Lots Of Pup Files And Firefox Hijacking Probs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ferretlady3, Oct 14, 2016.

Tags:
  1. ferretlady3

    ferretlady3 Private E-2

    Hi!

    I did all the READ ME FIRST requirements and have attached logs. I'm running Windows 7 Home Premium on a Dell Inspiron N7110 64-bit OS and I use only Firefox. I accidentally fell for the Urgent Firefox Patch - I ALWAYS look at the URL, but for some reason I clicked to download it and now have hijacking probs as well as some other probs for a while. After running all the tools as required, I saw all sorts of PUP files. Can someone look at my log files and tell me what to do? I also tried running Spyhunter and I see it seemed to also add some PUP files. I uninstalled it, then ran Spybot-S&D, then I decided to ask you guys for help since in the past you've always been able to help me! I do know some stuff but touching sensitive registry files is a BIG no-no for me unless I ask someone first.

    Thanx for any suggestions/help you can provide!

    Dawn (ferretlady3)
     

    Attached Files:

    ferretlady3, Oct 14, 2016
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.



    Next download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • Upload this log to your next reply.



    Now please download ZHPcleaner to your desktop.

    Double click on ZHPCleaner to run the tool.
    If you are using Windows Vista, 7, 8, or 10; instead of double-clicking, right-mouse click on ZHPCleaner and select "Run as Administrator".
    Please click J'accepte/I accept
    Then press ''Repair'' button.
    Browsers will automatically shut down.
    A logfile will automatically open after the scan has finished.
    Please attach the logfile to your next reply.





    Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\DriverTuner -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\DriverTuner_Init -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\FlvPlayer -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\ImInstaller -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\TermTutor -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\WebProtect -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\Conduit -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\Distromatic -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\IM -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\WebProtect -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\Conduit -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\Distromatic -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\IM -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\WebProtect -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\BingProvidedSearch -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox Packages -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox Packages -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\MRI_DISABLED | {26c9e18c-3717-4be1-a225-04e4471f5b6e} : Spam Free Search Bar -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7DCF43F5-CD65-4135-9748-0249ABC7116D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\ow\AppData\Local\Temp\nspB28F.tmp\CnetInstaller-10921373.exe|Name=proinstaller1023809609| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C6B8AE5-3527-4A5A-8834-2067BAD5CAFF} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\ow\AppData\Local\Temp\nsz7EF5.tmp\CnetInstaller-10921373.exe|Name=proinstaller1500931007| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {14E7A940-3FDD-4E1B-89E4-C0F08A518703} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ow\AppData\Local\Temp\nsz7EF5.tmp\CnetInstaller-10921373.exe|Name=proinstaller1500931007| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {12F49548-56AE-4615-8772-2B60D7D38FBB} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\ow\AppData\Local\Temp\nsv6589.tmp\Installer-10881910.exe|Name=proinstaller641514264| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E1AA0F7B-620F-41F2-94B8-B45DD099BB44} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ow\AppData\Local\Temp\nsv6589.tmp\Installer-10881910.exe|Name=proinstaller641514264| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3CAC8100-72A8-454A-A088-DD9239ECC25D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\ow\AppData\Local\Temp\nsvAF83.tmp\Installer-10881910.exe|Name=proinstaller201873975| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B19EEF57-44CF-4DD4-9AD1-C27D06C75CCE} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ow\AppData\Local\Temp\nsvAF83.tmp\Installer-10881910.exe|Name=proinstaller201873975| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E9812464-689E-45E3-9122-D443F03DB883} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ow\AppData\Local\Temp\nspB28F.tmp\CnetInstaller-10921373.exe|Name=proinstaller1023809609| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7DCF43F5-CD65-4135-9748-0249ABC7116D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\ow\AppData\Local\Temp\nspB28F.tmp\CnetInstaller-10921373.exe|Name=proinstaller1023809609| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C6B8AE5-3527-4A5A-8834-2067BAD5CAFF} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\ow\AppData\Local\Temp\nsz7EF5.tmp\CnetInstaller-10921373.exe|Name=proinstaller1500931007| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {14E7A940-3FDD-4E1B-89E4-C0F08A518703} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ow\AppData\Local\Temp\nsz7EF5.tmp\CnetInstaller-10921373.exe|Name=proinstaller1500931007| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {12F49548-56AE-4615-8772-2B60D7D38FBB} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\ow\AppData\Local\Temp\nsv6589.tmp\Installer-10881910.exe|Name=proinstaller641514264| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E1AA0F7B-620F-41F2-94B8-B45DD099BB44} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ow\AppData\Local\Temp\nsv6589.tmp\Installer-10881910.exe|Name=proinstaller641514264| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3CAC8100-72A8-454A-A088-DD9239ECC25D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\ow\AppData\Local\Temp\nsvAF83.tmp\Installer-10881910.exe|Name=proinstaller201873975| [x] -> Found
    • [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B19EEF57-44CF-4DD4-9AD1-C27D06C75CCE} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ow\AppData\Local\Temp\nsvAF83.tmp\Installer-10881910.exe|Name=proinstaller201873975| [x] -> Found

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.

    Same for these entries on the Files tab:

    • [PUP][Folder] C:\Users\ow\AppData\Roaming\MozillaFirefoxPackages -> Found
    • [PUP][Folder] C:\Users\ow\AppData\Local\blekkotb -> Found


    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.



    Re run Hitman Pro and upload new log.
    Re run RogueKiller (just a scan) and upload new log.
    MGTools did not run to completion, so please run it again this time ensuring protection software is disabled, that UAC is not turned on, and that you are indeed running it as 'admin'
    Then upload the fresh MGLogs.zip
     
    Kestrel13!, Oct 14, 2016
    #2
  3. ferretlady3

    ferretlady3 Private E-2

    Ok, I finished all the instructions above but had a few probs. When running JRT got an error message - see attached JPG. I just clicked "OK" and it finished. When running AdwCleaner I did NOT uncheck anything - I only got the log file and closed (was this correct?). Then when running ZHPCleaner it asked to do a scan first (which I did), then clicked repair. When running Rogue Killer I keep getting an error message (see attached JPG) and I just canceled it. Then after running RogueKiller and removing all the files listed below, it did not leave a log file on my desktop for some reason. I DID find a json file in my C:\ProgramData\RogueKiller\Logs folder and there was one dated for the first scan so I saved that. Since I was unable to open it, I looked for a free program to open a json file and found "File Viewer Plus 2" so I downloaded the program and opened the file which would only save as an rtf file so I opened it w/Word and resaved as a txt file. Not sure if this is what you need, but I attached it named RKreport_SCN_10162016_113946.txt which is how I originally found it in my C drive.

    Also since I finished running all the programs now my Abobe CS2 GoLive program won't open. Photoshop, Illustrator and InDesign are all working, but since I have my biz on a website, I need the GoLive program to open and change my web pages. Guess I'll just re-install CS2. It does take a bit or work to get it to run on Win7 since it's really a 32-bit program but I prefer to keep using it cuz I know where everything is that I need.

    Ok, log files are attached as well as error mess jpgs.

    Hope I'm not being stupid here! I'm usually VERY careful what I download and always check the 'custom' tab to be sure I uncheck any other crap that'll be added w/an update or download. I also use Zone Alarm Security Suite and I have always kept it updated as well as running. It's caught a LOT of stuff! I've been using it for yrs ever since someone hacked my PayPal account! It caught a TON of pings to my PC after I first installed it and I like it VERY much!

    Thanx again and looks like I'll need to add the rest of the files in another post.

    Dawn
     

    Attached Files:

    ferretlady3, Oct 16, 2016
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Delete these:

    C:\Users\ow\AppData\Local\blekkotb
    C:\SearchProtect

    Copy the bold text below to notepad. Be sure to click to expand and highlight all the text... Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.


    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.



    You did not upload the correct log from RogueKiller, please do so. You attached it perfectly fine in the very first instance! :) See the instructions and follow them.

    Now reboot the machine and re run Hitman Pro, upload latest log.
     
    Kestrel13!, Oct 16, 2016
    #4
  5. ferretlady3

    ferretlady3 Private E-2

    Here's the rest of the files! win-script-host-err-mess.jpg
     

    Attached Files:

    ferretlady3, Oct 16, 2016
    #5
  6. ferretlady3

    ferretlady3 Private E-2

    Ok, I didn't find
    C:\Users\ow\AppData\Local\blekkotb
    but I did find it here:
    C:\Users\ow\AppData\Roaming\ZHP\Quarantine
    I sent you the rest files including the ZHPCleaner.txt file. I was only able to send 5 files at one time. Also, no C:\SearchProtect but that one was also in C:\Users\ow\AppData\Roaming\ZHP\Quarantine
    I deleted both from the quarantine file and I just attached the RK second run file too. I copied the highlighted text and saved as you suggested, but I'll let you look at the second RK file that I forgot to attach as well.
     

    Attached Files:

    ferretlady3, Oct 16, 2016
    #6
  7. ferretlady3

    ferretlady3 Private E-2

    Ok and the registry files did save successfully!
     
    ferretlady3, Oct 16, 2016
    #7
  8. ferretlady3

    ferretlady3 Private E-2

    Rerunning Hitman Pro now
     
    ferretlady3, Oct 16, 2016
    #8
  9. ferretlady3

    ferretlady3 Private E-2

    Oh, I keep getting an error message from my Zone Alarm. I've tried to capture it or write it down but it's only up briefly, then disappears. I'll use my SnagIt next time it comes up. It's saying something about something in the registry is keeping it from making some sort of change (?) I THINK. Lots of writing and I don't even have time to read all of it before it just goes away!
     
    ferretlady3, Oct 16, 2016
    #9
  10. ferretlady3

    ferretlady3 Private E-2

    Last run of Hitman Pro
     

    Attached Files:

    ferretlady3, Oct 16, 2016
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Seems to me, Zone Alarm is getting in the way of the fixes. Please disable it before continuing.

    You must repeat my steps in post #4 to create the Reg Patch
    etc...

    Then once done, reboot the machine, rescan with Hitman Pro yet again and upload the NEW log.
     
    Kestrel13!, Oct 17, 2016
    #11
  12. ferretlady3

    ferretlady3 Private E-2

    Sorry I was in a bad accident w/my car and have been trying to get everything taken care of. I copied and saved the info above named fixME.reg, turned off Zone Alarm and then double clicked it. Got the message that it was completed. I tried to attach the jpg, but it won't let me attach any more files. It reads: The keys and values contained in C:\\users\ow\Desktop\fixME.reg have been successfully added to the registry.

    Then I re-ran Hitman Pro. Not sure how to attach the log file. Maybe I'll try replying again and it will let me reload it. So far no more issues w/Zone Alarm messages.
     
    ferretlady3, Oct 22, 2016
    #12
  13. ferretlady3

    ferretlady3 Private E-2

    I just ran Hitman Pro but I can't seem to attache it. It doesn't have the "Attach file" listed below so I will upload it to my website and I think I can attach it from there. Actually I think I can also attach the jpg that it uploaded ok.
     
    ferretlady3, Oct 22, 2016
    #13
  14. ferretlady3

    ferretlady3 Private E-2

    I keep trying to upload the 2 files but seem to be unable to do so. Why is the Upload file link not showing on my posts?
     
    ferretlady3, Oct 22, 2016
    #14
  15. ferretlady3

    ferretlady3 Private E-2

    Just copied the whole HitmanPro file:

    Code:
    HitmanPro 3.7.14.280
www.hitmanpro.com

  Computer name . . . . : OW-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : ow-PC\ow
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Trial (Expired)

  Scan date . . . . . . : 2016-10-22 20:20:48
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 13m 6s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 33
  Traces  . . . . . . . : 42

  Objects scanned . . . : 2,259,532
  Files scanned . . . . : 125,181
  Remnants scanned  . . : 629,749 files / 1,504,602 keys

Malware remnants ____________________________________________________________

  HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)

Potential Unwanted Programs _________________________________________________

  HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\c\ (Claro)
  HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKU\S-1-5-21-1009334687-539450264-314055710-1000\Software\Classes\Wow6432Node\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ (Speedial)
  HKU\S-1-5-21-1009334687-539450264-314055710-1000\Software\IM\ (Sweetpacks)
  HKU\S-1-5-21-1009334687-539450264-314055710-1000_Classes\Wow6432Node\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ (Speedial)

    Oh and my Zone Alarm is again coming up w/an error message.
     
    ferretlady3, Oct 22, 2016
    #15
  16. ferretlady3

    ferretlady3 Private E-2

    FINALLY got the Zone Alarm error message!
    [​IMG]

    So it looks like a CCleaner issue? Should I remove CCleaner and reinstall it?
     
    ferretlady3, Oct 22, 2016
    #16
  17. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Interesting you should ention the fact that the 'upload' a file button is missing. Are you using Firefox? In Internet Explorer I can see the button. In Firefox, it is missing. Anyway, seperate issue ;)
    Those Registry Keys are still there. We will have another sweep of trying to get rid of them. (The Ccleaner/Zone alarm issue will have to be further discussed afterwards, in the software forum.
    Ensure that Zone Alarm is disabled please... now do the below:

    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Reg
[-HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]

[-HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}]

[-HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}]

[-HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}]

[-HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]

[-HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}]

[-HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}]

[-HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}]

[-HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]

[-HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]

[-HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]

[-HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]

[-HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]

[-HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}]

[-HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}]

[-HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}]

[-HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}]

[-HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}]

[-HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]

[-HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]

[-HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]

[-HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}]

[-HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL]

[-HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[-HKLM\SOFTWARE\Classes\c\]

[-HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}]

[-HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL]

[-HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[-HKU\S-1-5-21-1009334687-539450264-314055710-1000\Software\Classes\Wow6432Node\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]

[-HKU\S-1-5-21-1009334687-539450264-314055710-1000_Classes\Wow6432Node\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.


    Now re run Hitman Pro yet again and upload the fresh log.
     
    Kestrel13!, Oct 23, 2016
    #17
  18. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    @Kestrel13!
    :) A thought - maybe open CCleaner > Options > Exclude - enter C:\ProgramData\CheckPoint\ZoneAlarm\Logs and click Add would solve that issue?
     
    dr.moriarty, Oct 23, 2016
    #18
  19. ferretlady3

    ferretlady3 Private E-2

    I've downloaded and ran OTM. Actually, after my PC rebooted Notepad came up with the log files in it so I just saved it. No need to have to go and look for it! Then reran Hitman Pro. UAC is still off and I also turned off Zone Alarm for running Hitman Pro.

    Oh, and yes, I use Firefox so I guess that's why it won't show the 'attach' link.

    Here is the OTM log info:
    All processes killed
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{655847A1-FA36-46ED-923B-A5CD523696EA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{762D463B-C45A-456D-A80D-8689C297C91E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5ACC874-D943-483F-A2D1-14598D51F872}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD260902-9420-4055-A956-9152EB4F3E6A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{655847A1-FA36-46ED-923B-A5CD523696EA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5ACC874-D943-483F-A2D1-14598D51F872}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD260902-9420-4055-A956-9152EB4F3E6A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\c\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1912128-469A-4138-AA26-9699C15BB13E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000\Software\Classes\Wow6432Node\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1009334687-539450264-314055710-1000_Classes\Wow6432Node\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ not found.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: ow
    ->Temp folder emptied: 26678415 bytes
    ->Temporary Internet Files folder emptied: 42376792 bytes
    ->Java cache emptied: 48084 bytes
    ->FireFox cache emptied: 372617957 bytes
    ->Flash cache emptied: 58948 bytes
    User: Public
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 113219 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 39068 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304676 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 499518900 bytes
    Total Files Cleaned = 938.00 mb
    OTM by OldTimer - Version 3.1.21.0 log created on 10242016_153854

    Files moved on Reboot...
    C:\Users\ow\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\ow\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    And here is the Hitman Pro log info:
    Code:
    HitmanPro 3.7.14.280
www.hitmanpro.com

  Computer name . . . . : OW-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : ow-PC\ow
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Trial (Expired)

  Scan date . . . . . . : 2016-10-24 17:50:44
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 8m 37s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 22
  Traces  . . . . . . . : 24

  Objects scanned . . . : 2,213,530
  Files scanned . . . . : 113,040
  Remnants scanned  . . : 591,767 files / 1,508,723 keys

Malware remnants ____________________________________________________________

  HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)

Potential Unwanted Programs _________________________________________________

  HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield)
  HKU\S-1-5-21-1009334687-539450264-314055710-1000\Software\IM\ (Sweetpacks)
    I'm going to reboot and try the CCleaner issue now.
     
    ferretlady3, Oct 24, 2016
    #19
  20. ferretlady3

    ferretlady3 Private E-2

    The suggestion for the CCleaner worked!! No more error message!!

    I'm GETTING there! Now I just have to reinstall my Adobe CS2 as the GoLive keeps coming up w/an error message and it closes down. I'm refuse to upgrade to CS6 for a 64bit OS as I know there's work arounds to get CS2 to work on my machine and I know GoLive well - don't want to have to learn Dreamweaver! Just don't have the time as my website store needs daily changes and the new 2017 designs are coming out Nov 1st so I jut don't have the time either. GoLive works jut fine for what I do! I have a question into another site for the work around since I don't remember it and my written instructions are pretty jumbled.

    Thanx!!!

    Dawn
     
    ferretlady3, Oct 24, 2016
    #20
  21. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK, re run ADWCleaner and let it remove the Registry entries it finds.
    Re run yet again and upload a new log please.
    Once done, rerun Hitman again, just a scan, and upload log from that, too.
     
    Kestrel13!, Oct 25, 2016
    #21
  22. ferretlady3

    ferretlady3 Private E-2

    Ran ADWC twice as suggested (actually it had me download a new version because it told me mine was outdated). Both logs are attached (using Internet Exporer to add the logs) and then ran Hitman Pro (still found stuff!) and log is also attached.

    Also now have a new error message attached as jpg. I tried looking online for the driver named Nero.MobileSync.msi but haven't been able to find it yet. I guess when I DO find it, I'll need to put in in "C:\DELL\2y65v\install_files\applications\dellmobilesync" It opens jpgs without having to use Photoshop. Something to do w/SyncUp on my PC I guess.
     

    Attached Files:

    ferretlady3, Oct 25, 2016
    #22
  23. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download OTL to your desktop.

    We need to run an OTL Fix


    • Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
    • Copy and Paste the following code into the Image textbox. Do not include the word Code

    Code:
    :reg
[-HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}]
[-HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}]
[-HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}]
[-HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}]
[-HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}]
[-HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}]
[-HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}]
[-HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}]
[-HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}]
[-HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}]
[-HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}]
[-HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}]
[-HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}]
[-HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}]
[-HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}]
[-HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}]
[-HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}]
[-HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}]
[-HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}]
[-HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}]
[-HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}]
[-HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}]
[-HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}]
[-HKU\S-1-5-21-1009334687-539450264-314055710-1000\Software\IM]

:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click Image.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. UPLOAD that report in your next reply.


    Now as usual, rerun Hitman Pro, and upload newest log. I'm not sure why they are so difficult to remove.
     
    Kestrel13!, Oct 26, 2016
    #23
  24. ferretlady3

    ferretlady3 Private E-2

    Just ran the OTL and then re-ran Hitman Pro. Logs are attached but I still see they're still not gone! What if I manually go into the registry files and remove them? I know how to find them! I've been in the registry before - just follow the paths in the HitmanPro log. Won't be the first time I've manually removed stuff. As long as I have a log file to tell me exactly where to go, I won't have a problem. Oh and the CCleaner issue still comes up sometimes but I'm thinking what if I just reinstall CCleaner after I get rid of all this other stuff and tell it NOT to run in my task manager? As for the other MySyncUp prob, I've done some reading on it and it's not really something I need so I'm just going to remove it using my Control Panel. I can always just use Photoshop to view images. Usually if I want to open an image I'll be doing some sort of change to in in Photoshop anyway. I wasn't really sure what it was until I did the reading about the Nero Mobile Sync program anyway - now I know. AND I found a MUCH better way to install my Adobe CS2 software on Win7 (Cs2 is a 32 bit program but I found a better work around to make it run better on Win7's 64 bit platform - which is the main reason I came to MajorGeeks cuz my Golive program (OLD software, but I know it well and don't wanna spend $1000+ to upgrade plus relearn the newer version) and then the browser high-jacking issue was driving me CRAZY as well!

    Should I MANUALLY remove those registry files?

    Thanx SOOOOO much for all your help so far!!! Actually my PC is already running faster and starting up faster!! Didn't realize I had SOOOO many issues!

    Dawn
     

    Attached Files:

    ferretlady3, Oct 26, 2016
    #24
  25. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    HI there Dawn :) If you feel able to do this manually then indeed please go ahead, it might save alot of time as nothing seems to be able to dig them out and I'm not sure why.
    After manual removal, just re run Hitman again and then check to see if anything remains. Let me know.
     
    Kestrel13!, Oct 28, 2016
    #25
  26. ferretlady3

    ferretlady3 Private E-2

    Hi Kestrel13!

    I manually removed the keys from the registry found all in the "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface" folder. I re-ran Hitman Pro after a reboot after removing the first set of keys but now I see it found 2 NEW keys in "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface" folder.

    Should I also manually delete these? I'm going to ASK first because I don't wanna delete anything in the registry that I shouldn't!!

    Thanx so much again for ALL your help!!!! I wouldn't have a clue as to what I should and SHOULD NOT be doing here! Seems everything is running pretty smoothly now too. I also removed CCleaner from starting up in my task bar so I'm not getting that error message any longer. All I'll need to do now (after possible removing the last 2 keys showing in the Hitman Pro log?) is to re-install Adobe CS2 so's my GoLive will work and I can get working on my website!!

    Dawn
     

    Attached Files:

    ferretlady3, Oct 28, 2016
    #26
  27. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi Dawn, you can delete those that Hitman shows:

    HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
    HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield)
     
    Kestrel13!, Oct 29, 2016
    #27
  28. ferretlady3

    ferretlady3 Private E-2

    OK! FINALLY everything looks good! Nothing found w/Hitman Pro after I removed the last 2 reg keys. And my PC id running SOOOOOO much better too!!

    So am I out of the woods? Or are there other test programs I should run?
     
    ferretlady3, Oct 30, 2016
    #28
  29. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You should be good to go :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    Kestrel13!, Nov 1, 2016
    #29
  30. ferretlady3

    ferretlady3 Private E-2

    Did everything as suggested above - and my Zone Alarm Internet Security Suite comes w/a Firewall so I think I'm covered. Now about the wireless router firewall, I have AT&T and I clicked on my connection box that shows in the task bar to the right. Under Security it has "Security type: WPA2-Personal" under "Encryption type: AES" under Network security key - there is my encrypted numbers and I have "Show characters" UN-checked. I'm thinking I should show the characters and right them down somewhere cuz I've never seen these before - in case I have future probs or something. I then clicked on the "Advanced settings" button and it reads "Enable Federal Information Processing Srtandards (FIPS) compliance for this network" and it is currently UNchecked. Should I leave it that way? And is everything set up correctly for my wireless router? I also reset my UAC manually (Control Panel, User Accounts and Family Safetly, User Accounts, Change User Account Control settings) since MGTools didn't seem to put it back to the default setting of "Don't notify me when I make changes to Windows settings". Maybe I should set this one to "Always notify"? Cuz I do go to unfamiliar sites when I'm doing a search (and I search for ANYTHING and EVERYTHING I want to find out about - BUT staying away from hacker AND porn sites for SURE!), but if I get to somewhere unsafe, usually either my Zone Alarm tells me or Firefox comes up saying something like "This is an unsafe site, Continue at your own risk (or something like that)" or there's a button that says "Get me out of here!" I normally choose the later UNLESS I KNOW it a reputable site that I've used before.

    Was VERY surprised to read that Explorer IE is BETTER than Firefox?!?! Hmmmm… Considering switching now.

    I have my Windows updates set to 'OFF' because I kept getting that "Windows 10 upgrade" notice in my systray and kept having to manually remove the "KB3035583" update. I do a Windows Update manually every 3 weeks and UNcheck that damn "Windows 10 upgrade" download cuz it bugs me that it's running in my systray! My Zone Alarm software update is always on and set to “hourly”.

    I also removed RogueKiller from my Control Panel, Programs, list since I saw it was in there too. I prefer, if I have a problem, to install all the tools listed on the READ ME FIRST page as all fresh downloads.

    I read the “How to protect yourself from Malware”, installed the latest version of Java (which I’m pretty sure I already had since last week I got a notification to update my Java) and downloaded/installed Autorun Eater. Was wondering tho, what did the directions mean to “You need to add the C:\Program Files\Autorun Eater\oldmcdonald.exe ( for x 64 >> C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe ) file to the Ignorelist. Not sure what is meant by ‘to the Ignorelist’?

    So I think I'm set? Unless I should change some of the settings I asked about above?

    Dawn
     
    ferretlady3, Nov 1, 2016
    #30
  31. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there. All this is not topic for the malware removal forum. :) You can post about all that in the software forum.
     
    Kestrel13!, Nov 2, 2016
    #31
  32. ferretlady3

    ferretlady3 Private E-2

    Oh! Ok! Seems everything is running smoothly!!

    [​IMG]

    THANK YOU SOOOOOOO VERY MUCH!!!

    Dawn
     
    ferretlady3, Nov 2, 2016
    #32
  33. ferretlady3

    ferretlady3 Private E-2

    Yikes! Looks like I have another problem now. I just tried to Uninstall Adobe CS2 from my Control Panel and it came up w/the following message - see attached. So I manually deleted it from "Computer, OS(C:), Program Files (x86), Adobe CS2" and then there also was a version in "Computer, OS(C:), Program Files, Adobe CS2". Both are now deleted. When trying to reinstall the program, it came up w/the same error message. Should I be posting this in another place? Or is this some sort of problem with the actual program I'm trying to install?

    Dawn
     

    Attached Files:

    ferretlady3, Nov 2, 2016
    #33
  34. ferretlady3

    ferretlady3 Private E-2

    Hmmm... I found the downloads online as Adobe is now giving CS2 away for free. Thinking I would get a 'higher'/'better' version than my original CD's. So I tried the originals and instead of running the Autoplay, I right clicked on the CD player to run the CD1 and I got all these error messages (see attached). Each error message appeared after I clicked "OK" to each one. So now is there something else wrong w/my registry files?
     

    Attached Files:

    ferretlady3, Nov 2, 2016
    #34
  35. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Again, this is not topic for the malware forum. We have a software forum you can post in which is obviously to discuss software related questions, like yours. Best of luck. ;)
     
    Kestrel13!, Nov 3, 2016
    #35
  36. ferretlady3

    ferretlady3 Private E-2

    Ok, wasn't sure since it was showing error messages about registry files.

    Thanx SOOOOO much again for all your help!

    Dawn
     
    ferretlady3, Nov 3, 2016
    #36
  37. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Most welcome, safe surfing! :)
     
    Kestrel13!, Nov 4, 2016
    #37

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds