Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

connected to internet but browsers/malwarebytes won't work

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby pgmigg » July 9th, 2014, 10:42 pm

Hello greymatters,

A. I had no problems. But AVG only gives 4 options to temporary disable it. And those are to reenable in 5, 10, 15 mins, or until restart. Doesn't give me an option of an hour or more. So I just did until restart. And if my PC restarted after a scan I made sure to disable it again before I did another scan like you requested.
In such case you need to select "Until restart".

Also the OTL files weren't saved in my local disc C: , they just got saved to the desktop and replaced the previous one I had.
The OTL saved log files in two places:
- on the Desktop if you run OTL scan;
- on the disk C: in C:\_OTL\MovedFiles\ folder if you run OTL fix script.
In my previous set of steps I asked you to run the fix script firstly and then finally the fresh OTL scan. It looks like you did not run the fix script at all but run OTL scan twice instead. In the first run you probably put the script contents to the Custom Scan/Fixes text bot but press Run Scan button instead of Run Fix one.

So it seems like it was the internet download manager that I downloaded like a week ago? Was it infected? Did I download an infected one?
I cannot prove that you downloaded infected installation file but installed application was definitely infected and deleted by ZOEK clean.

E. YES! I can browse the internet once again! and use internet related apps! Thank you SO MUCH!
You are welcome! :D

Before we start the next step of our treatment, please check again the existence of C:\_OTL\MovedFiles\ folder and if you find there any MMDDYYYY_HHMMSS.log files, post the contents of the most recent one in the next replay as separate post.

Then let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Windows\Prefetch\PURELEADS.SERVICE.EXE-4A3C10E6.pf
    C:\Windows\Prefetch\PURELEADSCONTROL.EXE-8E038C48.pf
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeads.Servic_a77541c0ae186b088591bc7e3a4ddcc821b4e5d_217cbd35
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeadsSvc.exe_866ed53aae4b69bf325788e226cc0d4c5c6b4_16bca40a
    C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeads.Servic_a77541c0ae186b088591bc7e3a4ddcc821b4e5d_217cbd35
    C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeadsSvc.exe_866ed53aae4b69bf325788e226cc0d4c5c6b4_16bca40a
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    
    :Reg
    [-HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\PureLeads.ini]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PureLeads_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PureLeads_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\1296121B]
    "AppFullPath"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\1296121B]
    "AppFullPath"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\1296121B]
    "AppFullPath"=-
    [-HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\FLEXnet\Connect\db\PureLeads.ini]
    [HKEY_CURRENT_USER\Software\DownloadManager]
    "ExePath"=-
    [HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\IDMan.exe]
    "Path"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}]
    "AppPath"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}]
    "AppPath"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
    "AppPath"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
    "AppPath"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
    "LocalizedString"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Internet Download Manager]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
    "LocalizedString"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IDMWFP]
    "Description"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\IDMWFP]
    "Description"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IDMWFP]
    "Description"=-
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\DownloadManager]
    "ExePath"=-
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\IntelliType Pro\AppSpecific\IDMan.exe]
    "Path"="-
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}]
    "AppPath"=-
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}]
    "AppPath"=-
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
    "AppPath"=-
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
    "AppPath"=-
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
    @=""
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
    @=""
    [HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"=-
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *PureLeads*
    *Internet Download Manager*
    
    :folderfind
    *PureLeads*
    *Internet Download Manager*
    
    :Regfind
    PureLeads
    Internet Download Manager
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent (if exists) C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run from previous set of instractions
  3. Contents of the most recent C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after current OTL FixScript run
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 10th, 2014, 12:33 am

In my previous set of steps I asked you to run the fix script firstly and then finally the fresh OTL scan. It looks like you did not run the fix script at all but run OTL scan twice instead. In the first run you probably put the script contents to the Custom Scan/Fixes text bot but press Run Scan button instead of Run Fix one.

Yeah I think your right, I think I did do that. Sorry, today is not my day.

Before we start the next step of our treatment, please check again the existence of C:\_OTL\MovedFiles\ folder and if you find there any MMDDYYYY_HHMMSS.log files, post the contents of the most recent one in the next replay as separate post.

I don't see it. I took a screenshot if you would like a look.

http://i.imgur.com/0iCS5Z8.png?1

I'll hold on to continuing until we clear this up.
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby pgmigg » July 10th, 2014, 12:43 am

Hello greymatters,

Yeah I think your right, I think I did do that. Sorry, today is not my day.
Don't worry - the next one will be youth. ;)
I don't see it. I took a screenshot if you would like a look. I'll hold on to continuing until we clear this up.
Thank you for the screenshot. It is OK for now and we can close this issue. I will correct the end of my previous post regarding logs I would like to see...

Please run all next steps I posted already.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 10th, 2014, 12:56 am

A. So far no but I still have step C (step 2) to do.

B. OTL Fix Script

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Windows\Prefetch\PURELEADS.SERVICE.EXE-4A3C10E6.pf moved successfully.
C:\Windows\Prefetch\PURELEADSCONTROL.EXE-8E038C48.pf moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk not found.
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeads.Servic_a77541c0ae186b088591bc7e3a4ddcc821b4e5d_217cbd35 folder moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeadsSvc.exe_866ed53aae4b69bf325788e226cc0d4c5c6b4_16bca40a folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeads.Servic_a77541c0ae186b088591bc7e3a4ddcc821b4e5d_217cbd35 not found.
File\Folder C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_PureLeadsSvc.exe_866ed53aae4b69bf325788e226cc0d4c5c6b4_16bca40a not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Internet Download Manager not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\PureLeads.ini\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PureLeads_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PureLeads_RASMANCS\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\1296121B\\AppFullPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\1296121B\\AppFullPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\1296121B\\AppFullPath not found.
Registry key HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\FLEXnet\Connect\db\PureLeads.ini\ not found.
Registry value HKEY_CURRENT_USER\Software\DownloadManager\\ExePath deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\IDMan.exe\\Path deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\\AppPath deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\\AppPath deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\\AppPath deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\\AppPath deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\\@|"" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\\LocalizedString deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Internet Download Manager\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\\LocalizedString not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IDMWFP\\Description deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\IDMWFP\\Description deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IDMWFP\\Description not found.
Registry value HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\DownloadManager\\ExePath not found.
HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\IntelliType Pro\AppSpecific\IDMan.exe\\"Path"|"- /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\\AppPath not found.
Registry value HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\\AppPath not found.
Registry value HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\\AppPath not found.
Registry value HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\\AppPath not found.
HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rohit
->Temp folder emptied: 575984 bytes
->Temporary Internet Files folder emptied: 740278 bytes
->FireFox cache emptied: 26865928 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser.Rohit-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3807139 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07092014_215112

Files\Folders moved on Reboot...
C:\Users\Rohit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rohit\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 10th, 2014, 1:22 am

A. No problems executing instructions. But I do now see a _OTL folder now after running the fix script. It was located in my data partition, it wasn't there before.

C. SystemLook.txt log file

SystemLook 30.07.11 by jpshortstuff
Log created at 22:17 on 09/07/2014 by Rohit
Administrator - Elevation successful

========== filefind ==========

Searching for "*PureLeads*"
No files found.

Searching for "*Internet Download Manager*"
C:\zoek_backup\C_Users_Rohit_AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Internet Download Manager\Internet Download Manager.lnk --a---- 1049 bytes [19:02 08/07/2014] [19:43 22/06/2014] B3A908BBC333E4D53A84D66E1A447ECB

========== folderfind ==========

Searching for "*PureLeads*"
No folders found.

Searching for "*Internet Download Manager*"
C:\zoek_backup\C_PROGRA~2_Internet Download Manager d-a---- [19:02 08/07/2014]
C:\zoek_backup\C_Users_Rohit_AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Internet Download Manager d-a---- [19:02 08/07/2014]

========== Regfind ==========

Searching for "PureLeads"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
@="C:\Program Files (x86)\PureLeads\plsapp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
@="C:\Program Files (x86)\PureLeads"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
@="C:\Program Files (x86)\PureLeads\plsapp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
@="C:\Program Files (x86)\PureLeads"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32]
@=""C:\Program Files (x86)\PureLeads\plsapp.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
@="C:\Program Files (x86)\PureLeads\plsapp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
@="C:\Program Files (x86)\PureLeads"

Searching for "Internet Download Manager"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
@="C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
@="C:\Program Files (x86)\Internet Download Manager\IEExt.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\idmBroker.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\idmfsa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDManTypeInfo.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\idmfsa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
@="C:\Program Files (x86)\Internet Download Manager\idmfsa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMan.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32]
@=""C:\Program Files (x86)\Internet Download Manager\idmBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\idmBroker.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\idmfsa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDManTypeInfo.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\idmfsa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
@="C:\Program Files (x86)\Internet Download Manager\idmfsa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
@="C:\Program Files (x86)\Internet Download Manager\IDMan.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32]
@=""C:\Program Files (x86)\Internet Download Manager\idmBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\idmBroker.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\idmfsa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
@="C:\Program Files (x86)\Internet Download Manager\IDManTypeInfo.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
@="C:\Program Files (x86)\Internet Download Manager"
[HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
@="C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm"
[HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
@="C:\Program Files (x86)\Internet Download Manager\IEExt.htm"

-= EOF =-

D. No changes in computer behavior.
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby pgmigg » July 10th, 2014, 10:14 am

Hello greymatters,

Step 1.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 2.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 3.
Malwarebytes' Anti-Malware
As you have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using these settings:
  1. Launch Malwarebytes then click Update Now.
  2. Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  3. Press the Scan Now >> button.
  4. When the scan is finished:
  5. If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!". Then post it in your next reply and proceed with Step 4.
  6. If infections were found, click the Quarantine all button.
  7. Press the View detailed log >> link to display the results log.
  8. Press the Copy to Clipboard button.
  9. Copy and paste the scan results in your next reply and exit MBAM.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Sn].txt log file
  3. Contents of the JRT.txt log file
  4. Contents of the most recent C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2014-06-... file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 10th, 2014, 8:21 pm

A. No, so far so good.

edit: Could not open mbam nor find any recent scan log files.

B. AdwCleaner[S0].txt

# AdwCleaner v3.215 - Report created 10/07/2014 at 17:15:37
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rohit - ROHIT-PC
# Running from : E:\Rohit\Desktop\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Rohit\AppData\Roaming\Mozilla\Firefox\Profiles\cifsfaov.default-1402221153371\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2857 octets] - [10/07/2014 17:13:59]
AdwCleaner[S0].txt - [2699 octets] - [10/07/2014 17:15:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2759 octets] ##########
Last edited by greymatters on July 10th, 2014, 8:54 pm, edited 1 time in total.
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 10th, 2014, 8:32 pm

C. JRT.txt file

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Rohit on Thu 07/10/2014 at 17:23:45.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Rohit\AppData\Roaming\mozilla\firefox\profiles\cifsfaov.default-1402221153371\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/10/2014 at 17:30:50.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 10th, 2014, 8:53 pm

D. Malwarebytes scan

Can't open it still and also don't see any recent logs in that location

There is no programdata folder but there is a Malwarebytes folder in the ProgramFilesx86 folder, but even in there there were no log files.

Here's a screenshot of where I was looking at - http://i.imgur.com/hWrYqUf.jpg

E. Yes, I notice that when I try to download I get this pop up that says "Cannot transfer file to internet download manager. It's possible it's not installed. Would you like to install Internet Download Manger?" I just say no and download it the regular way through firefox, but that's a problem now.

screentshot of pop up - http://i.imgur.com/6pAmhBo.jpg
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 10th, 2014, 9:06 pm

I was looking at the AV report from when everything went bad and the scan says it was on 7/5/2014 around 7:23 pm, just like I remember it.

Location: Adware Generic5.AYPP in C:\Program Files (x86)\PureLeads\plsapp.dll

Probably should've mentioned that first. But just thought I mention it now in case you were curious.
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 10th, 2014, 11:02 pm

I'm also having a small side problem. Hear me out. I have this old guy who has been wanting to take this old tower from me and I told him I would give it to him after I wipe the drive. But I procrastinated for so long and I promised him I would get it done today. So I google on how to do that. And so I decide to burn the .iso for DBAN onto a cd and use that. But I need a program to burn an iso onto a cd and I tried downloading this one program recommend by the website (lifehacker) called imgburn. I went to official site and got it and AVG popped up saying

Found Threat MalSign.OpenCandy.7AF


So I let AVG get rid of it. And I didn't install it.

Downloaded it from another source (majorgeek) and got the same threat warning. so same thing.

So I try another program called CDBurnerXP (recommended by the DBAN website) from the official site. Same threat warning. So I let AVG get rid of it again.

I normally wouldn't bother you with this question since your already so graciously helping me with another problem and I may have even made a separate post but I feel really bad because I promised the guy. Are the programs actually safe and should I ignore the threat warning?

Note that I recently changed my AVG settings to "Report enhanced set of potentially unwanted programs" since that was recommended on this site to do so.
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby pgmigg » July 11th, 2014, 12:35 am

Hello greymatters,

I'm also having a small side problem. Hear me out. I have this old guy who has been wanting to take this old tower from me and I told him I would give it to him after I wipe the drive. But I procrastinated for so long and I promised him I would get it done today. So I google on how to do that. And so I decide to burn the .iso for DBAN onto a cd and use that. But I need a program to burn an iso onto a cd and I tried downloading this one program recommend by the website (lifehacker) called imgburn. I went to official site and got it and AVG popped up saying
. So I let AVG get rid of it. And I didn't install it.
Downloaded it from another source (majorgeek) and got the same threat warning. so same thing.
So I try another program called CDBurnerXP (recommended by the DBAN website) from the official site. Same threat warning. So I let AVG get rid of it again.
I normally wouldn't bother you with this question since your already so graciously helping me with another problem and I may have even made a separate post but I feel really bad because I promised the guy. Are the programs actually safe and should I ignore the threat warning?
Note that I recently changed my AVG settings to "Report enhanced set of potentially unwanted programs" since that was recommended on this site to do so
May I draw your attention to a part (very important part!) of my Welcome Post - please read again paragraph 4:

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 11th, 2014, 12:42 am

Well good thing I didn't install it then. Sorry, I thought it was only don't install and use any other removal tools. I guess old man will have to wait... but that's not your problem. Alright I won't do anything till this is all over.
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby pgmigg » July 11th, 2014, 1:14 am

Hello greymatters,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Processes
    IDMan.exe
    
    :Services
    IDMWFP
    
    :OTL:
    IE - HKU\S-1-5-21-2313399073-1067671750-3437962448-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2313399073-1067671750-3437962448-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-2313399073-1067671750-3437962448-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2313399073-1067671750-3437962448-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.80
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5 [2014/06/22 12:44:09 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5 [2014/06/22 12:44:09 | 000,000,000 | ---D | M]
    [2014/06/22 12:44:09 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ROHIT\APPDATA\ROAMING\IDM\IDMMZCC5
    O4 - HKU\S-1-5-21-2313399073-1067671750-3437962448-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm File not found
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm File not found
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm File not found
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm File not found
    [2014/06/25 12:58:07 | 000,000,000 | ---D | M] -- C:\Users\Rohit\AppData\Roaming\IDM
    
    :Files
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    C:\Users\Rohit\AppData\Roaming\IDM
    C:\Windows\SysNative\drivers\idmwfp.sys
    C:\ProgramData\IDM
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
    [-HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
    [-HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created,
    as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

D. Malwarebytes scan. Can't open it still and also don't see any recent logs in that location
Let deal with this issue too...

Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Malwarebytes Anti-Malware version 2.0.2.1012
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Please reboot your computer.

Step 3.
Malwarebytes' Anti-Malware Scan
Please download Malwarebytes' Anti-Malware and save to your desktop.
  1. Right-click mbam-setup.exe And select "Run as administrator..." then follow the prompts to install the program.
  2. At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (you can activate this when we've finished, if you wish)
  3. Then click Finish.
  4. You'll see an alert that "Databases out of date" Click the "Update Now" button.
  5. Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  6. Press the Scan Now >> button.
  7. When the scan is finished:
  8. If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!". Then post it in your next reply and exit MBAM.
  9. If infections were found, click the Quarantine all button.
  10. Press the View detailed log >> link to display the results log.
  11. Press the Copy to Clipboard button.
  12. Copy and paste the scan results in your next reply and exit MBAM.

E. Yes, I notice that when I try to download I get this pop up that says "Cannot transfer file to internet download manager. It's possible it's not installed. Would you like to install Internet Download Manger?" I just say no and download it the regular way through firefox, but that's a problem now.
My recommendation is not to use Internet Download Manager and download everything in regular way via your browsers!

Step 2.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all
    button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *PureLeads*
    *Internet Download Manager*
    *plsapp*
    *IDM*
    
    :folderfind
    *PureLeads*
    *Internet Download Manager*
    *IDM*
    
    :Regfind
    PureLeads
    Internet Download Manager
    IDM
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of results log after MBAM scan
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: connected to internet but browsers/malwarebytes won't wo

Unread postby greymatters » July 11th, 2014, 3:17 am

A. Uninstall of Mbam went good. However during installation I kept getting "runtime errors", I posted screenshots of the first one I got below. Then I think I skipped two (I thought it was the same one) and screenshot the rest when I realized they were different errors.

B. OTL log file (Run Fix)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
No active process named IDMan.exe was found!
========== SERVICES/DRIVERS ==========
Service IDMWFP stopped successfully!
Service IDMWFP deleted successfully!
Error: Unable to interpret <:OTL:> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2313399073-1067671750-3437962448-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2313399073-1067671750-3437962448-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2313399073-1067671750-3437962448-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2313399073-1067671750-3437962448-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.80> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5 [2014/06/22 12:44:09 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5 [2014/06/22 12:44:09 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <[2014/06/22 12:44:09 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ROHIT\APPDATA\ROAMING\IDM\IDMMZCC5> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2313399073-1067671750-3437962448-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm File not found> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm File not found> in the current context!
Error: Unable to interpret <[2014/06/25 12:58:07 | 000,000,000 | ---D | M] -- C:\Users\Rohit\AppData\Roaming\IDM> in the current context!
========== FILES ==========
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager not found.
C:\Users\Rohit\AppData\Roaming\IDM\Scheduler folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5\META-INF folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5\components2 folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5\components10 folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5\components folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5\chrome folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\idmmzcc5 folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\Grabber\Projects folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\Grabber folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\DwnlData\Rohit\layout.css_4 folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\DwnlData\Rohit\dp_collect_button-51a3ddb870de_15 folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\DwnlData\Rohit\audacity-win-2.0.5_25 folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\DwnlData\Rohit\a40-10_1-62_cdn13_com_14 folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\DwnlData\Rohit folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM\DwnlData folder moved successfully.
C:\Users\Rohit\AppData\Roaming\IDM folder moved successfully.
C:\Windows\SysNative\drivers\idmwfp.sys moved successfully.
C:\ProgramData\IDM folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR\ not found.
Registry key HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\ not found.
Registry key HKEY_USERS\S-1-5-21-2313399073-1067671750-3437962448-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rohit
->Temp folder emptied: 2230719 bytes
->Temporary Internet Files folder emptied: 3022869 bytes
->FireFox cache emptied: 67399363 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1086 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser.Rohit-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39295 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 69.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07112014_001351

Files\Folders moved on Reboot...
C:\Users\Rohit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rohit\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
greymatters
Regular Member
 
Posts: 37
Joined: July 7th, 2014, 9:32 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware