Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Proxy override...malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 5:06 pm

I also found malwarebytes logs, but they're all .xml
There is also a quarantine file in hitmanpro that is .xml.
There is a quarantine file in malwarebytes that has .data and .quar files.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 5:08 pm

Thank you for the posted files. For now I will not need these: Quarantine.txt or R0 thru R9 - any others I will specifically ask for them.
I was trying to make sure that the trojan.adh you had was in fact this one: trojan.adh
And not this one: trojan.adh.smh < a nasty one this is.
Yes, Slimware is the most likey suspect.

I will be back after an hour or so as I have a fix to write for you.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 6:30 pm

Hi fayfox

Please run the following:

Step 1.
Registry Backup (TCRB)
TCRB should still be on your desktop - if not;
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Pick in installer with this symbol:Image The big green button at the page top is an advertisement.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  4. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  5. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  6. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-765319908-1524800839-1392544109-1000\User: Group Policy Restriction detected <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:00D77978
AlternateDataStreams: C:\ProgramData\Temp:02CC0035
AlternateDataStreams: C:\ProgramData\Temp:036AA5DD
AlternateDataStreams: C:\ProgramData\Temp:064877B6
AlternateDataStreams: C:\ProgramData\Temp:0696EC8E
AlternateDataStreams: C:\ProgramData\Temp:06C34166
AlternateDataStreams: C:\ProgramData\Temp:07CBFAD5
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B
AlternateDataStreams: C:\ProgramData\Temp:0BACBDD9
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CEE6109
AlternateDataStreams: C:\ProgramData\Temp:0D454494
AlternateDataStreams: C:\ProgramData\Temp:0E10B960
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:0FAE191E
AlternateDataStreams: C:\ProgramData\Temp:101708D3
AlternateDataStreams: C:\ProgramData\Temp:109734F6
AlternateDataStreams: C:\ProgramData\Temp:10B970A9
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:11EF326F
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:12383CAE
AlternateDataStreams: C:\ProgramData\Temp:124322E4
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:1409277B
AlternateDataStreams: C:\ProgramData\Temp:14362DF8
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:15442FF2
AlternateDataStreams: C:\ProgramData\Temp:162E02F7
AlternateDataStreams: C:\ProgramData\Temp:16F24F2E
AlternateDataStreams: C:\ProgramData\Temp:17BBEBBB
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:19636FDD
AlternateDataStreams: C:\ProgramData\Temp:1999DD0A
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1CDEDE11
AlternateDataStreams: C:\ProgramData\Temp:1D5FADCD
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:1E726FBA
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:1EEB23AD
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:21527199
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:241FA548
AlternateDataStreams: C:\ProgramData\Temp:242E63C5
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:2679D5C1
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:27C3CD07
AlternateDataStreams: C:\ProgramData\Temp:29F0CA7D
AlternateDataStreams: C:\ProgramData\Temp:2A6DC3A2
AlternateDataStreams: C:\ProgramData\Temp:2A9AE786
AlternateDataStreams: C:\ProgramData\Temp:2AC146B9
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D133896
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:2F474C84
AlternateDataStreams: C:\ProgramData\Temp:2F8138B7
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:3118E26B
AlternateDataStreams: C:\ProgramData\Temp:313DE64F
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:3433021E
AlternateDataStreams: C:\ProgramData\Temp:351850A5
AlternateDataStreams: C:\ProgramData\Temp:3571475C
AlternateDataStreams: C:\ProgramData\Temp:35A1F1D2
AlternateDataStreams: C:\ProgramData\Temp:3807D082
AlternateDataStreams: C:\ProgramData\Temp:38F6DFA8
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:39EDBD33
AlternateDataStreams: C:\ProgramData\Temp:3B454A5C
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:3FD69132
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827
AlternateDataStreams: C:\ProgramData\Temp:4009F120
AlternateDataStreams: C:\ProgramData\Temp:409A775B
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:415E77AB
AlternateDataStreams: C:\ProgramData\Temp:426D1496
AlternateDataStreams: C:\ProgramData\Temp:426DA7EE
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:43AA121F
AlternateDataStreams: C:\ProgramData\Temp:43DA85AC
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:44E16D4A
AlternateDataStreams: C:\ProgramData\Temp:453190EC
AlternateDataStreams: C:\ProgramData\Temp:461BD06D
AlternateDataStreams: C:\ProgramData\Temp:46700142
AlternateDataStreams: C:\ProgramData\Temp:46CBC45C
AlternateDataStreams: C:\ProgramData\Temp:48BCFDB6
AlternateDataStreams: C:\ProgramData\Temp:48D2ED03
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:4BDE2F32
AlternateDataStreams: C:\ProgramData\Temp:4C16B46B
AlternateDataStreams: C:\ProgramData\Temp:4C21784C
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4D28BE4D
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4E4ABF17
AlternateDataStreams: C:\ProgramData\Temp:4EFA2FC7
AlternateDataStreams: C:\ProgramData\Temp:500F73A8
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:51E66512
AlternateDataStreams: C:\ProgramData\Temp:538B96B5
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:53DF59D1
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:553056F1
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:56F368C9
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57F8999E
AlternateDataStreams: C:\ProgramData\Temp:58481C6F
AlternateDataStreams: C:\ProgramData\Temp:58B3FE52
AlternateDataStreams: C:\ProgramData\Temp:59289B4E
AlternateDataStreams: C:\ProgramData\Temp:59C64924
AlternateDataStreams: C:\ProgramData\Temp:5A5477A9
AlternateDataStreams: C:\ProgramData\Temp:5B51C28F
AlternateDataStreams: C:\ProgramData\Temp:5C0CABC7
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5D570144
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:5EDB5EE9
AlternateDataStreams: C:\ProgramData\Temp:60E755E6
AlternateDataStreams: C:\ProgramData\Temp:60F6E37A
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:62ECBD75
AlternateDataStreams: C:\ProgramData\Temp:63C29481
AlternateDataStreams: C:\ProgramData\Temp:6444B424
AlternateDataStreams: C:\ProgramData\Temp:664852B0
AlternateDataStreams: C:\ProgramData\Temp:6764D965
AlternateDataStreams: C:\ProgramData\Temp:68899984
AlternateDataStreams: C:\ProgramData\Temp:68A56598
AlternateDataStreams: C:\ProgramData\Temp:68C981DB
AlternateDataStreams: C:\ProgramData\Temp:697C843D
AlternateDataStreams: C:\ProgramData\Temp:6A3BA499
AlternateDataStreams: C:\ProgramData\Temp:6A6D4AF4
AlternateDataStreams: C:\ProgramData\Temp:6B50A605
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6C74C778
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6DEB5611
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:70BDB805
AlternateDataStreams: C:\ProgramData\Temp:71612023
AlternateDataStreams: C:\ProgramData\Temp:71A89A93
AlternateDataStreams: C:\ProgramData\Temp:71B89F61
AlternateDataStreams: C:\ProgramData\Temp:71F04C26
AlternateDataStreams: C:\ProgramData\Temp:7247FE29
AlternateDataStreams: C:\ProgramData\Temp:73CF0D7D
AlternateDataStreams: C:\ProgramData\Temp:74091520
AlternateDataStreams: C:\ProgramData\Temp:751D6870
AlternateDataStreams: C:\ProgramData\Temp:757A3049
AlternateDataStreams: C:\ProgramData\Temp:76466F4C
AlternateDataStreams: C:\ProgramData\Temp:785C7C53
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:7BA83BF4
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7D2A8910
AlternateDataStreams: C:\ProgramData\Temp:7DC5D762
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:7F62E6D0
AlternateDataStreams: C:\ProgramData\Temp:831C6B2D
AlternateDataStreams: C:\ProgramData\Temp:834DD57E
AlternateDataStreams: C:\ProgramData\Temp:85345626
AlternateDataStreams: C:\ProgramData\Temp:85EA4795
AlternateDataStreams: C:\ProgramData\Temp:867812B2
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:87E0E06D
AlternateDataStreams: C:\ProgramData\Temp:88981452
AlternateDataStreams: C:\ProgramData\Temp:895C5142
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:8A737214
AlternateDataStreams: C:\ProgramData\Temp:8AED9359
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8BAD6F90
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F2D2441
AlternateDataStreams: C:\ProgramData\Temp:902C848D
AlternateDataStreams: C:\ProgramData\Temp:905BCB57
AlternateDataStreams: C:\ProgramData\Temp:9110335E
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:92CA7E75
AlternateDataStreams: C:\ProgramData\Temp:9338F136
AlternateDataStreams: C:\ProgramData\Temp:94878DD7
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:95198126
AlternateDataStreams: C:\ProgramData\Temp:96AFAB10
AlternateDataStreams: C:\ProgramData\Temp:9732698E
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:98982C88
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:997DA6D7
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:9C3AAD57
AlternateDataStreams: C:\ProgramData\Temp:9C4C9993
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D6EAEC3
AlternateDataStreams: C:\ProgramData\Temp:9D86EE01
AlternateDataStreams: C:\ProgramData\Temp:9EE6560D
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A13B696A
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A3750BE5
AlternateDataStreams: C:\ProgramData\Temp:A384652A
AlternateDataStreams: C:\ProgramData\Temp:A3F7C8F8
AlternateDataStreams: C:\ProgramData\Temp:A4CDE823
AlternateDataStreams: C:\ProgramData\Temp:A5264343
AlternateDataStreams: C:\ProgramData\Temp:A7B70C4E
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD
AlternateDataStreams: C:\ProgramData\Temp:A8185163
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A866F8A3
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:AABECEFB
AlternateDataStreams: C:\ProgramData\Temp:AB03533D
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E
AlternateDataStreams: C:\ProgramData\Temp:AC73CDCE
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AF2F9D4A
AlternateDataStreams: C:\ProgramData\Temp:B08E1EB8
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B190BE3A
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:B2FEAB71
AlternateDataStreams: C:\ProgramData\Temp:B3196E8D
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B648F38E
AlternateDataStreams: C:\ProgramData\Temp:B6E58523
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B73EC53A
AlternateDataStreams: C:\ProgramData\Temp:B762A0C2
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:B86927F0
AlternateDataStreams: C:\ProgramData\Temp:B88DC997
AlternateDataStreams: C:\ProgramData\Temp:B942A5C5
AlternateDataStreams: C:\ProgramData\Temp:BA46F44F
AlternateDataStreams: C:\ProgramData\Temp:BABA07C2
AlternateDataStreams: C:\ProgramData\Temp:BC076721
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD0A043E
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BDE93B22
AlternateDataStreams: C:\ProgramData\Temp:BDF08FAF
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2
AlternateDataStreams: C:\ProgramData\Temp:C07A6A6B
AlternateDataStreams: C:\ProgramData\Temp:C0913157
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C3702442
AlternateDataStreams: C:\ProgramData\Temp:C370B84F
AlternateDataStreams: C:\ProgramData\Temp:C37283B5
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C49A5AD1
AlternateDataStreams: C:\ProgramData\Temp:C5AE4E07
AlternateDataStreams: C:\ProgramData\Temp:C5EB4127
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C8182692
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA23BCFD
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:CB16385F
AlternateDataStreams: C:\ProgramData\Temp:CB299F13
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC45913B
AlternateDataStreams: C:\ProgramData\Temp:CC4C59B4
AlternateDataStreams: C:\ProgramData\Temp:CDCDE97C
AlternateDataStreams: C:\ProgramData\Temp:CE506F23
AlternateDataStreams: C:\ProgramData\Temp:D0AD4EA5
AlternateDataStreams: C:\ProgramData\Temp:D1D597D0
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:D93AABC7
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:DCA27D99
AlternateDataStreams: C:\ProgramData\Temp:DEDEEB2F
AlternateDataStreams: C:\ProgramData\Temp:DEEB5C70
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E33C786A
AlternateDataStreams: C:\ProgramData\Temp:E3615992
AlternateDataStreams: C:\ProgramData\Temp:E4272706
AlternateDataStreams: C:\ProgramData\Temp:E47BBD7B
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E66247BD
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:E8074E20
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E87CF820
AlternateDataStreams: C:\ProgramData\Temp:E900132A
AlternateDataStreams: C:\ProgramData\Temp:E9900C74
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EE2DD6CC
AlternateDataStreams: C:\ProgramData\Temp:EE7A6A39
AlternateDataStreams: C:\ProgramData\Temp:EE9B2879
AlternateDataStreams: C:\ProgramData\Temp:EEB25EAE
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5
AlternateDataStreams: C:\ProgramData\Temp:F135A76C
AlternateDataStreams: C:\ProgramData\Temp:F1F936DF
AlternateDataStreams: C:\ProgramData\Temp:F2B81C2E
AlternateDataStreams: C:\ProgramData\Temp:F2C34CD7
AlternateDataStreams: C:\ProgramData\Temp:F52A6209
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F72306CC
AlternateDataStreams: C:\ProgramData\Temp:F75FE298
AlternateDataStreams: C:\ProgramData\Temp:F817E159
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
AlternateDataStreams: C:\ProgramData\Temp:F8EBAB95
AlternateDataStreams: C:\ProgramData\Temp:F9153E10
AlternateDataStreams: C:\ProgramData\Temp:FAC7C0A8
AlternateDataStreams: C:\ProgramData\Temp:FACB65E7
AlternateDataStreams: C:\ProgramData\Temp:FB65A4AA
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
AlternateDataStreams: C:\ProgramData\Temp:FD11E093
AlternateDataStreams: C:\ProgramData\Temp:FD38E906
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FF9C44FE
AlternateDataStreams: C:\ProgramData\Temp:FFD38FD9
CreateRestorePoint:
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 7:20 pm

Took a looong time to shut down. Is that normal?
Sooo... I did have the trojan.adh on my computer?
By the way, thank you very much for your time and help. I truly appreciate it.

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Admin at 2015-07-20 18:51:48 Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-765319908-1524800839-1392544109-1000\User: Group Policy Restriction detected <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:00D77978
AlternateDataStreams: C:\ProgramData\Temp:02CC0035
AlternateDataStreams: C:\ProgramData\Temp:036AA5DD
AlternateDataStreams: C:\ProgramData\Temp:064877B6
AlternateDataStreams: C:\ProgramData\Temp:0696EC8E
AlternateDataStreams: C:\ProgramData\Temp:06C34166
AlternateDataStreams: C:\ProgramData\Temp:07CBFAD5
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B
AlternateDataStreams: C:\ProgramData\Temp:0BACBDD9
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CEE6109
AlternateDataStreams: C:\ProgramData\Temp:0D454494
AlternateDataStreams: C:\ProgramData\Temp:0E10B960
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:0FAE191E
AlternateDataStreams: C:\ProgramData\Temp:101708D3
AlternateDataStreams: C:\ProgramData\Temp:109734F6
AlternateDataStreams: C:\ProgramData\Temp:10B970A9
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:11EF326F
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:12383CAE
AlternateDataStreams: C:\ProgramData\Temp:124322E4
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:1409277B
AlternateDataStreams: C:\ProgramData\Temp:14362DF8
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:15442FF2
AlternateDataStreams: C:\ProgramData\Temp:162E02F7
AlternateDataStreams: C:\ProgramData\Temp:16F24F2E
AlternateDataStreams: C:\ProgramData\Temp:17BBEBBB
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:19636FDD
AlternateDataStreams: C:\ProgramData\Temp:1999DD0A
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1CDEDE11
AlternateDataStreams: C:\ProgramData\Temp:1D5FADCD
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:1E726FBA
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:1EEB23AD
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:21527199
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:241FA548
AlternateDataStreams: C:\ProgramData\Temp:242E63C5
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:2679D5C1
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:27C3CD07
AlternateDataStreams: C:\ProgramData\Temp:29F0CA7D
AlternateDataStreams: C:\ProgramData\Temp:2A6DC3A2
AlternateDataStreams: C:\ProgramData\Temp:2A9AE786
AlternateDataStreams: C:\ProgramData\Temp:2AC146B9
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D133896
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:2F474C84
AlternateDataStreams: C:\ProgramData\Temp:2F8138B7
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:3118E26B
AlternateDataStreams: C:\ProgramData\Temp:313DE64F
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:3433021E
AlternateDataStreams: C:\ProgramData\Temp:351850A5
AlternateDataStreams: C:\ProgramData\Temp:3571475C
AlternateDataStreams: C:\ProgramData\Temp:35A1F1D2
AlternateDataStreams: C:\ProgramData\Temp:3807D082
AlternateDataStreams: C:\ProgramData\Temp:38F6DFA8
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:39EDBD33
AlternateDataStreams: C:\ProgramData\Temp:3B454A5C
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:3FD69132
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827
AlternateDataStreams: C:\ProgramData\Temp:4009F120
AlternateDataStreams: C:\ProgramData\Temp:409A775B
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:415E77AB
AlternateDataStreams: C:\ProgramData\Temp:426D1496
AlternateDataStreams: C:\ProgramData\Temp:426DA7EE
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:43AA121F
AlternateDataStreams: C:\ProgramData\Temp:43DA85AC
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:44E16D4A
AlternateDataStreams: C:\ProgramData\Temp:453190EC
AlternateDataStreams: C:\ProgramData\Temp:461BD06D
AlternateDataStreams: C:\ProgramData\Temp:46700142
AlternateDataStreams: C:\ProgramData\Temp:46CBC45C
AlternateDataStreams: C:\ProgramData\Temp:48BCFDB6
AlternateDataStreams: C:\ProgramData\Temp:48D2ED03
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:4BDE2F32
AlternateDataStreams: C:\ProgramData\Temp:4C16B46B
AlternateDataStreams: C:\ProgramData\Temp:4C21784C
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4D28BE4D
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4E4ABF17
AlternateDataStreams: C:\ProgramData\Temp:4EFA2FC7
AlternateDataStreams: C:\ProgramData\Temp:500F73A8
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:51E66512
AlternateDataStreams: C:\ProgramData\Temp:538B96B5
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:53DF59D1
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:553056F1
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:56F368C9
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57F8999E
AlternateDataStreams: C:\ProgramData\Temp:58481C6F
AlternateDataStreams: C:\ProgramData\Temp:58B3FE52
AlternateDataStreams: C:\ProgramData\Temp:59289B4E
AlternateDataStreams: C:\ProgramData\Temp:59C64924
AlternateDataStreams: C:\ProgramData\Temp:5A5477A9
AlternateDataStreams: C:\ProgramData\Temp:5B51C28F
AlternateDataStreams: C:\ProgramData\Temp:5C0CABC7
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5D570144
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:5EDB5EE9
AlternateDataStreams: C:\ProgramData\Temp:60E755E6
AlternateDataStreams: C:\ProgramData\Temp:60F6E37A
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:62ECBD75
AlternateDataStreams: C:\ProgramData\Temp:63C29481
AlternateDataStreams: C:\ProgramData\Temp:6444B424
AlternateDataStreams: C:\ProgramData\Temp:664852B0
AlternateDataStreams: C:\ProgramData\Temp:6764D965
AlternateDataStreams: C:\ProgramData\Temp:68899984
AlternateDataStreams: C:\ProgramData\Temp:68A56598
AlternateDataStreams: C:\ProgramData\Temp:68C981DB
AlternateDataStreams: C:\ProgramData\Temp:697C843D
AlternateDataStreams: C:\ProgramData\Temp:6A3BA499
AlternateDataStreams: C:\ProgramData\Temp:6A6D4AF4
AlternateDataStreams: C:\ProgramData\Temp:6B50A605
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6C74C778
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6DEB5611
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:70BDB805
AlternateDataStreams: C:\ProgramData\Temp:71612023
AlternateDataStreams: C:\ProgramData\Temp:71A89A93
AlternateDataStreams: C:\ProgramData\Temp:71B89F61
AlternateDataStreams: C:\ProgramData\Temp:71F04C26
AlternateDataStreams: C:\ProgramData\Temp:7247FE29
AlternateDataStreams: C:\ProgramData\Temp:73CF0D7D
AlternateDataStreams: C:\ProgramData\Temp:74091520
AlternateDataStreams: C:\ProgramData\Temp:751D6870
AlternateDataStreams: C:\ProgramData\Temp:757A3049
AlternateDataStreams: C:\ProgramData\Temp:76466F4C
AlternateDataStreams: C:\ProgramData\Temp:785C7C53
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:7BA83BF4
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7D2A8910
AlternateDataStreams: C:\ProgramData\Temp:7DC5D762
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:7F62E6D0
AlternateDataStreams: C:\ProgramData\Temp:831C6B2D
AlternateDataStreams: C:\ProgramData\Temp:834DD57E
AlternateDataStreams: C:\ProgramData\Temp:85345626
AlternateDataStreams: C:\ProgramData\Temp:85EA4795
AlternateDataStreams: C:\ProgramData\Temp:867812B2
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:87E0E06D
AlternateDataStreams: C:\ProgramData\Temp:88981452
AlternateDataStreams: C:\ProgramData\Temp:895C5142
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:8A737214
AlternateDataStreams: C:\ProgramData\Temp:8AED9359
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8BAD6F90
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F2D2441
AlternateDataStreams: C:\ProgramData\Temp:902C848D
AlternateDataStreams: C:\ProgramData\Temp:905BCB57
AlternateDataStreams: C:\ProgramData\Temp:9110335E
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:92CA7E75
AlternateDataStreams: C:\ProgramData\Temp:9338F136
AlternateDataStreams: C:\ProgramData\Temp:94878DD7
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:95198126
AlternateDataStreams: C:\ProgramData\Temp:96AFAB10
AlternateDataStreams: C:\ProgramData\Temp:9732698E
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:98982C88
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:997DA6D7
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:9C3AAD57
AlternateDataStreams: C:\ProgramData\Temp:9C4C9993
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D6EAEC3
AlternateDataStreams: C:\ProgramData\Temp:9D86EE01
AlternateDataStreams: C:\ProgramData\Temp:9EE6560D
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A13B696A
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A3750BE5
AlternateDataStreams: C:\ProgramData\Temp:A384652A
AlternateDataStreams: C:\ProgramData\Temp:A3F7C8F8
AlternateDataStreams: C:\ProgramData\Temp:A4CDE823
AlternateDataStreams: C:\ProgramData\Temp:A5264343
AlternateDataStreams: C:\ProgramData\Temp:A7B70C4E
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD
AlternateDataStreams: C:\ProgramData\Temp:A8185163
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A866F8A3
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:AABECEFB
AlternateDataStreams: C:\ProgramData\Temp:AB03533D
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E
AlternateDataStreams: C:\ProgramData\Temp:AC73CDCE
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AF2F9D4A
AlternateDataStreams: C:\ProgramData\Temp:B08E1EB8
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B190BE3A
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:B2FEAB71
AlternateDataStreams: C:\ProgramData\Temp:B3196E8D
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B648F38E
AlternateDataStreams: C:\ProgramData\Temp:B6E58523
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B73EC53A
AlternateDataStreams: C:\ProgramData\Temp:B762A0C2
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:B86927F0
AlternateDataStreams: C:\ProgramData\Temp:B88DC997
AlternateDataStreams: C:\ProgramData\Temp:B942A5C5
AlternateDataStreams: C:\ProgramData\Temp:BA46F44F
AlternateDataStreams: C:\ProgramData\Temp:BABA07C2
AlternateDataStreams: C:\ProgramData\Temp:BC076721
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD0A043E
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BDE93B22
AlternateDataStreams: C:\ProgramData\Temp:BDF08FAF
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2
AlternateDataStreams: C:\ProgramData\Temp:C07A6A6B
AlternateDataStreams: C:\ProgramData\Temp:C0913157
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C3702442
AlternateDataStreams: C:\ProgramData\Temp:C370B84F
AlternateDataStreams: C:\ProgramData\Temp:C37283B5
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C49A5AD1
AlternateDataStreams: C:\ProgramData\Temp:C5AE4E07
AlternateDataStreams: C:\ProgramData\Temp:C5EB4127
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C8182692
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA23BCFD
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:CB16385F
AlternateDataStreams: C:\ProgramData\Temp:CB299F13
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC45913B
AlternateDataStreams: C:\ProgramData\Temp:CC4C59B4
AlternateDataStreams: C:\ProgramData\Temp:CDCDE97C
AlternateDataStreams: C:\ProgramData\Temp:CE506F23
AlternateDataStreams: C:\ProgramData\Temp:D0AD4EA5
AlternateDataStreams: C:\ProgramData\Temp:D1D597D0
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:D93AABC7
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:DCA27D99
AlternateDataStreams: C:\ProgramData\Temp:DEDEEB2F
AlternateDataStreams: C:\ProgramData\Temp:DEEB5C70
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E33C786A
AlternateDataStreams: C:\ProgramData\Temp:E3615992
AlternateDataStreams: C:\ProgramData\Temp:E4272706
AlternateDataStreams: C:\ProgramData\Temp:E47BBD7B
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E66247BD
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:E8074E20
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E87CF820
AlternateDataStreams: C:\ProgramData\Temp:E900132A
AlternateDataStreams: C:\ProgramData\Temp:E9900C74
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EE2DD6CC
AlternateDataStreams: C:\ProgramData\Temp:EE7A6A39
AlternateDataStreams: C:\ProgramData\Temp:EE9B2879
AlternateDataStreams: C:\ProgramData\Temp:EEB25EAE
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5
AlternateDataStreams: C:\ProgramData\Temp:F135A76C
AlternateDataStreams: C:\ProgramData\Temp:F1F936DF
AlternateDataStreams: C:\ProgramData\Temp:F2B81C2E
AlternateDataStreams: C:\ProgramData\Temp:F2C34CD7
AlternateDataStreams: C:\ProgramData\Temp:F52A6209
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F72306CC
AlternateDataStreams: C:\ProgramData\Temp:F75FE298
AlternateDataStreams: C:\ProgramData\Temp:F817E159
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
AlternateDataStreams: C:\ProgramData\Temp:F8EBAB95
AlternateDataStreams: C:\ProgramData\Temp:F9153E10
AlternateDataStreams: C:\ProgramData\Temp:FAC7C0A8
AlternateDataStreams: C:\ProgramData\Temp:FACB65E7
AlternateDataStreams: C:\ProgramData\Temp:FB65A4AA
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
AlternateDataStreams: C:\ProgramData\Temp:FD11E093
AlternateDataStreams: C:\ProgramData\Temp:FD38E906
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FF9C44FE
AlternateDataStreams: C:\ProgramData\Temp:FFD38FD9
CreateRestorePoint:
EmptyTemp:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-765319908-1524800839-1392544109-1000\User => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\ProgramData\Temp => ":000D6A25" ADS removed successfully.
C:\ProgramData\Temp => ":00D77978" ADS removed successfully.
C:\ProgramData\Temp => ":02CC0035" ADS removed successfully.
C:\ProgramData\Temp => ":036AA5DD" ADS removed successfully.
C:\ProgramData\Temp => ":064877B6" ADS removed successfully.
C:\ProgramData\Temp => ":0696EC8E" ADS removed successfully.
C:\ProgramData\Temp => ":06C34166" ADS removed successfully.
C:\ProgramData\Temp => ":07CBFAD5" ADS removed successfully.
C:\ProgramData\Temp => ":0915A718" ADS removed successfully.
C:\ProgramData\Temp => ":0AF6266B" ADS removed successfully.
C:\ProgramData\Temp => ":0BACBDD9" ADS removed successfully.
C:\ProgramData\Temp => ":0BBF232A" ADS removed successfully.
C:\ProgramData\Temp => ":0C2F9CC7" ADS removed successfully.
C:\ProgramData\Temp => ":0CEE6109" ADS removed successfully.
C:\ProgramData\Temp => ":0D454494" ADS removed successfully.
C:\ProgramData\Temp => ":0E10B960" ADS removed successfully.
C:\ProgramData\Temp => ":0E22C5DB" ADS removed successfully.
C:\ProgramData\Temp => ":0F64164E" ADS removed successfully.
C:\ProgramData\Temp => ":0FAE191E" ADS removed successfully.
C:\ProgramData\Temp => ":101708D3" ADS removed successfully.
C:\ProgramData\Temp => ":109734F6" ADS removed successfully.
C:\ProgramData\Temp => ":10B970A9" ADS removed successfully.
C:\ProgramData\Temp => ":11590865" ADS removed successfully.
C:\ProgramData\Temp => ":11EF326F" ADS removed successfully.
C:\ProgramData\Temp => ":12258D63" ADS removed successfully.
C:\ProgramData\Temp => ":1234ADAE" ADS removed successfully.
C:\ProgramData\Temp => ":12383CAE" ADS removed successfully.
C:\ProgramData\Temp => ":124322E4" ADS removed successfully.
C:\ProgramData\Temp => ":12A012A1" ADS removed successfully.
C:\ProgramData\Temp => ":1409277B" ADS removed successfully.
C:\ProgramData\Temp => ":14362DF8" ADS removed successfully.
C:\ProgramData\Temp => ":14A1BBE3" ADS removed successfully.
C:\ProgramData\Temp => ":15442FF2" ADS removed successfully.
C:\ProgramData\Temp => ":162E02F7" ADS removed successfully.
C:\ProgramData\Temp => ":16F24F2E" ADS removed successfully.
C:\ProgramData\Temp => ":17BBEBBB" ADS removed successfully.
C:\ProgramData\Temp => ":17C48B08" ADS removed successfully.
C:\ProgramData\Temp => ":18DEBC51" ADS removed successfully.
C:\ProgramData\Temp => ":195E8317" ADS removed successfully.
C:\ProgramData\Temp => ":19636FDD" ADS removed successfully.
C:\ProgramData\Temp => ":1999DD0A" ADS removed successfully.
C:\ProgramData\Temp => ":1A15E356" ADS removed successfully.
C:\ProgramData\Temp => ":1A4BF204" ADS removed successfully.
C:\ProgramData\Temp => ":1B47CB83" ADS removed successfully.
C:\ProgramData\Temp => ":1CDEDE11" ADS removed successfully.
C:\ProgramData\Temp => ":1D5FADCD" ADS removed successfully.
C:\ProgramData\Temp => ":1E17A249" ADS removed successfully.
C:\ProgramData\Temp => ":1E726FBA" ADS removed successfully.
C:\ProgramData\Temp => ":1ECED34B" ADS removed successfully.
C:\ProgramData\Temp => ":1EEB23AD" ADS removed successfully.
C:\ProgramData\Temp => ":2121613F" ADS removed successfully.
C:\ProgramData\Temp => ":21527199" ADS removed successfully.
C:\ProgramData\Temp => ":2211E7A0" ADS removed successfully.
C:\ProgramData\Temp => ":241FA548" ADS removed successfully.
C:\ProgramData\Temp => ":242E63C5" ADS removed successfully.
C:\ProgramData\Temp => ":24C072FF" ADS removed successfully.
C:\ProgramData\Temp => ":258D2F8B" ADS removed successfully.
C:\ProgramData\Temp => ":2679D5C1" ADS removed successfully.
C:\ProgramData\Temp => ":27A88EF2" ADS removed successfully.
C:\ProgramData\Temp => ":27C3CD07" ADS removed successfully.
C:\ProgramData\Temp => ":29F0CA7D" ADS removed successfully.
C:\ProgramData\Temp => ":2A6DC3A2" ADS removed successfully.
C:\ProgramData\Temp => ":2A9AE786" ADS removed successfully.
C:\ProgramData\Temp => ":2AC146B9" ADS removed successfully.
C:\ProgramData\Temp => ":2AE74FF9" ADS removed successfully.
C:\ProgramData\Temp => ":2B9555D8" ADS removed successfully.
C:\ProgramData\Temp => ":2C678471" ADS removed successfully.
C:\ProgramData\Temp => ":2C86E2AD" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":2D133896" ADS removed successfully.
C:\ProgramData\Temp => ":2E636DD9" ADS removed successfully.
C:\ProgramData\Temp => ":2F141B68" ADS removed successfully.
C:\ProgramData\Temp => ":2F474C84" ADS removed successfully.
C:\ProgramData\Temp => ":2F8138B7" ADS removed successfully.
C:\ProgramData\Temp => ":3086B95F" ADS removed successfully.
C:\ProgramData\Temp => ":3118E26B" ADS removed successfully.
C:\ProgramData\Temp => ":313DE64F" ADS removed successfully.
C:\ProgramData\Temp => ":31C9BA96" ADS removed successfully.
C:\ProgramData\Temp => ":3433021E" ADS removed successfully.
C:\ProgramData\Temp => ":351850A5" ADS removed successfully.
C:\ProgramData\Temp => ":3571475C" ADS removed successfully.
C:\ProgramData\Temp => ":35A1F1D2" ADS removed successfully.
C:\ProgramData\Temp => ":3807D082" ADS removed successfully.
C:\ProgramData\Temp => ":38F6DFA8" ADS removed successfully.
C:\ProgramData\Temp => ":38FF076E" ADS removed successfully.
C:\ProgramData\Temp => ":391535F9" ADS removed successfully.
C:\ProgramData\Temp => ":394EB021" ADS removed successfully.
C:\ProgramData\Temp => ":39EDBD33" ADS removed successfully.
C:\ProgramData\Temp => ":3B454A5C" ADS removed successfully.
C:\ProgramData\Temp => ":3BC173E4" ADS removed successfully.
C:\ProgramData\Temp => ":3C0887BF" ADS removed successfully.
C:\ProgramData\Temp => ":3CA557DB" ADS removed successfully.
C:\ProgramData\Temp => ":3CAE2A70" ADS removed successfully.
C:\ProgramData\Temp => ":3E06C78F" ADS removed successfully.
C:\ProgramData\Temp => ":3EC5BC08" ADS removed successfully.
C:\ProgramData\Temp => ":3FD69132" ADS removed successfully.
C:\ProgramData\Temp => ":3FE1A827" ADS removed successfully.
C:\ProgramData\Temp => ":4009F120" ADS removed successfully.
C:\ProgramData\Temp => ":409A775B" ADS removed successfully.
C:\ProgramData\Temp => ":41289DF0" ADS removed successfully.
C:\ProgramData\Temp => ":415E77AB" ADS removed successfully.
C:\ProgramData\Temp => ":426D1496" ADS removed successfully.
C:\ProgramData\Temp => ":426DA7EE" ADS removed successfully.
C:\ProgramData\Temp => ":432EC713" ADS removed successfully.
C:\ProgramData\Temp => ":43301D1D" ADS removed successfully.
C:\ProgramData\Temp => ":43AA121F" ADS removed successfully.
C:\ProgramData\Temp => ":43DA85AC" ADS removed successfully.
C:\ProgramData\Temp => ":43F5FA9D" ADS removed successfully.
C:\ProgramData\Temp => ":44E16D4A" ADS removed successfully.
C:\ProgramData\Temp => ":453190EC" ADS removed successfully.
C:\ProgramData\Temp => ":461BD06D" ADS removed successfully.
C:\ProgramData\Temp => ":46700142" ADS removed successfully.
C:\ProgramData\Temp => ":46CBC45C" ADS removed successfully.
C:\ProgramData\Temp => ":48BCFDB6" ADS removed successfully.
C:\ProgramData\Temp => ":48D2ED03" ADS removed successfully.
C:\ProgramData\Temp => ":491270B8" ADS removed successfully.
C:\ProgramData\Temp => ":4B244549" ADS removed successfully.
C:\ProgramData\Temp => ":4BDE2F32" ADS removed successfully.
C:\ProgramData\Temp => ":4C16B46B" ADS removed successfully.
C:\ProgramData\Temp => ":4C21784C" ADS removed successfully.
C:\ProgramData\Temp => ":4C9782FB" ADS removed successfully.
C:\ProgramData\Temp => ":4D28BE4D" ADS removed successfully.
C:\ProgramData\Temp => ":4DDE401B" ADS removed successfully.
C:\ProgramData\Temp => ":4E4ABF17" ADS removed successfully.
C:\ProgramData\Temp => ":4EFA2FC7" ADS removed successfully.
C:\ProgramData\Temp => ":500F73A8" ADS removed successfully.
C:\ProgramData\Temp => ":5133A494" ADS removed successfully.
C:\ProgramData\Temp => ":51E66512" ADS removed successfully.
C:\ProgramData\Temp => ":538B96B5" ADS removed successfully.
C:\ProgramData\Temp => ":53BA2DF6" ADS removed successfully.
C:\ProgramData\Temp => ":53DF59D1" ADS removed successfully.
C:\ProgramData\Temp => ":5453E5AF" ADS removed successfully.
C:\ProgramData\Temp => ":553056F1" ADS removed successfully.
C:\ProgramData\Temp => ":566B9179" ADS removed successfully.
C:\ProgramData\Temp => ":56F368C9" ADS removed successfully.
C:\ProgramData\Temp => ":57176330" ADS removed successfully.
C:\ProgramData\Temp => ":57F8999E" ADS removed successfully.
C:\ProgramData\Temp => ":58481C6F" ADS removed successfully.
C:\ProgramData\Temp => ":58B3FE52" ADS removed successfully.
C:\ProgramData\Temp => ":59289B4E" ADS removed successfully.
C:\ProgramData\Temp => ":59C64924" ADS removed successfully.
C:\ProgramData\Temp => ":5A5477A9" ADS removed successfully.
C:\ProgramData\Temp => ":5B51C28F" ADS removed successfully.
C:\ProgramData\Temp => ":5C0CABC7" ADS removed successfully.
C:\ProgramData\Temp => ":5C4A588B" ADS removed successfully.
C:\ProgramData\Temp => ":5D570144" ADS removed successfully.
C:\ProgramData\Temp => ":5E9B629B" ADS removed successfully.
C:\ProgramData\Temp => ":5EDB5EE9" ADS removed successfully.
C:\ProgramData\Temp => ":60E755E6" ADS removed successfully.
C:\ProgramData\Temp => ":60F6E37A" ADS removed successfully.
C:\ProgramData\Temp => ":6212DF7A" ADS removed successfully.
C:\ProgramData\Temp => ":62AF94A0" ADS removed successfully.
C:\ProgramData\Temp => ":62ECBD75" ADS removed successfully.
C:\ProgramData\Temp => ":63C29481" ADS removed successfully.
C:\ProgramData\Temp => ":6444B424" ADS removed successfully.
C:\ProgramData\Temp => ":664852B0" ADS removed successfully.
C:\ProgramData\Temp => ":6764D965" ADS removed successfully.
C:\ProgramData\Temp => ":68899984" ADS removed successfully.
C:\ProgramData\Temp => ":68A56598" ADS removed successfully.
C:\ProgramData\Temp => ":68C981DB" ADS removed successfully.
C:\ProgramData\Temp => ":697C843D" ADS removed successfully.
C:\ProgramData\Temp => ":6A3BA499" ADS removed successfully.
C:\ProgramData\Temp => ":6A6D4AF4" ADS removed successfully.
C:\ProgramData\Temp => ":6B50A605" ADS removed successfully.
C:\ProgramData\Temp => ":6BD304B9" ADS removed successfully.
C:\ProgramData\Temp => ":6C74C778" ADS removed successfully.
C:\ProgramData\Temp => ":6DDFD746" ADS removed successfully.
C:\ProgramData\Temp => ":6DEB5611" ADS removed successfully.
C:\ProgramData\Temp => ":6EE8565A" ADS removed successfully.
C:\ProgramData\Temp => ":70BDB805" ADS removed successfully.
C:\ProgramData\Temp => ":71612023" ADS removed successfully.
C:\ProgramData\Temp => ":71A89A93" ADS removed successfully.
C:\ProgramData\Temp => ":71B89F61" ADS removed successfully.
C:\ProgramData\Temp => ":71F04C26" ADS removed successfully.
C:\ProgramData\Temp => ":7247FE29" ADS removed successfully.
C:\ProgramData\Temp => ":73CF0D7D" ADS removed successfully.
C:\ProgramData\Temp => ":74091520" ADS removed successfully.
C:\ProgramData\Temp => ":751D6870" ADS removed successfully.
C:\ProgramData\Temp => ":757A3049" ADS removed successfully.
C:\ProgramData\Temp => ":76466F4C" ADS removed successfully.
C:\ProgramData\Temp => ":785C7C53" ADS removed successfully.
C:\ProgramData\Temp => ":78E0DF72" ADS removed successfully.
C:\ProgramData\Temp => ":7BA83BF4" ADS removed successfully.
C:\ProgramData\Temp => ":7D288858" ADS removed successfully.
C:\ProgramData\Temp => ":7D2A8910" ADS removed successfully.
C:\ProgramData\Temp => ":7DC5D762" ADS removed successfully.
C:\ProgramData\Temp => ":7EC01D6D" ADS removed successfully.
C:\ProgramData\Temp => ":7F62E6D0" ADS removed successfully.
C:\ProgramData\Temp => ":831C6B2D" ADS removed successfully.
C:\ProgramData\Temp => ":834DD57E" ADS removed successfully.
C:\ProgramData\Temp => ":85345626" ADS removed successfully.
C:\ProgramData\Temp => ":85EA4795" ADS removed successfully.
C:\ProgramData\Temp => ":867812B2" ADS removed successfully.
C:\ProgramData\Temp => ":87A3A233" ADS removed successfully.
C:\ProgramData\Temp => ":87E0E06D" ADS removed successfully.
C:\ProgramData\Temp => ":88981452" ADS removed successfully.
C:\ProgramData\Temp => ":895C5142" ADS removed successfully.
C:\ProgramData\Temp => ":8967C154" ADS removed successfully.
C:\ProgramData\Temp => ":8A737214" ADS removed successfully.
C:\ProgramData\Temp => ":8AED9359" ADS removed successfully.
C:\ProgramData\Temp => ":8B3C3098" ADS removed successfully.
C:\ProgramData\Temp => ":8BAD6F90" ADS removed successfully.
C:\ProgramData\Temp => ":8BE7A048" ADS removed successfully.
C:\ProgramData\Temp => ":8DA9DB01" ADS removed successfully.
C:\ProgramData\Temp => ":8E5EA40F" ADS removed successfully.
C:\ProgramData\Temp => ":8F2D2441" ADS removed successfully.
C:\ProgramData\Temp => ":902C848D" ADS removed successfully.
C:\ProgramData\Temp => ":905BCB57" ADS removed successfully.
C:\ProgramData\Temp => ":9110335E" ADS removed successfully.
C:\ProgramData\Temp => ":927EC486" ADS removed successfully.
C:\ProgramData\Temp => ":92CA7E75" ADS removed successfully.
C:\ProgramData\Temp => ":9338F136" ADS removed successfully.
C:\ProgramData\Temp => ":94878DD7" ADS removed successfully.
C:\ProgramData\Temp => ":94B46CA2" ADS removed successfully.
C:\ProgramData\Temp => ":95198126" ADS removed successfully.
C:\ProgramData\Temp => ":96AFAB10" ADS removed successfully.
C:\ProgramData\Temp => ":9732698E" ADS removed successfully.
C:\ProgramData\Temp => ":97CA3B9E" ADS removed successfully.
C:\ProgramData\Temp => ":98982C88" ADS removed successfully.
C:\ProgramData\Temp => ":993185CB" ADS removed successfully.
C:\ProgramData\Temp => ":997DA6D7" ADS removed successfully.
C:\ProgramData\Temp => ":99AC3203" ADS removed successfully.
C:\ProgramData\Temp => ":9A8F071F" ADS removed successfully.
C:\ProgramData\Temp => ":9BB8C675" ADS removed successfully.
C:\ProgramData\Temp => ":9C3AAD57" ADS removed successfully.
C:\ProgramData\Temp => ":9C4C9993" ADS removed successfully.
C:\ProgramData\Temp => ":9C7A32BB" ADS removed successfully.
C:\ProgramData\Temp => ":9D03192E" ADS removed successfully.
C:\ProgramData\Temp => ":9D6EAEC3" ADS removed successfully.
C:\ProgramData\Temp => ":9D86EE01" ADS removed successfully.
C:\ProgramData\Temp => ":9EE6560D" ADS removed successfully.
C:\ProgramData\Temp => ":9F3CEEE6" ADS removed successfully.
C:\ProgramData\Temp => ":A0921B2C" ADS removed successfully.
C:\ProgramData\Temp => ":A1023D41" ADS removed successfully.
C:\ProgramData\Temp => ":A13B696A" ADS removed successfully.
C:\ProgramData\Temp => ":A1A86E40" ADS removed successfully.
C:\ProgramData\Temp => ":A3750BE5" ADS removed successfully.
C:\ProgramData\Temp => ":A384652A" ADS removed successfully.
C:\ProgramData\Temp => ":A3F7C8F8" ADS removed successfully.
C:\ProgramData\Temp => ":A4CDE823" ADS removed successfully.
C:\ProgramData\Temp => ":A5264343" ADS removed successfully.
C:\ProgramData\Temp => ":A7B70C4E" ADS removed successfully.
C:\ProgramData\Temp => ":A7DA2BCD" ADS removed successfully.
C:\ProgramData\Temp => ":A8185163" ADS removed successfully.
C:\ProgramData\Temp => ":A819A132" ADS removed successfully.
C:\ProgramData\Temp => ":A851461E" ADS removed successfully.
C:\ProgramData\Temp => ":A866F8A3" ADS removed successfully.
C:\ProgramData\Temp => ":A9562832" ADS removed successfully.
C:\ProgramData\Temp => ":A9F13D2D" ADS removed successfully.
C:\ProgramData\Temp => ":AA0017FD" ADS removed successfully.
C:\ProgramData\Temp => ":AAA06E15" ADS removed successfully.
C:\ProgramData\Temp => ":AABECEFB" ADS removed successfully.
C:\ProgramData\Temp => ":AB03533D" ADS removed successfully.
C:\ProgramData\Temp => ":ABFEED8E" ADS removed successfully.
C:\ProgramData\Temp => ":AC73CDCE" ADS removed successfully.
C:\ProgramData\Temp => ":AE34D87E" ADS removed successfully.
C:\ProgramData\Temp => ":AF2F9D4A" ADS removed successfully.
C:\ProgramData\Temp => ":B08E1EB8" ADS removed successfully.
C:\ProgramData\Temp => ":B1381B34" ADS removed successfully.
C:\ProgramData\Temp => ":B1786630" ADS removed successfully.
C:\ProgramData\Temp => ":B190BE3A" ADS removed successfully.
C:\ProgramData\Temp => ":B1E64E47" ADS removed successfully.
C:\ProgramData\Temp => ":B1FBBD09" ADS removed successfully.
C:\ProgramData\Temp => ":B2FEAB71" ADS removed successfully.
C:\ProgramData\Temp => ":B3196E8D" ADS removed successfully.
C:\ProgramData\Temp => ":B54E4B5A" ADS removed successfully.
C:\ProgramData\Temp => ":B61767F5" ADS removed successfully.
C:\ProgramData\Temp => ":B648F38E" ADS removed successfully.
C:\ProgramData\Temp => ":B6E58523" ADS removed successfully.
C:\ProgramData\Temp => ":B6E6C4EA" ADS removed successfully.
C:\ProgramData\Temp => ":B73EC53A" ADS removed successfully.
C:\ProgramData\Temp => ":B762A0C2" ADS removed successfully.
C:\ProgramData\Temp => ":B790962B" ADS removed successfully.
C:\ProgramData\Temp => ":B86927F0" ADS removed successfully.
C:\ProgramData\Temp => ":B88DC997" ADS removed successfully.
C:\ProgramData\Temp => ":B942A5C5" ADS removed successfully.
C:\ProgramData\Temp => ":BA46F44F" ADS removed successfully.
C:\ProgramData\Temp => ":BABA07C2" ADS removed successfully.
C:\ProgramData\Temp => ":BC076721" ADS removed successfully.
C:\ProgramData\Temp => ":BC8E9899" ADS removed successfully.
C:\ProgramData\Temp => ":BCFEA004" ADS removed successfully.
C:\ProgramData\Temp => ":BD0A043E" ADS removed successfully.
C:\ProgramData\Temp => ":BD27B7FC" ADS removed successfully.
C:\ProgramData\Temp => ":BDE93B22" ADS removed successfully.
C:\ProgramData\Temp => ":BDF08FAF" ADS removed successfully.
C:\ProgramData\Temp => ":BF6A2C54" ADS removed successfully.
C:\ProgramData\Temp => ":BF6C81B2" ADS removed successfully.
C:\ProgramData\Temp => ":C07A6A6B" ADS removed successfully.
C:\ProgramData\Temp => ":C0913157" ADS removed successfully.
C:\ProgramData\Temp => ":C0A9B815" ADS removed successfully.
C:\ProgramData\Temp => ":C3702442" ADS removed successfully.
C:\ProgramData\Temp => ":C370B84F" ADS removed successfully.
C:\ProgramData\Temp => ":C37283B5" ADS removed successfully.
C:\ProgramData\Temp => ":C46848E8" ADS removed successfully.
C:\ProgramData\Temp => ":C49A5AD1" ADS removed successfully.
C:\ProgramData\Temp => ":C5AE4E07" ADS removed successfully.
C:\ProgramData\Temp => ":C5EB4127" ADS removed successfully.
C:\ProgramData\Temp => ":C611D6C8" ADS removed successfully.
C:\ProgramData\Temp => ":C6920A5D" ADS removed successfully.
C:\ProgramData\Temp => ":C76CFF82" ADS removed successfully.
C:\ProgramData\Temp => ":C8182692" ADS removed successfully.
C:\ProgramData\Temp => ":C98828D3" ADS removed successfully.
C:\ProgramData\Temp => ":C9B27A06" ADS removed successfully.
C:\ProgramData\Temp => ":C9BC8592" ADS removed successfully.
C:\ProgramData\Temp => ":CA0CE093" ADS removed successfully.
C:\ProgramData\Temp => ":CA23BCFD" ADS removed successfully.
C:\ProgramData\Temp => ":CA400C1B" ADS removed successfully.
C:\ProgramData\Temp => ":CA7E8F16" ADS removed successfully.
C:\ProgramData\Temp => ":CAC06C34" ADS removed successfully.
C:\ProgramData\Temp => ":CB0FEE2B" ADS removed successfully.
C:\ProgramData\Temp => ":CB16385F" ADS removed successfully.
C:\ProgramData\Temp => ":CB299F13" ADS removed successfully.
C:\ProgramData\Temp => ":CBAF0C30" ADS removed successfully.
C:\ProgramData\Temp => ":CC45913B" ADS removed successfully.
C:\ProgramData\Temp => ":CC4C59B4" ADS removed successfully.
C:\ProgramData\Temp => ":CDCDE97C" ADS removed successfully.
C:\ProgramData\Temp => ":CE506F23" ADS removed successfully.
C:\ProgramData\Temp => ":D0AD4EA5" ADS removed successfully.
C:\ProgramData\Temp => ":D1D597D0" ADS removed successfully.
C:\ProgramData\Temp => ":D5BF78B4" ADS removed successfully.
C:\ProgramData\Temp => ":D6D084A5" ADS removed successfully.
C:\ProgramData\Temp => ":D7C0213D" ADS removed successfully.
C:\ProgramData\Temp => ":D8A1AC56" ADS removed successfully.
C:\ProgramData\Temp => ":D8AE9DD1" ADS removed successfully.
C:\ProgramData\Temp => ":D93AABC7" ADS removed successfully.
C:\ProgramData\Temp => ":D987CB43" ADS removed successfully.
C:\ProgramData\Temp => ":DCA27D99" ADS removed successfully.
C:\ProgramData\Temp => ":DEDEEB2F" ADS removed successfully.
C:\ProgramData\Temp => ":DEEB5C70" ADS removed successfully.
C:\ProgramData\Temp => ":E0A09032" ADS removed successfully.
C:\ProgramData\Temp => ":E33C786A" ADS removed successfully.
C:\ProgramData\Temp => ":E3615992" ADS removed successfully.
C:\ProgramData\Temp => ":E4272706" ADS removed successfully.
C:\ProgramData\Temp => ":E47BBD7B" ADS removed successfully.
C:\ProgramData\Temp => ":E5BA9ADD" ADS removed successfully.
C:\ProgramData\Temp => ":E66247BD" ADS removed successfully.
C:\ProgramData\Temp => ":E6C6EB3B" ADS removed successfully.
C:\ProgramData\Temp => ":E8074E20" ADS removed successfully.
C:\ProgramData\Temp => ":E87AB4E3" ADS removed successfully.
C:\ProgramData\Temp => ":E87CF820" ADS removed successfully.
C:\ProgramData\Temp => ":E900132A" ADS removed successfully.
C:\ProgramData\Temp => ":E9900C74" ADS removed successfully.
C:\ProgramData\Temp => ":E99D1D3C" ADS removed successfully.
C:\ProgramData\Temp => ":EA7D76BE" ADS removed successfully.
C:\ProgramData\Temp => ":EBCF5924" ADS removed successfully.
C:\ProgramData\Temp => ":ED194880" ADS removed successfully.
C:\ProgramData\Temp => ":ED51D3ED" ADS removed successfully.
C:\ProgramData\Temp => ":ED6B6C83" ADS removed successfully.
C:\ProgramData\Temp => ":EDDBC69E" ADS removed successfully.
C:\ProgramData\Temp => ":EE2DD6CC" ADS removed successfully.
C:\ProgramData\Temp => ":EE7A6A39" ADS removed successfully.
C:\ProgramData\Temp => ":EE9B2879" ADS removed successfully.
C:\ProgramData\Temp => ":EEB25EAE" ADS removed successfully.
C:\ProgramData\Temp => ":F0E908D5" ADS removed successfully.
C:\ProgramData\Temp => ":F135A76C" ADS removed successfully.
C:\ProgramData\Temp => ":F1F936DF" ADS removed successfully.
C:\ProgramData\Temp => ":F2B81C2E" ADS removed successfully.
C:\ProgramData\Temp => ":F2C34CD7" ADS removed successfully.
C:\ProgramData\Temp => ":F52A6209" ADS removed successfully.
C:\ProgramData\Temp => ":F5FC5DCE" ADS removed successfully.
C:\ProgramData\Temp => ":F68CB1A4" ADS removed successfully.
C:\ProgramData\Temp => ":F72306CC" ADS removed successfully.
C:\ProgramData\Temp => ":F75FE298" ADS removed successfully.
C:\ProgramData\Temp => ":F817E159" ADS removed successfully.
C:\ProgramData\Temp => ":F84B8DB5" ADS removed successfully.
C:\ProgramData\Temp => ":F8EBAB95" ADS removed successfully.
C:\ProgramData\Temp => ":F9153E10" ADS removed successfully.
C:\ProgramData\Temp => ":FAC7C0A8" ADS removed successfully.
C:\ProgramData\Temp => ":FACB65E7" ADS removed successfully.
C:\ProgramData\Temp => ":FB65A4AA" ADS removed successfully.
C:\ProgramData\Temp => ":FBA79096" ADS removed successfully.
C:\ProgramData\Temp => ":FBD274CF" ADS removed successfully.
C:\ProgramData\Temp => ":FD11E093" ADS removed successfully.
C:\ProgramData\Temp => ":FD38E906" ADS removed successfully.
C:\ProgramData\Temp => ":FD786DCA" ADS removed successfully.
C:\ProgramData\Temp => ":FF9C44FE" ADS removed successfully.
C:\ProgramData\Temp => ":FFD38FD9" ADS removed successfully.
Restore point was successfully created.
EmptyTemp: => 5 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 19:04:35 ====
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 7:37 pm

How is the computer running?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 7:38 pm

Hi fayfox,

Please run this:

ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 7:51 pm

Hey~
Seems to be running fine. After I did what I did first before you started helping me, it would take a few hours before it froze up. But freeze it would, every time.
Just want to be clear on the instructions...you want me to disable my antivirus first and then download ESET online scanner?
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 8:23 pm

Yes, follow the instructions as provided.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 21st, 2015, 12:14 am

Hey, ah, I don't see how to copy the log file on eset. The are two things I can do.
1. I can click on list of found threats and export to text file
2. Finish
Is the list of found threats the log file?
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » July 21st, 2015, 5:12 am

Morning!
I have not clicked Finish on ESET in case it closes application. Below is first the log file, per the path you specified. Second is the list of found threats I copied. Again, I don't see how to copy the log file. Sorry.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 24896




C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\fay\AppData\LocalLow\bfgbartb\BfgBarTb_2.2.0.10.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\fay\AppData\LocalLow\bfgbartb\Update\Normal\bfg-update20200010.zip a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\fay\AppData\LocalLow\bfgbartb\Update\Silent\bfg-update20200010.zip a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\fay\Downloads\bfgtb_2.1.0.13.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » July 21st, 2015, 6:51 am

Many apologies for the mix up in file location.
Try looking here: C:\Program Files (x86)\ESET\ESET Online Scanner
For this: log.txt
Post the contents of the log please.

Ans yes you may click finish to close the application. The log is a simple text file which should open with notepad.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 21st, 2015, 7:07 am

That is actually where I went, and the file I previously posted is it.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 24896
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » July 21st, 2015, 7:11 am

Post the complete unedited file in its entirety. You are only posting pieces of the file.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 21st, 2015, 7:15 am

No, that is it. That's all to the file. I still haven't closed ESET either.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Proxy override....malware?

Unread postby fayfox » July 21st, 2015, 7:26 am

Unfortunately, I have to leave for work...sigh. On a wonderful note, I'm actually able to use my computer while Vipre is doing a deep scan. It hasn't locked up once. Usually after being left on all night, and then a scan running, I have to do a hard shut down. Awesome!!!!!!
I'm gonna have to do that ESET again aren't I? Crudsickles. that took forever.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware