Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bot infection reported by Spamhaus’s CBL


  • This topic is locked This topic is locked
27 replies to this topic

#1 BlackArrow

BlackArrow

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 08 August 2016 - 11:16 PM

About 10 days ago, I started getting an error message that said “Too many messages sent” when I tried to send email. In trying to resolve it, I found out that my ip was on a Spamhaus’s CBL blacklist for performing some sort of forbidden behavior. As I understand the material on their website when I look up my ip, it says my computer is infected with some sort of malware (so far, it has always said Conficker, s_gozi, or ZeroAccess) and that it is causing my ip address to send out malicious communications that are being intercepted by a sinkhole.

 

Since then I have purchased a new computer that seems to be clean, and I have disconnected my “old” computer from my home network.

 

My assumption is that my malware problems that are being detected by CBL stemmed from a malware infection on my “old” computer. I want to try to recover some of the files (mostly pictures, emails, and word docs) from my old computer, but since none of the anti-virus scanners see any issues with my computer, or detect any problem when it scans my files, I need to determine what kind of infection is on my “old” computer so I’ll have a better chance of discovering infected files before I start porting them over to my “new” computer.

 

Per instructions from nasdaq, I have run Zoek on my “old” computer without being connected to the network. Although I tried a couple of times, it seemed to hang up when it was looking at Firefox extensions and after letting it run for several hours, I rebooted the computer and have posted the results from its incomplete log below:

 

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Greg on Thu 08/04/2016 at  6:27:09.50.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Temp3\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
8/4/2016 6:28:45 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\IDM deleted successfully
C:\Users\postgres\AppData\LocalLow deleted successfully
C:\Users\Greg\AppData\Local\ActiveSync deleted successfully
C:\Users\Greg\AppData\Local\AntiLogger Free deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\7kr2sxoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
Added to C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\7kr2sxoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\7kr2sxoi.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [05/24/2016 05:21 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [05/24/2016 05:21 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc2@internetdownloadmanager.com"="C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi" [06/08/2016 05:17 AM]


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 09 August 2016 - 09:17 AM

Hi,

You already have the tool. Please just run it as suggested below.
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply


#3 BlackArrow

BlackArrow
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 09 August 2016 - 12:32 PM

I am running this now, but it appears to be hung up in the same place as yesterday. I am pretty sure I have disabled McAfee correctly (I did it the same way I did it on my other computer), and I have not run any other programs or touched the computer since it started running. I will let it continue to run.

 

 

The last line in the Zoek window says:

 

Firefox Extensions 23:13:35.87



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 09 August 2016 - 12:53 PM

Stop the Zoek process.

Remove Firefox via the Control Panel > Programs > Programs and Features.

Restart the computer to reset the registry.

Run the Zoek tool with the No. 3 option.

It should not take more than 30 to 60 minuntes to complete.

Post the log or let me know where you stand.

#5 BlackArrow

BlackArrow
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 09 August 2016 - 02:59 PM

Once I deleted Firefox, it ran fine. Here are the results:

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Greg on Sat 08/06/2016 at 23:50:20.65.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Greg\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
8/6/2016 11:52:42 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Greg\AppData\Local\ActiveSync deleted successfully
C:\Users\Greg\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-24929482-148235032-3936421333-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A08EF463-2AA9-458A-A7DD-1DBEDCB9E9E7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A08EF463-2AA9-458A-A7DD-1DBEDCB9E9E7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A08EF463-2AA9-458A-A7DD-1DBEDCB9E9E7} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
 
==== Chromium Look ======================
 
Chrome Media Router - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS
 
==== Reset Google Chrome ======================
 
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=30 folders=31 30888128 bytes)
 
==== Empty Temp Folders ======================
 
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Greg\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sun 08/07/2016 at  0:06:58.25 ======================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 10 August 2016 - 07:37 AM



Let me know what problem persists.

If all is well re-install Firefox.

#7 BlackArrow

BlackArrow
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 10 August 2016 - 02:05 PM

As far as I can tell I am not having any problems. I reinstalled Firefox on my "old" computer and everything seems fine.

 

My only worry is there seemed to be some kind of infection on my "old" computer, and since I didn't really identify what it was, I might somehow transfer it to my new computer when I start copying some of my data files. Is there any scanning software that you would recommend that is good at finding trojans that night try to ride along with the files being copied?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 11 August 2016 - 06:56 AM

This is the topic I you crated for the old computer, unless I'm mistaken.

Run Zoek with the following script. You already have the application so follow only the directive to run it.


Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#9 BlackArrow

BlackArrow
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 11 August 2016 - 10:09 AM

This is the topic I you crated for the old computer, unless I'm mistaken.
 

 

Yes. You’re right. I just wanted to make sure I did some more testing even though my “old” computer seemed to be behaving ok.

 

So Zoek ran fine when I uninstalled Firefox. After I reinstalled Firefox again, it never brings up the screen where I can copy the script you sent me. I did the following:

1)      Disabled Antivirus

2)      Right-clicked on Zoek and said Run as Administrator

3)      It asked me if I wanted to allow this program to make changes to my computer and I answer yes.

4)      I wait at least half an hour and the Zoek screen never comes up. I’ve looked to make sure it’s not hidden on the task bar or anything else. If I open task manager, I don’t see a process that looks like Zoek running.

I don’t need Firefox, should I just uninstall it and leave it off, or do you think it might be important to discovering where my vulnerability was?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 11 August 2016 - 10:15 AM

Run the script I previously suggested but remove this command.

createsrpoint;

post the log if you can.

#11 BlackArrow

BlackArrow
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 11 August 2016 - 10:47 AM

But I the screen where I can paste a script never opens.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 11 August 2016 - 12:03 PM

Remove Firefox

#13 BlackArrow

BlackArrow
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 11 August 2016 - 12:50 PM

That worked. I uninstalled Firefox and took out createsrpoint and here are the results:

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Greg on Thu 08/11/2016 at 13:23:15.94.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Greg\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2016-08-04-103802.log 2204 bytes
C:\zoek-results2016-08-05-031335.log 2311 bytes
C:\zoek-results2016-08-05-053757.log 10256 bytes
 
==== Empty Folders Check ======================
 
C:\Users\postgres\AppData\LocalLow deleted successfully
C:\Users\Greg\AppData\Local\ActiveSync deleted successfully
C:\Users\Greg\AppData\Local\AntiLogger Free deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\7kr2sxoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
Added to C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\7kr2sxoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\found.000 deleted
C:\PROGRA~3\Package Cache deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\7kr2sxoi.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [05/24/2016 05:21 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [05/24/2016 05:21 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc2@internetdownloadmanager.com"="C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi" [06/08/2016 05:17 AM]
 
==== Firefox Extensions ======================
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\7kr2sxoi.default
62D98B286C805E193568037B70D936D2 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash
A3975DDFF0B893C509958C7169B0F12C - C:\Users\Greg\AppData\Roaming\bitcointrezorcom\Bitcoin Trezor Plugin\1.0.5\npBitcoinTrezorPlugin.dll - Bitcoin Trezor Plugin
FEBA27D00FC5E4C371989A47AE88042A - C:\Users\Greg\AppData\Roaming\Zoom\bin\npzoomplugin.dll - Zoom launcher - 3.0.1
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[06/13/2016 11:18 AM]
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[06/09/2016 12:48 PM]
 
SiteAdvisor - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Chrome Media Router - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
 
==== Reset Google Chrome ======================
 
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\7kr2sxoi.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=5459 folders=828 9452529146 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Greg\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Thu 08/11/2016 at 13:37:53.27 ======================


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 12 August 2016 - 07:34 AM


Lets find out what remains of Firefox in the registry.


Please run the Farbar Recovery Scan Tool. Enter Firefox in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Let me know of any issues with this computer.

#15 BlackArrow

BlackArrow
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 12 August 2016 - 08:57 AM

There don't seem to be any issues with the "old" computer, but I have only had it connected to the network for a few minutes over the past week or so.

 

See below:

 

Farbar Recovery Scan Tool (x64) Version: 08-08-2016
Ran by Greg (2016-08-12 09:40:33)
Running from C:\xMalware Tools
Boot Mode: Normal
 
================== Search Registry: "Firefox" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\26D7DC00A650F0F419344425D2446EDD]
"FX_FIREFOXPLUGIN"="FX_PDFVIEWER"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McProxy\Redirect\HTTP]
"80"="iexplore.exe,firefox.exe,Netscape.exe,Opera.exe,Netscp.exe,flock.exe,safari.exe,navigator.exe,chrome.exe,WebKit2WebProcess.exe,spartan_edge.exe,MicrosoftEdge.exe,MicrosoftEdgeCP.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Telemetry\VUL\appupdates]
"u_mozilla__firefox_4"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Telemetry\VUL\scan]
"s_mozilla__firefox_4"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{BDEADEF0-C265-11D0-BCED-00A0C90AB50F}\1.0]
""="Microsoft SharePoint Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"="Skype for Business Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"ProductName"="Skype for Business Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Path"="C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"="Microsoft SharePoint Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"ProductName"="Microsoft SharePoint Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\McProxy\Redirect\HTTP]
"80"="iexplore.exe,firefox.exe,Netscape.exe,Opera.exe,Netscp.exe,flock.exe,safari.exe,navigator.exe,chrome.exe,WebKit2WebProcess.exe,spartan_edge.exe,MicrosoftEdge.exe,MicrosoftEdgeCP.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\MSC\Telemetry\VUL\appupdates]
"u_mozilla__firefox_4"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\MSC\Telemetry\VUL\scan]
"s_mozilla__firefox_4"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"="Microsoft Lync Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"ProductName"="Microsoft Lync Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Path"="C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"="Microsoft SharePoint Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"ProductName"="Microsoft SharePoint Plug-in for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\Adobe Reader]
"Description"="Handles PDFs in-place in Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\Adobe Reader]
"ProductName"="Adobe Reader Plugin for Firefox"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Clients\StartMenuInternet]
""="FIREFOX.EXE"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\100]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\101]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\102]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1133]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1134]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1135]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1136]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1137]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1138]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1139]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1140]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1141]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1142]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\116]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\116]
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1174]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1175]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\1385]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\14]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\142]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\153]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\154]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\155]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\182]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\185]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\192]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\2]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\211]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\256]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\285]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\291]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\293]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\294]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\295]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\309]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\317]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\318]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\322]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\389]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\429]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\439]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\441]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\441]
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\442]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\448]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\449]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\450]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\451]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\452]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\453]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\454]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\455]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\456]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\457]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\458]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\459]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\460]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\461]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\463]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\464]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\568]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\569]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\62]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\71]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\722]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\723]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\730]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\731]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\733]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\734]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\746]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\747]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\76]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\824]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\87]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\879]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\88]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\89]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\90]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\91]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\92]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\93]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\94]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\95]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\96]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\97]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\98]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\99]
"UA"="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\IDMBI\Firefox]
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\IDMBI\Firefox]
"name"="Mozilla Firefox"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\DownloadManager\IDMBI\Firefox\0]
"exe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Google\Update\proxy]
"source"="Firefox"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1473d52a_0]
""="{2}.\\?\usb#vid_046d&pid_0a1d&mi_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\global/00010002
\Device\HarddiskVolume4\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8341f956_0]
""="{2}.\\?\hdaudio#func_01&ven_111d&dev_76f3&subsys_103c2af7&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\speakertopology/00010001
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d51be9c2_0]
""="{2}.\\?\hdaudio#func_01&ven_111d&dev_76f3&subsys_103c2af7&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\speakertopology/00010001
\Device\HarddiskVolume4\Program Files (x86)\Mozilla Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.accdb\OpenWithList]
"d"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=update+windows+10&form=WNSGPH&qs=AS&cvid=675d6db57f614353b12aaa74b6ef2196&pq=update%20w&nclid=763705AC13FFEC4F3C056ADDFDD9F013&ts=1450666185657&nclidts=1450666185&tsms=657\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.diagcab\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"d"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"FirefoxHTML"=""
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"FirefoxHTML"=""
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"e"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.json\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList]
"e"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\OpenWithProgids]
"FirefoxHTML"=""
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pkj\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"FirefoxHTML"=""
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList]
"f"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithList]
"d"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Greg\Downloads\Firefox Setup Stub 35.0.exe"="0x5341435001000000000000000700000028000000D8B603000000000001000000000000000000030600210000975FD891C99ECE010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000095AB0600000000000100000001000000"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"SIGN.IE=02610D50 Firefox Setup 35.0.exe"="0x5341435001000000000000000700000028000000500D61020000000001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001A970100000000000100000001000000"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"="0x5341435001000000000000000700000028000000C8FB050060C0060001000000000000000000000A0021000019B4C529E312D1010000000100000000"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Greg\Downloads\Firefox Setup Stub 48.0.exe"="0x534143500100000000000000070000002800000010B20300100904000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003A8A0100000000000100000001000000"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"="0x534143500100000000000000070000002800000008A00D00FA790E000300000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C4230000000000000100000001000000"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Mozilla\Firefox]
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe.FriendlyAppName"="Firefox"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe.ApplicationCompany"="Mozilla Corporation"
[HKEY_USERS\S-1-5-21-3879775844-282586923-3402195286-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Greg\Downloads\Firefox Setup Stub 48.0.exe.FriendlyAppName"="Firefox Setup Stub 48.0.exe"
 
====== End of Search ======





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users