Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Miserable computer face, Blue with frustration.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 10th, 2018, 5:23 pm

hello, my name is Dave, my computer seems to be extremely UNHAPPY, it often errors with a very unhappy face with a blue screen, then it restarts itself. This will happen while in the middle of using the computer, if it happens while I am shutting the computer down it is sometimes hard to boot the computer down there will be a pop up stating that it did not find it's booting info. but after I remove the battery a time or two I'll eventually get it to start up. I did get a chance to write down the code. thanks for your help and here is the attachments for the Frst.txt and Addition.txt
You do not have the required permissions to view the files attached to this post.
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm
Advertisement
Register to Remove

Re: Miserable computer face, Blue with frustration.

Unread postby pgmigg » August 14th, 2018, 11:56 am

Hello EnterDavysLocker,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Miserable computer face, Blue with frustration.

Unread postby pgmigg » August 14th, 2018, 12:03 pm

Hello EnterDavysLocker,

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 14th, 2018, 11:53 pm

Hello pgmigg, thank you sooooo much for your time in helping it is greatly appreciated. you questions: This computer is used for home use only, not for a business at all, however, my child does home study on the computer but no other educational network. I did not have any problems following your instructions I printed them out. below is the attachments for the scans you requested, again, thank you for helping. here is the scans you requested. I HOPE. CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\amnesia - the dark descent\redist\sounds\11\11_glass_crack.snt
c:\program files (x86)\amnesia - the dark descent\redist\sounds\11\11_glass_crack01.ogg
c:\program files (x86)\amnesia - the dark descent\redist\sounds\11\11_glass_crack02.ogg
c:\program files (x86)\amnesia - the dark descent\redist\sounds\11\11_glass_crack03.ogg
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.mat
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.mat
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.mat
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.mat
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_nrm.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_spec.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.msh
c:\program files (x86)\dark tales - edgar allan poes the premature burial\data\scripts\scenes\26_kitchen\26_kitchen_zoom_crack.lua
c:\program files (x86)\dark tales - edgar allan poes the premature burial\data\scripts\scenes\26_kitchen\26_kitchen_zoom_crack_anim.lua
c:\program files (x86)\dark tales - edgar allan poes the premature burial\data\sound\scenes\28_corridor_ho\28_ho_crack.ogg
c:\program files (x86)\grim tales - the legacy\assets\levels\level\fallen_tree\subroom_crack\anims\use_awl.ogg
c:\program files (x86)\grim tales - the legacy\assets\levels\level\fallen_tree\subroom_crack\anims\use_awl.zalpha
c:\program files (x86)\haunted halls - green hills sanitarium\data\scripts\scenes\02_main_building_entrance_zoom_wallcrack.lua
c:\program files (x86)\haunted halls - green hills sanitarium\data\sound\02_main_building_entrance\insect_in_crack.ogg
c:\program files (x86)\oxxogames\vivagplayer\catalog\vaultcracker.stg
c:\program files (x86)\oxxogames\vivagplayer\install\catalog_vaultcracker.hdr
c:\program files (x86)\oxxogames\vivagplayer\install\catalog_vaultcracker.log
c:\program files (x86)\redemption cemetery - curse of the raven\data\sound\28_testament_mg\put_nutcrackers.ogg
c:\program files (x86)\redemption cemetery - salvation of the lost\data\sounds\scenes\20_reception\20_apply_nutcracker.ogg
c:\program files (x86)\spirits of mystery - song of the phoenix\data\sound\scenes\23_throne_room\23_crackingglass.ogg
c:\program files (x86)\viva media\echoes of sorrow\sounds\sfx\s_0067_glasscrackle.ogg
scanner sequence 3.ZZ.11.JPCPV0
----- EOF -----
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
Processor Count: 4
RAM: 3537 Mb
Graphics Card: AMD Radeon HD 8330, 512 Mb
Hard Drives: C: 446 GB (337 GB Free); D: 18 GB (1 GB Free);
Motherboard: Hewlett-Packard, 21F7
Antivirus: Kaspersky Anti-Virus, Disabled

Codecheck Version 1.0

08014
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm

Re: Miserable computer face, Blue with frustration.

Unread postby pgmigg » August 15th, 2018, 12:40 pm

Hello Dave,

Please read my instructions carefully and follow all steps literally without making any random movements.
While we work together please refrain from downloading/installing any software unless I instruct you to do so.
I advise you to save all tools on your desktop to make it easier to access them, and sometimes this is just a necessary condition for their work.
Any wrong command or accidentally pressed button can lead to irreversible consequences.
If you doubt something, ask the question, without trying to run different options yourself.
Do not hurry, but read and do it quietly - I hope that in this way we will cope with any infection. :)


Let's start some treatment for your computer...

Step 1.
Create a Backup With Tweaking.com Registry Backup (TCRB)
  1. Please download TCRB from HERE and save tweaking.com_registry_backup_setup.exe to your Desktop.
  2. Double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  3. Launch TCRB.
  4. Click on the Backup Registry tab and tab and make sure all the boxes are checked.
  5. Press on Backup Now button.
  6. Wait until the backup is complete and exit the program.
< STOP > Do not proceed any further if you were not able to create a registry backup. Post back with what happened so we can determine why it was unsuccessful.

Step 2.
Remove Programs
  1. Please press the Windows Key + R.
  2. Enter appwiz.cpl into the text box and click OK.
  3. Locate the following programs:
    Muvic Smartbar
    Muvic Smartbar Engine
  4. Click on the Change/Remove button to uninstall it, then repeat it for every entry in this list.
  5. When the programs have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.

Step 3.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM-x32\...\Run: [fst_us_143] => [X]
    HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe" 
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
    ProxyServer: [.DEFAULT] => 1
    AutoConfigURL: [.DEFAULT] => file://C:/Users/CrisYouSasyMedic/AppData/Local/LPT/NewConfig.txt
    ProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
    AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] => file://C:/Users/CrisYouSasyMedic/AppData/Local/LPT/NewConfig.txt
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sI9KCYqB5_pjxa3Wij2s2bTLp6N7jJBcdJwZ311GW516UswWsJFdEbWi_6uNVdmU-Zx1j8-VygoeXeZyfVf0WBe3H91G_hz5PzT8Kg1f5wodu9sgZYShH5Ism5nYHk,&q={searchTerms}
    HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.facebook.com/topic/Philip-Seymour-Hoffman/108351132526165?source=whfrt&position=1&trqid=6039082446727169189
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sI9KCYqB5_pjxa3Wij2s2bTLp6N7jJBcdJwZ311GW516UswWsJFdEbWi_6uNVdmU-Zx1j8-VygoeXeZyfVf0WBe3H91G_hz5PzT8Kg1f5wodu9sgZYShH5Ism5nYHk,&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\TAInstaller.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\vlc-2.2.6-win32.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\vlc-3.0.3-win32.exe
    AlternateDataStreams: C:\ProgramData\Temp:11590865 [177]
    AlternateDataStreams: C:\ProgramData\Temp:1416AAA6 [330]
    AlternateDataStreams: C:\ProgramData\Temp:2AD33723 [162]
    AlternateDataStreams: C:\ProgramData\Temp:2AF322BF [312]
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\Temp:363E775E [182]
    AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08 [344]
    AlternateDataStreams: C:\ProgramData\Temp:491270B8 [314]
    AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [182]
    AlternateDataStreams: C:\ProgramData\Temp:6B709AD7 [346]
    AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [382]
    AlternateDataStreams: C:\ProgramData\Temp:98CF1A39 [189]
    AlternateDataStreams: C:\ProgramData\Temp:9DBE6481 [130]
    AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D [165]
    AlternateDataStreams: C:\ProgramData\Temp:A6D6E537 [177]
    AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [334]
    AlternateDataStreams: C:\ProgramData\Temp:A88BE334 [316]
    AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A [342]
    AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA [179]
    AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B [364]
    AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [294]
    AlternateDataStreams: C:\ProgramData\Temp:C3899C0B [171]
    AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [178]
    AlternateDataStreams: C:\ProgramData\Temp:CAC06C34 [177]
    AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [183]
    AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [384]
    AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [155]
    AlternateDataStreams: C:\ProgramData\Temp:F9F58B80 [180]
    AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [146]
    AlternateDataStreams: C:\ProgramData\Temp:FBD274CF [171]
    AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [370]
    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    
    Hosts:
    RemoveProxy:
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 16th, 2018, 7:42 pm

Hello, Pgmigg, I figured out what the "windows + R is and I did it, and was successful at using "tweaking.com for the registry back up, but the Muvic engine and Muvic smart bar will not uninstall, it says the feature you are trying to use is on a net work resource that is unavailable, click ok to try again, the installation source for this product is not available, verify that the source is exists and that you can access it. I tried to uninstall it a few times. I'll proceed with the instructions after you instruct me on how to get rid of the Muvic stuff, so that I can stay in order of your instructions. thanks again. Dave
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm

Re: Miserable computer face, Blue with frustration.

Unread postby pgmigg » August 18th, 2018, 11:54 am

Hello Dave,

Sorry for some delay in replay.
Thank you for your detailed note about an uninstalling problem - please don't worry, it is OK.
Right now please do the following:

Step 1.
Search with FRST: in Files and in Registry
  1. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  2. Double click FRST64.exe to launch it.
  3. FRST will start to run. When the tool opens click Yes/OK to the disclaimer and/or note about update to the latest version.
  4. Copy/Paste the following line into the Search: box.
    Muvic
  5. Press the Search Files button.
  6. When finished searching a log will open on your Desktop ... Search.txt
    Note: Please be patient, the search may take a while...
  7. Press the Search Registry button.
  8. When finished searching a log will open on your Desktop ... SearchReg.txt
    Note: Please be patient, the search may take a while...
  9. Please post both of them in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Search.txt log file
  3. Contents of the SearchReg.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 19th, 2018, 6:12 pm

hello Pgmigg, and no problem about the delay, I can see you are extremely busy helping others as well. and again, thank you for helping me. here is the info. you requested. guess I'll make two responses as you asked. I did not have any problems in following your instructions and even learned what the "Windows" key was, lol. and I'm posting the Search.txt and the SearchReg.txt and the computer crashed yesterday I think it was yesterday, with the usual miserable unhappy face with the blue screen. sure be glad when that stops. My kid is doing home study and I'm afraid it's gonna do that in the middle of her test. always holding my breath when the kid is on for school.

Farbar Recovery Scan Tool (x64) Version: 19.08.2018 02
Ran by CrisYouSasyMedic (19-08-2018 14:35:00)
Running from C:\Users\CrisYouSasyMedic\Downloads
Boot Mode: Normal

================== Search Files: "Muvic" =============


====== End of Search ======
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm

Re: Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 19th, 2018, 6:14 pm

hello again Pgmigg, here is the second part the SearchReg.txt

Farbar Recovery Scan Tool (x64) Version: 19.08.2018 02
Ran by CrisYouSasyMedic (19-08-2018 15:05:26)
Running from C:\Users\CrisYouSasyMedic\Downloads
Boot Mode: Normal

================== Search Registry: "Muvic" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
"Params"="AgentName=RGMUpdater Barcode=46679989 ChannelId=989 DeviceId=9774d868-e1c8-8b0e-cd14-940d38b837c2 Distributer=MuvicAMBS ProductName=Search PublisherName=Veristaff.com Inc ShowToolbar=false StandAlone=false update=true BarcodeId=46679989 ChannelId=989 DeviceId=9774d868-e1c8-8 InstallerVersion=2.0.0.9 DeviceId=9774"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D\InstallProperties]
"DisplayName"="Muvic Smartbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}]
"DisplayName"="Muvic Smartbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
"Params"="AgentName=RGMUpdater Barcode=46679989 ChannelId=989 DeviceId=9774d868-e1c8-8b0e-cd14-940d38b837c2 Distributer=MuvicAMBS ProductName=Search PublisherName=Veristaff.com Inc ShowToolbar=false StandAlone=false update=true BarcodeId=46679989 ChannelId=989 DeviceId=9774d868-e1c8-8 InstallerVersion=2.0.0.9 DeviceId=9774"
[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D]
"ProductName"="Muvic Smartbar"
[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Muvic.exe"="9999"
[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}]
"DisplayName"="Muvic Smartbar Engine"

====== End of Search ======
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm

Re: Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 19th, 2018, 6:19 pm

oh yeah, I'll wait for your go ahead to proceed with step 3 from above. Dave.
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm

Re: Miserable computer face, Blue with frustration.

Unread postby pgmigg » August 19th, 2018, 10:53 pm

Hello Dave,

Before the talking about crashes, we need to clean your machine from any kind of infections. So, lets continue...

Step 1.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM-x32\...\Run: [fst_us_143] => [X]
    HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe" 
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
    ProxyServer: [.DEFAULT] => 1
    AutoConfigURL: [.DEFAULT] => file://C:/Users/CrisYouSasyMedic/AppData/Local/LPT/NewConfig.txt
    ProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
    AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] => file://C:/Users/CrisYouSasyMedic/AppData/Local/LPT/NewConfig.txt
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sI9KCYqB5_pjxa3Wij2s2bTLp6N7jJBcdJwZ311GW516UswWsJFdEbWi_6uNVdmU-Zx1j8-VygoeXeZyfVf0WBe3H91G_hz5PzT8Kg1f5wodu9sgZYShH5Ism5nYHk,&q={searchTerms}
    HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.facebook.com/topic/Philip-Seymour-Hoffman/108351132526165?source=whfrt&position=1&trqid=6039082446727169189
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sI9KCYqB5_pjxa3Wij2s2bTLp6N7jJBcdJwZ311GW516UswWsJFdEbWi_6uNVdmU-Zx1j8-VygoeXeZyfVf0WBe3H91G_hz5PzT8Kg1f5wodu9sgZYShH5Ism5nYHk,&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\TAInstaller.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\vlc-2.2.6-win32.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\vlc-3.0.3-win32.exe
    AlternateDataStreams: C:\ProgramData\Temp:11590865 [177]
    AlternateDataStreams: C:\ProgramData\Temp:1416AAA6 [330]
    AlternateDataStreams: C:\ProgramData\Temp:2AD33723 [162]
    AlternateDataStreams: C:\ProgramData\Temp:2AF322BF [312]
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\Temp:363E775E [182]
    AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08 [344]
    AlternateDataStreams: C:\ProgramData\Temp:491270B8 [314]
    AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [182]
    AlternateDataStreams: C:\ProgramData\Temp:6B709AD7 [346]
    AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [382]
    AlternateDataStreams: C:\ProgramData\Temp:98CF1A39 [189]
    AlternateDataStreams: C:\ProgramData\Temp:9DBE6481 [130]
    AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D [165]
    AlternateDataStreams: C:\ProgramData\Temp:A6D6E537 [177]
    AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [334]
    AlternateDataStreams: C:\ProgramData\Temp:A88BE334 [316]
    AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A [342]
    AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA [179]
    AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B [364]
    AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [294]
    AlternateDataStreams: C:\ProgramData\Temp:C3899C0B [171]
    AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [178]
    AlternateDataStreams: C:\ProgramData\Temp:CAC06C34 [177]
    AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [183]
    AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [384]
    AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [155]
    AlternateDataStreams: C:\ProgramData\Temp:F9F58B80 [180]
    AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [146]
    AlternateDataStreams: C:\ProgramData\Temp:FBD274CF [171]
    AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [370]
    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar
    C:\Users\CRISYO~1\AppData\Local\Temp\smartbar
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\016A7206F164D5243BE66200904CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\016A7206F164D5243BE662E09C4CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B51A54BED003754EB928BEF1B2E8A42]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B51AA2BED003754EB928BEF1B2E8A42]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B61AA2BED003754EB929BEF1B2E8A42]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B6A7206F164D5243BE662E09C4CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\116A7206F164D5243BE662E09C4CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\216A7206F164D5243BE66288984CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\216A7206F164D5243BE662E09C4CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\2E35213FD461DD045869F4E01B62B2BE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\32123894481B5D040B0F8C26B6D7A878]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\40623894481B5D040B0F8C26B6D7A878]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\433F92F177200FF478C2D32BB923656E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\43F238B8E12237E46A4AFF0CB31E2ECC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\4CD231EF64D076744824027B43D7B1AD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\55D0E21DCD38B8E40BA0517C0D9CCCE0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\59F397F664A6B044BA5150D20FA0AD67]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\8B257988D95DB864CAF8EF451C5B3ECE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\93D6CC2FC9612424E87EB7375E2FC46C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73868888]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D61A81]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D68A82]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB88D68A82]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A143CF598A8430D4BB0E71700E8C09C5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A805D820868346044B5BDD92EB6CA6C3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A9AB3AEAE939E984293B9178134BD540]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB33A9FC4CD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\C4FE6082BC8553B4B91EC0FE408D71DA]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F71A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F72A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F73A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\D0386F2D6FEAFBC45BFCAFE158BF5064]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\D40B7F324393F624DACA80C397004DA1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\DF0B7F324F93FE24DBCA80C397004DF2]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E13864C95DCE91247A4435FFDA762754]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E2647758E1ED7134F8C4259CC51A2AA8]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF2]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF4]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Smartbar]
    [-HKEY_USERS\.DEFAULT\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D]
    [-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}]
    [-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Trolltech]
    
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\sb.host|""
    DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Muvic.exe
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe|Params
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D\InstallProperties|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe|Params
    DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D|ProductName
    DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Muvic.exe
    DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}|DisplayName
    
    Hosts:
    RemoveProxy:
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 2.
Scan with AdwCleaner.
  1. Please download AdwCleaner and save it to your desktop.
  2. Double click AdwCleaner.exe to run it.
  3. Click Scan.
  4. A logfile will automatically open after the scan has finished.
  5. Close the adwCleaner window, click ok to the prompt.
  6. Please post the contents of that logfile with your next reply.
  7. You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Content of the C:\AdwCleaner[R1].txt
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 20th, 2018, 10:24 pm

Hello, pgmigg, sorry I am confused, not very computer savy at all. not sure about step 1 number 6 says to save it next to FRST64.exe as fixlist.txt important: fixlist.txt must be saved in the same directory as frst64.exe to work. humm, don't know where the same directory is, so I copied the log and put it onto a notepad when I opened the notepad I go to file, then "save as" but where does it go from there? it saved on my desk top, when I opened Frst64.exe there is nothing in it's box to fix, I'm assuming the note pad contents belong in there, I won't do a thing till I hear from you. I always have to open the Frst64.exe from my downloads it does not save on my desk top. when we get past this then I'll continue with the rest of the steps. thanks Dave
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm

Re: Miserable computer face, Blue with frustration.

Unread postby pgmigg » August 20th, 2018, 11:45 pm

Hello Dave,

I'm sorry that the instraction was not written clearly, and I hope that now it will be better and clearer. :oops:

  1. Please copy FRST64.exe from your Download directory to the Desktop.
  2. Then right click on FRST64.exe and select Run as administrator, but this time when it opens ....
  3. Press Ctrl+y (Ctrl and y keys at the same time)
  4. A blank randomly named .txt Notepad file will open.
  5. Copy and paste the following into it (don't include Code: Select all) ....
    Code: Select all
    CreateRestorePoint:
    
    HKLM-x32\...\Run: [fst_us_143] => [X]
    HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe" 
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
    ProxyServer: [.DEFAULT] => 1
    AutoConfigURL: [.DEFAULT] => file://C:/Users/CrisYouSasyMedic/AppData/Local/LPT/NewConfig.txt
    ProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
    AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] => file://C:/Users/CrisYouSasyMedic/AppData/Local/LPT/NewConfig.txt
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sI9KCYqB5_pjxa3Wij2s2bTLp6N7jJBcdJwZ311GW516UswWsJFdEbWi_6uNVdmU-Zx1j8-VygoeXeZyfVf0WBe3H91G_hz5PzT8Kg1f5wodu9sgZYShH5Ism5nYHk,&q={searchTerms}
    HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.facebook.com/topic/Philip-Seymour-Hoffman/108351132526165?source=whfrt&position=1&trqid=6039082446727169189
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sI9KCYqB5_pjxa3Wij2s2bTLp6N7jJBcdJwZ311GW516UswWsJFdEbWi_6uNVdmU-Zx1j8-VygoeXeZyfVf0WBe3H91G_hz5PzT8Kg1f5wodu9sgZYShH5Ism5nYHk,&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\TAInstaller.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\vlc-2.2.6-win32.exe
    C:\Users\CrisYouSasyMedic\AppData\Local\Temp\vlc-3.0.3-win32.exe
    AlternateDataStreams: C:\ProgramData\Temp:11590865 [177]
    AlternateDataStreams: C:\ProgramData\Temp:1416AAA6 [330]
    AlternateDataStreams: C:\ProgramData\Temp:2AD33723 [162]
    AlternateDataStreams: C:\ProgramData\Temp:2AF322BF [312]
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\Temp:363E775E [182]
    AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08 [344]
    AlternateDataStreams: C:\ProgramData\Temp:491270B8 [314]
    AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [182]
    AlternateDataStreams: C:\ProgramData\Temp:6B709AD7 [346]
    AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [382]
    AlternateDataStreams: C:\ProgramData\Temp:98CF1A39 [189]
    AlternateDataStreams: C:\ProgramData\Temp:9DBE6481 [130]
    AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D [165]
    AlternateDataStreams: C:\ProgramData\Temp:A6D6E537 [177]
    AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [334]
    AlternateDataStreams: C:\ProgramData\Temp:A88BE334 [316]
    AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A [342]
    AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA [179]
    AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B [364]
    AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [294]
    AlternateDataStreams: C:\ProgramData\Temp:C3899C0B [171]
    AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [178]
    AlternateDataStreams: C:\ProgramData\Temp:CAC06C34 [177]
    AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [183]
    AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [384]
    AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [155]
    AlternateDataStreams: C:\ProgramData\Temp:F9F58B80 [180]
    AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [146]
    AlternateDataStreams: C:\ProgramData\Temp:FBD274CF [171]
    AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [370]
    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar
    C:\Users\CRISYO~1\AppData\Local\Temp\smartbar
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\016A7206F164D5243BE66200904CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\016A7206F164D5243BE662E09C4CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B51A54BED003754EB928BEF1B2E8A42]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B51AA2BED003754EB928BEF1B2E8A42]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B61AA2BED003754EB929BEF1B2E8A42]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B6A7206F164D5243BE662E09C4CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\116A7206F164D5243BE662E09C4CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\216A7206F164D5243BE66288984CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\216A7206F164D5243BE662E09C4CD4AC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\2E35213FD461DD045869F4E01B62B2BE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\32123894481B5D040B0F8C26B6D7A878]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\40623894481B5D040B0F8C26B6D7A878]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\433F92F177200FF478C2D32BB923656E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\43F238B8E12237E46A4AFF0CB31E2ECC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\4CD231EF64D076744824027B43D7B1AD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\55D0E21DCD38B8E40BA0517C0D9CCCE0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\59F397F664A6B044BA5150D20FA0AD67]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\8B257988D95DB864CAF8EF451C5B3ECE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\93D6CC2FC9612424E87EB7375E2FC46C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73868888]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D61A81]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D68A82]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB88D68A82]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A143CF598A8430D4BB0E71700E8C09C5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A805D820868346044B5BDD92EB6CA6C3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A9AB3AEAE939E984293B9178134BD540]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB33A9FC4CD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\C4FE6082BC8553B4B91EC0FE408D71DA]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F71A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F72A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F73A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\D0386F2D6FEAFBC45BFCAFE158BF5064]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\D40B7F324393F624DACA80C397004DA1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\DF0B7F324F93FE24DBCA80C397004DF2]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E13864C95DCE91247A4435FFDA762754]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E2647758E1ED7134F8C4259CC51A2AA8]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF2]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF4]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Smartbar]
    [-HKEY_USERS\.DEFAULT\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D]
    [-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}]
    [-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Trolltech]
    
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages\
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\sb.host|""
    DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Muvic.exe
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe|Params
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D\InstallProperties|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe|Params
    DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D|ProductName
    DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Muvic.exe
    DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}|DisplayName
    
    Hosts:
    RemoveProxy:
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Press Ctrl+s (Ctrl and s keys at the same time) to save this file (directory will be selected as the Desktop automatically).
  7. Now press the Fix button once and wait.
  8. FRST will process fixlist file.
  9. When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe - on your Desktop.

Then you can proceed with Step 2 from my previous post.

Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4238
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 21st, 2018, 7:19 pm

Hello pgmigg, thanks for the help again and sorry about my confusion. here are the log files posing separately. I did not have any problems following your instructions other then I got confused. The computer Error and blue screen happened again in the middle of my instructions.
CreateRestorePoint:

HKLM-x32\...\Run: [fst_us_143] => [X]
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [.DEFAULT] => 1
AutoConfigURL: [.DEFAULT] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
ProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.facebook.com/topic/Philip-S ... 6727169189
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll
C:\Users\CrisYouSasyMedic\AppData\Local\Temp\TAInstaller.exe
C:\Users\CrisYouSasyMedic\AppData\Local\Temp\vlc-2.2.6-win32.exe
C:\Users\CrisYouSasyMedic\AppData\Local\Temp\vlc-3.0.3-win32.exe
AlternateDataStreams: C:\ProgramData\Temp:11590865 [177]
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6 [330]
AlternateDataStreams: C:\ProgramData\Temp:2AD33723 [162]
AlternateDataStreams: C:\ProgramData\Temp:2AF322BF [312]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:363E775E [182]
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08 [344]
AlternateDataStreams: C:\ProgramData\Temp:491270B8 [314]
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [182]
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7 [346]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [382]
AlternateDataStreams: C:\ProgramData\Temp:98CF1A39 [189]
AlternateDataStreams: C:\ProgramData\Temp:9DBE6481 [130]
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D [165]
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537 [177]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [334]
AlternateDataStreams: C:\ProgramData\Temp:A88BE334 [316]
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A [342]
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA [179]
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B [364]
AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [294]
AlternateDataStreams: C:\ProgramData\Temp:C3899C0B [171]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [178]
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34 [177]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [183]
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [384]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [155]
AlternateDataStreams: C:\ProgramData\Temp:F9F58B80 [180]
AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [146]
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF [171]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [370]
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"

Hosts:
RemoveProxy:
EmptyTemp:
CMD: ipconfig /flushdns̩
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm

Re: Miserable computer face, Blue with frustration.

Unread postby EnterDavysLocker » August 21st, 2018, 7:20 pm

hello pgmigg, here is the second post of the Adwcleaner.
# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build: 06-26-2018
# Database: 2018-08-20.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-21-2018
# Duration: 00:00:50
# OS: Windows 8.1
# Scanned: 41517
# Detected: 24


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\BSD\DriverHiveEngine

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\CrisYouSasyMedic\Downloads\SysInfo.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Wow6432Node\Smartbar
PUP.Optional.Legacy HKLM\Software\Wow6432Node\TWEAKBIT
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\649A52D257CA5DB4EAAE8BA9EB23E467
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\363FB0CBBA367FF4E81FEAD0F717B142
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\3152E1F19977892449DC968802CE8964
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchUrl|Default
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchUrl|Default
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search|SearchAssistant
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search|Default_Search_URL
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search|SearchAssistant
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search|Default_Search_URL
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main|Search Bar
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main|Search Bar
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [6244 octets] - [10/08/2018 13:53:01]
AdwCleaner[C00].txt - [3169 octets] - [10/08/2018 13:54:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
EnterDavysLocker
Active Member
 
Posts: 12
Joined: August 3rd, 2018, 7:01 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 80 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware