 2016-04-13 15:05 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-04-13 15:05 - 2016-04-13 15:05 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-04-13 15:05 - 2016-04-13 15:05 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-04-13 15:05 - 2016-04-13 15:05 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-04-13 15:05 - 2016-04-13 15:05 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-04-13 15:05 - 2016-04-13 15:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-04-13 15:05 - 2016-04-13 15:05 - 00000000 ____D C:\Users\Administrator
2016-04-13 15:05 - 2016-03-15 08:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Compatibility Verifier
2016-04-13 15:05 - 2015-11-22 21:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-04-13 15:05 - 2014-09-20 18:49 - 00001899 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-04-13 15:05 - 2006-11-02 05:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-04-02 11:28 - 2016-04-24 00:53 - 00000000 ____D C:\FRST
2016-04-02 05:04 - 2016-04-02 05:04 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-02 05:04 - 2016-04-02 05:04 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-02 05:04 - 2016-04-02 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-02 05:03 - 2016-04-02 05:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-04-02 05:03 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-02 05:03 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-02 05:03 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 00:44 - 2014-04-30 14:14 - 00000000 ____D C:\QMSYS
2016-04-24 00:44 - 2014-03-02 00:00 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-24 00:44 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-24 00:44 - 2006-11-02 05:47 - 00004448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-24 00:44 - 2006-11-02 05:47 - 00004448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-24 00:44 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Registration
2016-04-23 23:26 - 2006-11-02 06:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-23 23:19 - 2014-03-02 00:00 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-23 23:02 - 2014-02-04 00:35 - 00000000 ____D C:\Users\bruce\AppData\Roaming\vlc
2016-04-23 22:50 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-04-23 22:50 - 2006-11-02 03:33 - 00749444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-23 12:41 - 2015-08-25 10:01 - 00000000 ____D C:\Users\bruce\.android
2016-04-23 12:41 - 2013-08-04 14:56 - 00000000 ____D C:\Users\bruce
2016-04-13 15:09 - 2015-10-26 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2016-04-12 18:57 - 2014-01-18 04:14 - 00000000 ____D C:\Users\bruce\AppData\Roaming\Audacity
2016-04-09 18:07 - 2014-03-16 15:33 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2578581634-3352077680-782702857-1000Core.job
2016-04-02 13:08 - 2013-08-31 11:57 - 04472826 _____ C:\Windows\ntbtlog.txt
2016-04-02 11:28 - 2014-03-31 09:45 - 00000000 ____D C:\Users\bruce\Desktop\Scratchpad
2016-04-02 07:49 - 2015-11-08 20:48 - 00002972 _____ C:\Users\bruce\Desktop\Rkill.txt
2016-04-02 06:22 - 2014-12-01 17:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-02 06:22 - 2014-09-20 19:35 - 00000258 __RSH C:\Users\bruce\ntuser.pol
2016-04-02 06:21 - 2006-11-02 04:18 - 00000000 ___DC C:\Windows\$NtUninstallKB26385$
2016-04-02 06:17 - 2015-01-01 03:30 - 00000000 ____D C:\Users\bruce\AppData\LocalLow\Company

==================== Files in the root of some directories =======

2014-07-28 03:08 - 2014-07-28 03:03 - 0000104 _____ () C:\Program Files\Recycle Bin - Shortcut (2).lnk
2014-07-28 03:11 - 2014-07-28 03:11 - 0000104 _____ () C:\Program Files\Recycle Bin - Shortcut (3).lnk
2014-01-28 08:56 - 2014-01-28 09:36 - 0000000 _____ () C:\Users\bruce\AppData\Roaming\bitlord_log.txt
2014-03-01 18:54 - 2014-03-01 18:54 - 0000806 _____ () C:\Users\bruce\AppData\Roaming\verclsid.exe_log.txt
2014-02-23 08:22 - 2014-02-23 08:39 - 0000000 _____ () C:\Users\bruce\AppData\Roaming\VideoPad.dmp
2015-01-01 02:19 - 2015-01-01 02:19 - 0000064 _____ () C:\Users\bruce\AppData\Local\81c8ec0a9d989db975e200ad40c05281
2014-03-02 15:17 - 2016-03-14 21:45 - 0001356 _____ () C:\Users\bruce\AppData\Local\d3d9caps.dat
2013-08-04 15:38 - 2015-12-20 23:27 - 0017920 _____ () C:\Users\bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-06 21:49 - 2014-06-06 22:13 - 0000000 _____ () C:\Users\bruce\AppData\Local\DVDPATH.TXT
2014-01-28 09:13 - 2014-01-28 09:13 - 0000218 _____ () C:\Users\bruce\AppData\Local\recently-used.xbel
2014-10-05 07:53 - 2014-10-05 07:53 - 0000000 _____ () C:\Users\bruce\AppData\Local\{37765219-CBDF-4C45-B3DC-839200A397FB}
2014-09-29 13:36 - 2014-09-29 13:36 - 0000000 _____ () C:\Users\bruce\AppData\Local\{B29A1372-D2BF-4BAB-AB5D-A1062F3D91F9}
2014-05-31 15:36 - 2014-05-31 15:36 - 0005113 _____ () C:\ProgramData\mtbjfghn.xbe

Some files in TEMP:
====================
C:\Users\bruce\AppData\Local\Temp\converter.exe
C:\Users\bruce\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcivri.dll
C:\Users\bruce\AppData\Local\Temp\GUR36E7.exe
C:\Users\bruce\AppData\Local\Temp\GUR42AA.exe
C:\Users\bruce\AppData\Local\Temp\GUR4EEA.exe
C:\Users\bruce\AppData\Local\Temp\GURAF1F.exe
C:\Users\bruce\AppData\Local\Temp\GURC522.exe
C:\Users\bruce\AppData\Local\Temp\GURD4CB.exe
C:\Users\bruce\AppData\Local\Temp\GUREB86.exe
C:\Users\bruce\AppData\Local\Temp\Quarantine.exe
C:\Users\bruce\AppData\Local\Temp\sqlite3.dll
C:\Users\bruce\AppData\Local\Temp\tmpA09F.exe
C:\Users\bruce\AppData\Local\Temp\Tsu46F7EDCB.dll
C:\Users\bruce\AppData\Local\Temp\TsuAE7AE909.dll
C:\Users\bruce\AppData\Local\Temp\YoutubePlaylistDownloader-setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-24 00:50

==================== End of FRST.txt ============================

Attached Files


Edited by Oh My!, 24 April 2016 - 03:59 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 24 April 2016 - 04:18 PM

Greetings Thomas and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. When you ran FRST an Addition.txt file should have been created. Please copy and paste that report in your reply. If you can't find it run a FRST scan again and make sure Addition.txt is checked.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\MountPoints2: F - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Video DownloadHelper - C:\Users\bruce\AppData\Roaming\Mozilla\Firefox\Profiles\hvj7ulh7.default-1433918343932\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-02-11]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\bruce\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll => No File
CHR Extension: (Video Download Helper) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfmncdagnglibjiglbmchedcmainibbh [2014-10-26]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
S3 avchv; system32\DRIVERS\avchv.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 rimmptsk; system32\DRIVERS\rimmptsk.sys [X]
2014-10-05 07:53 - 2014-10-05 07:53 - 0000000 _____ () C:\Users\bruce\AppData\Local\{37765219-CBDF-4C45-B3DC-839200A397FB}
2014-09-29 13:36 - 2014-09-29 13:36 - 0000000 _____ () C:\Users\bruce\AppData\Local\{B29A1372-D2BF-4BAB-AB5D-A1062F3D91F9}
2014-05-31 15:36 - 2014-05-31 15:36 - 0005113 _____ () C:\ProgramData\mtbjfghn.xbe
C:\Users\bruce\AppData\Local\Temp\converter.exe
C:\Users\bruce\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcivri.dll
C:\Users\bruce\AppData\Local\Temp\GUR36E7.exe
C:\Users\bruce\AppData\Local\Temp\GUR42AA.exe
C:\Users\bruce\AppData\Local\Temp\GUR4EEA.exe
C:\Users\bruce\AppData\Local\Temp\GURAF1F.exe
C:\Users\bruce\AppData\Local\Temp\GURC522.exe
C:\Users\bruce\AppData\Local\Temp\GURD4CB.exe
C:\Users\bruce\AppData\Local\Temp\GUREB86.exe
C:\Users\bruce\AppData\Local\Temp\Quarantine.exe
C:\Users\bruce\AppData\Local\Temp\sqlite3.dll
C:\Users\bruce\AppData\Local\Temp\tmpA09F.exe
C:\Users\bruce\AppData\Local\Temp\Tsu46F7EDCB.dll
C:\Users\bruce\AppData\Local\Temp\TsuAE7AE909.dll
C:\Users\bruce\AppData\Local\Temp\YoutubePlaylistDownloader-setup.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Addition log
  • AdwCleaner report
  • RogueKiller report
  • MTB.txt
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 25 April 2016 - 11:33 PM

I'm sorry.. I don't think you understand,, please help me..

I can't be on the Internet while I'm looking at my desktop.... I'm using a very old form of Linux, just as a stop gap..  in a way that would allow me to somehow get everything together.

 

I appreciate your hellp... I just don't think I can take advantage of it. You are expecting so much, and I can't seem to provide all that from one platform...

 

 

Forgive me, OK.  I'll try to better next time..   Please don't rule me out, OK?



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 26 April 2016 - 08:47 AM

Can you download everything you need onto a USB device and then transfer it to your Desktop? If so, then you can save the reports onto the USB then post them with your other Internet access.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 28 April 2016 - 08:54 AM

Thank you for your patience and underdanding, Gary. I'm disabled and spend a lot of time incapitated. I don't have the technical skill to access my desktop from the Linux OS, and my desktop is too cluttered to organize the files you wanted... I'm taking pain medication that makess it difficult to remember things.. 
I used a base directory called 'rescue' on my D drive to launch all the applications you asked for... I hope that isn't a big problem.
I did however run the RogueKiller from the desktop.
 
Nothing has changed in the way of DNS functionality...
 
Here is what you wanted....
 
  • Fixlog
Ran by bruce (2016-04-27 20:45:23) Run:1
Running from D:\rescue
Loaded Profiles: bruce (Available Profiles: bruce & thomas & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\MountPoints2: F - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Video DownloadHelper - C:\Users\bruce\AppData\Roaming\Mozilla\Firefox\Profiles\hvj7ulh7.default-1433918343932\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-02-11]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\bruce\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll => No File
CHR Extension: (Video Download Helper) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfmncdagnglibjiglbmchedcmainibbh [2014-10-26]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
S3 avchv; system32\DRIVERS\avchv.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 rimmptsk; system32\DRIVERS\rimmptsk.sys [X]
2014-10-05 07:53 - 2014-10-05 07:53 - 0000000 _____ () C:\Users\bruce\AppData\Local\{37765219-CBDF-4C45-B3DC-839200A397FB}
2014-09-29 13:36 - 2014-09-29 13:36 - 0000000 _____ () C:\Users\bruce\AppData\Local\{B29A1372-D2BF-4BAB-AB5D-A1062F3D91F9}
2014-05-31 15:36 - 2014-05-31 15:36 - 0005113 _____ () C:\ProgramData\mtbjfghn.xbe
C:\Users\bruce\AppData\Local\Temp\converter.exe
C:\Users\bruce\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcivri.dll
C:\Users\bruce\AppData\Local\Temp\GUR36E7.exe
C:\Users\bruce\AppData\Local\Temp\GUR42AA.exe
C:\Users\bruce\AppData\Local\Temp\GUR4EEA.exe
C:\Users\bruce\AppData\Local\Temp\GURAF1F.exe
C:\Users\bruce\AppData\Local\Temp\GURC522.exe
C:\Users\bruce\AppData\Local\Temp\GURD4CB.exe
C:\Users\bruce\AppData\Local\Temp\GUREB86.exe
C:\Users\bruce\AppData\Local\Temp\Quarantine.exe
C:\Users\bruce\AppData\Local\Temp\sqlite3.dll
C:\Users\bruce\AppData\Local\Temp\tmpA09F.exe
C:\Users\bruce\AppData\Local\Temp\Tsu46F7EDCB.dll
C:\Users\bruce\AppData\Local\Temp\TsuAE7AE909.dll
C:\Users\bruce\AppData\Local\Temp\YoutubePlaylistDownloader-setup.exe
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
C:\Users\bruce\AppData\Roaming\Mozilla\Firefox\Profiles\hvj7ulh7.default-1433918343932\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully
C:\Users\bruce\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => not found.
C:\Users\bruce\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll => not found.
C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfmncdagnglibjiglbmchedcmainibbh => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh" => key removed successfully.
avchv => service removed successfully.
BAPIDRV => service removed successfully.
blbdrive => service removed successfully.
ewusbnet => service removed successfully.
ew_hwusbdev => service removed successfully.
ew_usbenumfilter => service removed successfully.
huawei_enumerator => service removed successfully.
hwdatacard => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
rimmptsk => service removed successfully.
C:\Users\bruce\AppData\Local\{37765219-CBDF-4C45-B3DC-839200A397FB} => moved successfully
C:\Users\bruce\AppData\Local\{B29A1372-D2BF-4BAB-AB5D-A1062F3D91F9} => moved successfully
C:\ProgramData\mtbjfghn.xbe => moved successfully
C:\Users\bruce\AppData\Local\Temp\converter.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcivri.dll => moved successfully
C:\Users\bruce\AppData\Local\Temp\GUR36E7.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\GUR42AA.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\GUR4EEA.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\GURAF1F.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\GURC522.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\GURD4CB.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\GUREB86.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\Quarantine.exe => moved successfully
"C:\Users\bruce\AppData\Local\Temp\sqlite3.dll" => not found.
C:\Users\bruce\AppData\Local\Temp\tmpA09F.exe => moved successfully
C:\Users\bruce\AppData\Local\Temp\Tsu46F7EDCB.dll => moved successfully
C:\Users\bruce\AppData\Local\Temp\TsuAE7AE909.dll => moved successfully
C:\Users\bruce\AppData\Local\Temp\YoutubePlaylistDownloader-setup.exe => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 20:45:27 ====
 
 
 
  • Addition log
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by bruce (2016-04-24 00:57:36)
Running from D:\rescue
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2013-08-04 21:42:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2578581634-3352077680-782702857-500 - Administrator - Enabled) => C:\Users\Administrator
bruce (S-1-5-21-2578581634-3352077680-782702857-1000 - Administrator - Enabled) => C:\Users\bruce
Guest (S-1-5-21-2578581634-3352077680-782702857-501 - Limited - Disabled)
thomas (S-1-5-21-2578581634-3352077680-782702857-1001 - Limited - Enabled) => C:\Users\thomas
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (Version:  - ) Hidden
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudioLabel CD/DVD Cover Maker (HKLM\...\AudioLabel_is1) (Version: 6.0 (Build 5) - CdCoverSoft)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP)
Connection Keeper (HKLM\...\Connection Keeper) (Version: 14.1 - Gammadyne Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Dell System Detect (HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\73f463568823ebbe) (Version: 6.4.0.7 - Dell)
DrawPad Graphics Editor (HKLM\...\DrawPad) (Version: 2.01 - NCH Software)
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.76 - NCH Software)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version:  - )
FileZilla Client 3.14.1 (HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jing (HKLM\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
join.me (HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
K-Lite Mega Codec Pack 10.2.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG Bluetooth Drivers (HKLM\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG Mobile Driver (HKLM\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
LG PC Suite IV (HKLM\...\LG PC Suite IV) (Version: 4.2.21.20100527 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaHuman YouTube Downloader version 3.7 (HKLM\...\MediaHuman YouTube Downloader_is1) (Version: 3.7 - )
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetTransport 2.96k.720 (HKLM\...\{78D2B9D0-E680-4295-9830-6B23397B4746}_is1) (Version:  - Xi)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 35.0.2066.92 (HKLM\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
PhotoPad Image Editor (HKLM\...\PhotoPad) (Version: 2.42 - NCH Software)
QM (HKLM\...\QM) (Version: 3.3-0 - Ladybridge Systems)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAR Password Recovery v1.1 RC17 (remove only) (HKLM\...\Intelore - RAR Password Recovery) (Version:  - )
RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Video Capture 7 (HKLM\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Screencast-O-Matic (HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Should I Remove It (HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Super DX-Ball v1.1 (HKLM\...\Super DX-Ball_is1) (Version: 1.1 - BlitWise Productions, LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
URL Snooper v2.38.01 (HKLM\...\URLSnooper 2_is1) (Version:  - DonationCoder.com)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoLAN Movie Creator (HKLM\...\VLMC) (Version:  - )
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.29 - NCH Software)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebLog Expert 9.1 (HKLM\...\WebLog Expert_is1) (Version: 9.1 - Alentum Software Ltd.)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wise Registry Cleaner 8.42 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.42 - WiseCleaner.com, Inc.)
WordBiz 1.8.7 (HKLM\...\WordBiz_0) (Version:  - )
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14F52821-C278-4343-B7DF-7ED0DAF6D925} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {27A18CDC-F5C0-40D0-A411-07C0940FF6D3} - System32\Tasks\{28240D9C-8588-4710-87FC-D3B32E2B27BE} => pcalua.exe -a "C:\Users\bruce\Downloads\netspite (1).exe" -d C:\Users\bruce\Downloads
Task: {45DD3002-E801-4A5B-88B2-56E1A779CE20} - System32\Tasks\Alarm => C:\Users\bruce\Downloads\blood on the tracks\(Bob Dylan) - 01 - Tangled Up In Blue.mp3 [2015-02-24] ()
Task: {5131B8DF-3B59-45DE-A231-2C8E1A476D63} - System32\Tasks\{B43C9A7A-B732-49F0-9BFD-AD397E3F6EE2} => pcalua.exe -a C:\Drivers\network\R142718\Setup.exe -d C:\Drivers\network\R142718
Task: {549C02E8-83DE-455C-B02B-E1F4B0BB3061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2578581634-3352077680-782702857-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {56730E28-AC34-4675-97F7-CCC40945F8E8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2578581634-3352077680-782702857-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {589C7B92-1D07-4642-B469-DCD8B791EA26} - System32\Tasks\beep => C:\Users\bruce\Downloads\my mantras\safe good nightly couplet.mp3
Task: {76EF4888-9B4A-4699-A3BC-673643B4F6D3} - System32\Tasks\Opera scheduled Autoupdate 1438567835 => C:\Program Files\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {7DBF1D11-EAF6-4E4D-B4CE-9F0AFF7440C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9086DFDF-2D31-489B-B734-15E58F7D0CC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2578581634-3352077680-782702857-1000UA => C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {93346309-5266-4C5F-8741-B247FA53A575} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {933E2835-C98A-40EF-8330-B84ABDAD2364} - System32\Tasks\{90279859-EFE7-400A-9B12-0308FEE85B53} => pcalua.exe -a "C:\Program Files\NCH Software\SoundTap\stdriverinstallerx86.exe" -d C:\Users\bruce\AppData\Local\Temp\n1s -c "C:\Program Files\NCH Software\SoundTap\stdriverx86.inf" I
Task: {97BFE253-D735-4F09-ADB6-C70393408880} - System32\Tasks\{EE50A731-2549-4763-A8CD-FAD46E3CE2C5} => pcalua.exe -a "C:\Users\bruce\Downloads\LADSPA_plugins-win-0.4.15 (1).exe" -d C:\Users\bruce\Downloads
Task: {9F76F58A-8AC2-432E-BB80-016DB9032611} - System32\Tasks\SpeedFixTool_Start => C:\Program Files\Speed Fix Tool\SpeedFixTool.exe
Task: {A62FE3CB-6786-4ECA-AB49-A9636EB8F071} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2578581634-3352077680-782702857-1000Core => C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AAC06F1A-75B6-481C-B32B-7ABDD7BEEB38} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files\Speed Fix Tool\Splash.exe
Task: {B2779201-49B4-484C-96BE-BC5C30F88107} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {B8CABBC1-470D-4462-AAF0-DB8842AAFE1F} - System32\Tasks\{9C3EB352-0363-452C-9111-356487885936} => pcalua.exe -a E:\install.EXE -d E:\ -c id= ver=1.0.0.0
Task: {D3B46DA1-7446-4D8E-8AC6-7613FC30EBDB} - System32\Tasks\RealCreateProcessScheduledTask549638S-1-5-21-2578581634-3352077680-782702857-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2014-10-10] (RealNetworks, Inc.)
Task: {E89CBAAE-B342-468C-94DA-C1723F00D2CF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2578581634-3352077680-782702857-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-08-12] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2578581634-3352077680-782702857-1000Core.job => C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2578581634-3352077680-782702857-1000UA.job => C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-16 03:08 - 2015-10-16 03:08 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\unetbtin.exe:xdg.origin.url [67]
AlternateDataStreams: C:\unetbtin.exe:xdg.referrer.url [28]
AlternateDataStreams: C:\Windows\$NtUninstallKB26385$:SummaryInformation [0]
AlternateDataStreams: C:\ProgramData\TEMP:293E91EE [724]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0 [147]
AlternateDataStreams: C:\Users\bruce\Downloads\18 - Dave Van Ronk - I Buyed Me A Little Dog.mp3:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\4 Non Blondes - What's Up (1).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\4 Non Blondes - What's Up.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\allyall.mp3:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\BadBros.mp3:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\billyjackdogfood.mp3:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\Clip from the movie 'Contraband' (1940).avi:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\fun.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\hecklers.mp3:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\Longer Boats Cat Stevens Video (2).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\Mark Almond - Trade Winds.mp3:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\Quantanamera - Trini Lopez.webm:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\Silver Dagger Irish Traditional.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\tggits.mp3:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Downloads\xmangione.mp3:TOC.WMV [130]
AlternateDataStreams: C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe:xdg.origin.url [98]
AlternateDataStreams: C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe:xdg.referrer.url [67]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52334958.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52334958.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2578581634-3352077680-782702857-1000\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2016-04-20 01:52 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2578581634-3352077680-782702857-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: ehstart => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DellSystemDetect => C:\Users\bruce\AppData\Local\Apps\2.0\YGPG4B35.RAT\H45JJQ2J.MQM\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
MSCONFIG\startupreg: Google Update => "C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\bruce\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 440x 10/100 Integrated Controller
Description: Broadcom 440x 10/100 Integrated Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: bcm4sbxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2016 12:58:27 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator
 
Error: (04/24/2016 12:58:27 AM) (Source: VSS) (EventID: 40) (User: )
Description: Volume Shadow Copy Service error:  The Microsoft Software Shadow Copy Provider (SWPRV) service is 
disabled.  Please enable the service and try again.
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator
 
Error: (04/23/2016 12:37:24 PM) (Source: Software Licensing Service) (EventID: 8198) (User: )
Description: License Activation (SLUI.exe) failed with the following error code:
0x80070057
 
Error: (04/23/2016 12:36:33 PM) (Source: Software Licensing Service) (EventID: 8198) (User: )
Description: License Activation (SLUI.exe) failed with the following error code:
0x80070057
 
Error: (04/20/2016 01:56:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/20/2016 01:43:42 AM) (Source: Software Licensing Service) (EventID: 8198) (User: )
Description: License Activation (SLUI.exe) failed with the following error code:
0x80070057
 
Error: (04/18/2016 04:48:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application vlc.exe, version 2.2.1.0, time stamp 0x00000004, faulting module libqt4_plugin.dll, version 2.2.1.0, time stamp 0x00020002, exception code 0x40000015, fault offset 0x007ca10a,
process id 0x9b8, application start time 0xvlc.exe0.
 
Error: (04/17/2016 09:55:16 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (04/16/2016 10:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application vlc.exe, version 2.2.1.0, time stamp 0x00000004, faulting module libqt4_plugin.dll, version 2.2.1.0, time stamp 0x00020002, exception code 0x40000015, fault offset 0x007ca10a,
process id 0xb80, application start time 0xvlc.exe0.
 
Error: (04/13/2016 11:37:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/24/2016 12:45:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058
 
Error: (04/24/2016 12:45:03 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Spybot-S&D 2 Security Center Servicewscsvc
 
Error: (04/24/2016 12:45:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
 
Error: (04/24/2016 12:45:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
 
Error: (04/24/2016 12:45:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimmptsk%%2
 
Error: (04/24/2016 12:45:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Auto Connection ManagerTelephony%%1058
 
Error: (04/24/2016 12:45:03 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Firewall5 (0x5)
 
Error: (04/24/2016 12:45:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetlogonWorkstation%%1058
 
Error: (04/24/2016 12:44:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:28:35 PM on 4/23/2016 was unexpected.
 
Error: (04/23/2016 11:28:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058
 
 
CodeIntegrity:
===================================
  Date: 2016-04-24 00:56:14.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:56:14.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:56:13.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:56:13.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:56:12.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:56:11.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:56:11.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:56:10.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:54:57.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-24 00:54:56.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ Duo CPU T2250 @ 1.73GHz
Percentage of memory in use: 48%
Total physical RAM: 2037.71 MB
Available physical RAM: 1050.45 MB
Total Virtual: 4312.7 MB
Available Virtual: 3342.45 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:99.74 GB) (Free:0.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:10 GB) (Free:6.13 GB) NTFS
Drive f: (XBOOT) (Removable) (Total:14.9 GB) (Free:12.93 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=99.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
  • AdwCleaner report
 
# AdwCleaner v5.114 - Logfile created 28/04/2016 at 01:10:19
# Updated 27/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : bruce - MOBILE
# Running from : D:\rescue\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\C5A
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2757 bytes] - [27/04/2016 21:48:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [891 bytes] - [28/04/2016 01:10:19]
C:\AdwCleaner\AdwCleaner[R0].txt - [8987 bytes] - [17/07/2015 18:34:52]
C:\AdwCleaner\AdwCleaner[R1].txt - [2303 bytes] - [18/07/2015 14:42:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [9272 bytes] - [17/07/2015 19:30:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [2722 bytes] - [25/04/2016 20:29:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [2795 bytes] - [27/04/2016 21:42:36]
C:\AdwCleaner\AdwCleaner[S3].txt - [1313 bytes] - [28/04/2016 01:02:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1401 bytes] ##########
 
  • RogueKiller report
RogueKiller V12.1.4.0 [Apr 25 2016] (Free) by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : bruce [Administrator]
Started from : C:\Users\bruce\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/28/2016 05:52:00
 
 Processes : 0 
 
 Registry : 5 
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} -> Deleted
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 76.14.0.8 76.14.0.9 76.14.96.14 ([X][X][X])  -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 76.14.0.8 76.14.0.9 76.14.96.14 ([X][X][X])  -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C08420C7-64D1-4555-BFCB-4176A9FF54F4} | DhcpNameServer : 76.14.0.8 76.14.0.9 76.14.96.14 ([X][X][X])  -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C08420C7-64D1-4555-BFCB-4176A9FF54F4} | DhcpNameServer : 76.14.0.8 76.14.0.9 76.14.96.14 ([X][X][X])  -> Replaced ()
 
 Tasks : 0 
 
 Files : 0 
 
 Hosts File : 0 
 
 Antirootkit : 1 (Driver: Loaded) 
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[119] : C:\Windows\System32\win32k.sys @ 0xffffffff9aa68ca9 (call dword [0x8230eb84])
 
 Web browsers : 0 
 
 MBR Check : 
+++++ PhysicalDrive0: ST9120822AS ATA Device +++++
--- User ---
[MBR] b40030a52cd8f8f3cb12691077e29fb5
[BSP] 597689f9fd584ba824a36be87199a262 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 10239 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21069824 | Size: 102136 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 230244352 | Size: 2048 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 0f68128f6c07865a09158896a8361926
[BSP] 6f510daf46d274284f9a608a06c7db11 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 48 | Size: 15275 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
  • MTB.txt
  •  
  • MiniToolBox by Farbar  Version: 07-02-2016 01
    Ran by bruce (administrator) on 28-04-2016 at 00:26:43
    Running from "D:\rescue"
    Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
    Model: MP061 Manufacturer: Dell Inc.
    Boot Mode: Normal
    ***************************************************************************
     
    ========================= Flush DNS: ===================================
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========================= IE Proxy Settings: ============================== 
     
    Proxy is not enabled.
    No Proxy Server is set.
     
    "Reset IE Proxy Settings": IE Proxy Settings were reset.
     
    ========================= FF Proxy Settings: ============================== 
     
     
    "Reset FF Proxy Settings": Firefox Proxy settings were reset.
     
    ========================= Hosts content: =================================
    127.0.0.1       localhost
    ========================= IP Configuration: ================================
     
    Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
    Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Media disconnected)
     
     
    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
     
    reset
     
     
     
    popd
    # End of IPv4 configuration
     
     
     
    Windows IP Configuration
     
       Host Name . . . . . . . . . . . . : mobile
       Primary Dns Suffix  . . . . . . . : 
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
     
    Ethernet adapter Local Area Connection:
     
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
       Physical Address. . . . . . . . . : 00-18-8B-AE-E7-13
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::7521:4bad:82e6:25d%13(Preferred) 
       IPv4 Address. . . . . . . . . . . : 76.14.57.87(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Lease Obtained. . . . . . . . . . : Thursday, April 28, 2016 12:18:31 AM
       Lease Expires . . . . . . . . . . : Friday, April 29, 2016 12:23:31 AM
       Default Gateway . . . . . . . . . : 76.14.56.1
       DHCP Server . . . . . . . . . . . : 172.17.17.130
       DHCPv6 IAID . . . . . . . . . . . : 335550603
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-90-82-74-00-18-8B-AE-E7-13
       DNS Servers . . . . . . . . . . . : 8.8.8.8
                                           8.8.4.4
       NetBIOS over Tcpip. . . . . . . . : Enabled
     
    Wireless LAN adapter Wireless Network Connection:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
       Physical Address. . . . . . . . . : 00-13-E8-0A-11-D7
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter Local Area Connection* 7:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 02-00-54-55-4E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Server:  google-public-dns-a.google.com
    Address:  8.8.8.8
     
    Name:    google.com
    Addresses:  2607:f8b0:4005:800::200e
     216.58.192.14
     
    Ping request could not find host google.com. Please check the name and try again.
     
    Server:  google-public-dns-a.google.com
    Address:  8.8.8.8
     
    Name:    yahoo.com
    Addresses:  2001:4998:c:a06::2:4008
     2001:4998:44:204::a7
     2001:4998:58:c02::a9
     206.190.36.45
     98.139.183.24
     98.138.253.109
     
    Ping request could not find host yahoo.com. Please check the name and try again.
     
     
     
    Pinging 127.0.0.1 with 32 bytes of data:
     
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
     
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
     
     
     
    Ping statistics for 127.0.0.1:
     
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
     
    Approximate round trip times in milli-seconds:
     
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
     
    ===========================================================================
    Interface List
     13 ...00 18 8b ae e7 13 ...... Broadcom 440x 10/100 Integrated Controller
      9 ...00 13 e8 0a 11 d7 ...... Intel® Wireless WiFi Link 4965AGN
      1 ........................... Software Loopback Interface 1
      8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
    ===========================================================================
     
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0       76.14.56.1      76.14.57.87     20
           76.14.56.0    255.255.254.0         On-link       76.14.57.87    276
          76.14.57.87  255.255.255.255         On-link       76.14.57.87    276
         76.14.57.255  255.255.255.255         On-link       76.14.57.87    276
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link       76.14.57.87    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link       76.14.57.87    276
    ===========================================================================
    Persistent Routes:
      None
     
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
      1    306 ::1/128                  On-link
     13    276 fe80::/64                On-link
     13    276 fe80::7521:4bad:82e6:25d/128
                                        On-link
      1    306 ff00::/8                 On-link
     13    276 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
     
    **** End of log ****
     

 



#6 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 28 April 2016 - 09:30 AM

Gary,

 

 

I'm having trouble attaching the zipped summary... I'm going to try again...


Edited by elfmagic, 28 April 2016 - 09:37 AM.


#7 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 28 April 2016 - 09:39 AM

Trying again...



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 28 April 2016 - 04:32 PM

Greetings,

I am sorry to hear of your difficulties and appreciate you letting me know. Don't worry about the System Summary for now.

This is what I would like us to do next.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {5131B8DF-3B59-45DE-A231-2C8E1A476D63} - System32\Tasks\{B43C9A7A-B732-49F0-9BFD-AD397E3F6EE2} => pcalua.exe -a C:\Drivers\network\R142718\Setup.exe -d C:\Drivers\network\R142718
Task: {27A18CDC-F5C0-40D0-A411-07C0940FF6D3} - System32\Tasks\{28240D9C-8588-4710-87FC-D3B32E2B27BE} => pcalua.exe -a "C:\Users\bruce\Downloads\netspite (1).exe" -d C:\Users\bruce\Downloads
Task: {9F76F58A-8AC2-432E-BB80-016DB9032611} - System32\Tasks\SpeedFixTool_Start => C:\Program Files\Speed Fix Tool\SpeedFixTool.exe
Task: {AAC06F1A-75B6-481C-B32B-7ABDD7BEEB38} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files\Speed Fix Tool\Splash.exe
Task: {B8CABBC1-470D-4462-AAF0-DB8842AAFE1F} - System32\Tasks\{9C3EB352-0363-452C-9111-356487885936} => pcalua.exe -a E:\install.EXE -d E:\ -c id= ver=1.0.0.0
AlternateDataStreams: C:\unetbtin.exe:xdg.origin.url [67]
AlternateDataStreams: C:\unetbtin.exe:xdg.referrer.url [28]
AlternateDataStreams: C:\Windows\$NtUninstallKB26385$:SummaryInformation [0]
AlternateDataStreams: C:\ProgramData\TEMP:293E91EE [724]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0 [147]
AlternateDataStreams: C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe:xdg.origin.url [98]
AlternateDataStreams: C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe:xdg.referrer.url [67]
cmd: sc config bcm4sbxp start= auto
reboot:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Your computer will automatically reboot
  • Check your Internet access
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Do you have Internet?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 29 April 2016 - 10:03 PM

Hi Gary,

 

Sorry no luck.

 

 

Greetings,

I am sorry to hear of your difficulties and appreciate you letting me know. Don't worry about the System Summary for now.

This is what I would like us to do next.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {5131B8DF-3B59-45DE-A231-2C8E1A476D63} - System32\Tasks\{B43C9A7A-B732-49F0-9BFD-AD397E3F6EE2} => pcalua.exe -a C:\Drivers\network\R142718\Setup.exe -d C:\Drivers\network\R142718
Task: {27A18CDC-F5C0-40D0-A411-07C0940FF6D3} - System32\Tasks\{28240D9C-8588-4710-87FC-D3B32E2B27BE} => pcalua.exe -a "C:\Users\bruce\Downloads\netspite (1).exe" -d C:\Users\bruce\Downloads
Task: {9F76F58A-8AC2-432E-BB80-016DB9032611} - System32\Tasks\SpeedFixTool_Start => C:\Program Files\Speed Fix Tool\SpeedFixTool.exe
Task: {AAC06F1A-75B6-481C-B32B-7ABDD7BEEB38} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files\Speed Fix Tool\Splash.exe
Task: {B8CABBC1-470D-4462-AAF0-DB8842AAFE1F} - System32\Tasks\{9C3EB352-0363-452C-9111-356487885936} => pcalua.exe -a E:\install.EXE -d E:\ -c id= ver=1.0.0.0
AlternateDataStreams: C:\unetbtin.exe:xdg.origin.url [67]
AlternateDataStreams: C:\unetbtin.exe:xdg.referrer.url [28]
AlternateDataStreams: C:\Windows\$NtUninstallKB26385$:SummaryInformation [0]
AlternateDataStreams: C:\ProgramData\TEMP:293E91EE [724]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0 [147]
AlternateDataStreams: C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe:xdg.origin.url [98]
AlternateDataStreams: C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe:xdg.referrer.url [67]
cmd: sc config bcm4sbxp start= auto
reboot:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Your computer will automatically reboot
  • Check your Internet access
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Do you have Internet?

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by bruce (2016-04-29 19:43:37) Run:2
Running from D:\rescue
Loaded Profiles: bruce (Available Profiles: bruce & thomas & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\bruce\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {5131B8DF-3B59-45DE-A231-2C8E1A476D63} - System32\Tasks\{B43C9A7A-B732-49F0-9BFD-AD397E3F6EE2} => pcalua.exe -a C:\Drivers\network\R142718\Setup.exe -d C:\Drivers\network\R142718
Task: {27A18CDC-F5C0-40D0-A411-07C0940FF6D3} - System32\Tasks\{28240D9C-8588-4710-87FC-D3B32E2B27BE} => pcalua.exe -a "C:\Users\bruce\Downloads\netspite (1).exe" -d C:\Users\bruce\Downloads
Task: {9F76F58A-8AC2-432E-BB80-016DB9032611} - System32\Tasks\SpeedFixTool_Start => C:\Program Files\Speed Fix Tool\SpeedFixTool.exe
Task: {AAC06F1A-75B6-481C-B32B-7ABDD7BEEB38} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files\Speed Fix Tool\Splash.exe
Task: {B8CABBC1-470D-4462-AAF0-DB8842AAFE1F} - System32\Tasks\{9C3EB352-0363-452C-9111-356487885936} => pcalua.exe -a E:\install.EXE -d E:\ -c id= ver=1.0.0.0
AlternateDataStreams: C:\unetbtin.exe:xdg.origin.url [67]
AlternateDataStreams: C:\unetbtin.exe:xdg.referrer.url [28]
AlternateDataStreams: C:\Windows\$NtUninstallKB26385$:SummaryInformation [0]
AlternateDataStreams: C:\ProgramData\TEMP:293E91EE [724]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0 [147]
AlternateDataStreams: C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe:xdg.origin.url [98]
AlternateDataStreams: C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe:xdg.referrer.url [67]
cmd: sc config bcm4sbxp start= auto
reboot:
*****************
 
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => key removed successfully.
"HKU\S-1-5-21-2578581634-3352077680-782702857-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5131B8DF-3B59-45DE-A231-2C8E1A476D63}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5131B8DF-3B59-45DE-A231-2C8E1A476D63}" => key removed successfully.
C:\Windows\System32\Tasks\{B43C9A7A-B732-49F0-9BFD-AD397E3F6EE2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B43C9A7A-B732-49F0-9BFD-AD397E3F6EE2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27A18CDC-F5C0-40D0-A411-07C0940FF6D3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27A18CDC-F5C0-40D0-A411-07C0940FF6D3}" => key removed successfully.
C:\Windows\System32\Tasks\{28240D9C-8588-4710-87FC-D3B32E2B27BE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28240D9C-8588-4710-87FC-D3B32E2B27BE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F76F58A-8AC2-432E-BB80-016DB9032611}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F76F58A-8AC2-432E-BB80-016DB9032611}" => key removed successfully.
C:\Windows\System32\Tasks\SpeedFixTool_Start => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedFixTool_Start" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAC06F1A-75B6-481C-B32B-7ABDD7BEEB38}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAC06F1A-75B6-481C-B32B-7ABDD7BEEB38}" => key removed successfully.
C:\Windows\System32\Tasks\SpeedFixTool_Popup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedFixTool_Popup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8CABBC1-470D-4462-AAF0-DB8842AAFE1F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8CABBC1-470D-4462-AAF0-DB8842AAFE1F}" => key removed successfully.
C:\Windows\System32\Tasks\{9C3EB352-0363-452C-9111-356487885936} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9C3EB352-0363-452C-9111-356487885936}" => key removed successfully.
C:\unetbtin.exe => ":xdg.origin.url" ADS removed successfully..
C:\unetbtin.exe => ":xdg.referrer.url" ADS removed successfully..
C:\Windows\$NtUninstallKB26385$ => ":SummaryInformation" ADS removed successfully..
C:\ProgramData\TEMP => ":293E91EE" ADS removed successfully..
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully..
C:\ProgramData\TEMP => ":4BEE39B0" ADS removed successfully..
C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe => ":xdg.origin.url" ADS removed successfully..
C:\Users\bruce\Documents\Universal-USB-Installer-1.9.6.3.exe => ":xdg.referrer.url" ADS removed successfully..
 
=========  sc config bcm4sbxp start= auto =========
 
[SC] ChangeServiceConfig SUCCESS
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 19:43:41 ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 29 April 2016 - 10:38 PM

Thank you, please do this.

I am ending for the evening but will check your reply tomorrow.

===================================================

Complete Internet Repair

--------------------
  • Please download comintrep.zip and save it to your desktop
  • Double click the icon and select Run
  • Click Extract
  • Double click the Complete Internet Repair folder on your desktop
  • Double click the CIntRep.exe icon
  • Place a checkmark next to the following entries:

Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache

  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access
===================================================

Windows Repair (All in One)

--------------------
  • Boot your computer into Safe Mode with Networking
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the tweaking.com icon and click Run
  • Continually click Next, then Finish
  • If you are advised a newer version is available click Yes to download the new version
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 3 and allow it to run See if Check Disk is Needed by clicking on the Check button:
  • If your see Errors Found On The Drive! Check Disk Is Needed click Open Check Disk At Next Boot
  • Select the /r option and click Add To Next Boot
  • Close the Check Disk (chkdsk) At Next Boot window
  • Go to Step 4 and click Do It under System File Check
  • Go to Step 5 and click Create under System Restore
  • Go to the Repairs tab
  • Uncheck Automatically Do A Registry Backup then click Open Repairs
  • Leave the default check marks and click Start Repairs
  • Ignore any notice about Desktop Gadgets
  • Click Yes to reboot your computer
  • Using Windows Explorer navigate to the following file location

For 32 bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

  • Please zip and attach the Logs folder to your repy
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Internet Repair run properly?
  • Windows All in One logs
  • Do you have Internet access?

Edited by Oh My!, 01 May 2016 - 09:10 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 30 April 2016 - 11:08 PM

Thank you very much for your advice, Gary.  I tried the first suggestion you gave me - in particular the Complete Internet Repair tool.

 

The second suggestion I couldn't do, for a couple of reason. I can't actually boot into safe mode with networking and download the windows all one software repair from there, for two reasons. 

#1 I can't go to a named link for Vista in safe more or otherwise, and ...

 

#2  when I tried downloading it linux, it just stalled. Here's the link you provided....
Windows Repair (All in One) , it point to http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe/
 

I can't download that. 
I did the first part. I haven't tested it yet. If I don't come back tonight, please assume it isn't working.  What time zone are you in?

 

Have a wonderful evening. Stay charming and inspirational. I like your signature - God is Love.



 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 01 May 2016 - 09:12 AM

Thank you for the information and your encouragement.

Please try the link in the original post again. Download it in Normal Boot and save it to your Desktop. Then reboot into Safe Mode and the program should still be there for you to run.

I am in the Pacific Time Zone, California.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 02 May 2016 - 12:48 AM

Dear Gary,

 

Yes, the internet tool ran wihout any problem.

I still didn't have internet access after running it. - However

Aftrer running the windows all in one utility -  my DNS services back up and running! I would like to attache the all in one logs. were can I find them?

I  must thank you from the bottom of my heart. I'm quite destitute, but I'm sure I can spare a few bucks over the next few months to help you guys out. You really rock. Thank you so much. God Bless you.



#14 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 02 May 2016 - 01:04 AM

here are the logs. I got a little excited.  Thanks so much again. Perhaps you could tell me what happened?

 

 



#15 elfmagic

elfmagic
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 02 May 2016 - 01:53 AM

Dear Gary,

 

Yes, the internet tool ran wihout any problem.

I still didn't have internet access after running it. - However

Aftrer running the windows all in one utility -  my DNS services back up and running! I would like to attache the all in one logs. were can I find them?

I  must thank you from the bottom of my heart. I'm quite destitute, but I'm sure I can spare a few bucks over the next few months to help you guys out. You really rock. Thank you so much. God Bless you.

I don't know why I have trouble uploading files to this forum... The zipped logs can be downloaded by clicking here.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users