Post by vladrasputin on Nov 13, 2014 8:37:54 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by Owner at 2014-11-13 11:30:03 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: IUSR_NMPR & Owner & Leilani and Jordan & Work)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\...\Run: [DW7] => "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicyUsers\S-1-5-21-4140619084-4278925724-3609858787-1002\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^ZJ^xdm268^YYA^us&si=CIycmvjN0bsCFcJqfgodD24AAA&ptb=6C6C4F15-533B-47F1-BE41-25F1465D2EEF&ind=2013122718&n=77fdd09e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0213FFDE-519B-44FE-9AE9-44AEBFD2F152} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295941&CUI=UN29678006851196812&UM=2
SearchScopes: HKCU - {0213FFDE-519B-44FE-9AE9-44AEBFD2F152} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295941&CUI=UN29678006851196812&UM=2
SearchScopes: HKCU - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^ZJ^xdm268^YYA^us&si=CIycmvjN0bsCFcJqfgodD24AAA&ptb=6C6C4F15-533B-47F1-BE41-25F1465D2EEF&ind=2013122718&n=77fdd09e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {BC34E828-797D-4B59-885C-76829FEB7EF4} URL = www.ask.com/web?q={searchterms}&l=dis&o=ushpd
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
C:\Users\Leilani and Jordan\AppData\Local\Temp\ijmqv3rk.dll
C:\Users\Leilani and Jordan\AppData\Local\Temp\SPSetup.exe
C:\Users\Owner\AppData\Local\Temp\73agyz05.dll
C:\Users\Owner\AppData\Local\Temp\qud1ckn-.dll
C:\Users\Owner\AppData\Local\Temp\yrmmmvet.dll
HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-4140619084-4278925724-3609858787-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Reboot:
end
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DW7 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4140619084-4278925724-3609858787-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => Key deleted successfully.
"HKCR\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0213FFDE-519B-44FE-9AE9-44AEBFD2F152}" => Key deleted successfully.
"HKCR\CLSID\{0213FFDE-519B-44FE-9AE9-44AEBFD2F152}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => Key deleted successfully.
"HKCR\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC34E828-797D-4B59-885C-76829FEB7EF4}" => Key deleted successfully.
"HKCR\CLSID\{BC34E828-797D-4B59-885C-76829FEB7EF4}" => Key not found.
"HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully.
C:\Users\Leilani and Jordan\AppData\Local\Temp\ijmqv3rk.dll => Moved successfully.
C:\Users\Leilani and Jordan\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\73agyz05.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\qud1ckn-.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\yrmmmvet.dll => Moved successfully.
"HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-4140619084-4278925724-3609858787-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
The system needed a reboot.
==== End of Fixlog ====
Ran by Owner at 2014-11-13 11:30:03 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: IUSR_NMPR & Owner & Leilani and Jordan & Work)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\...\Run: [DW7] => "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicyUsers\S-1-5-21-4140619084-4278925724-3609858787-1002\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^ZJ^xdm268^YYA^us&si=CIycmvjN0bsCFcJqfgodD24AAA&ptb=6C6C4F15-533B-47F1-BE41-25F1465D2EEF&ind=2013122718&n=77fdd09e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0213FFDE-519B-44FE-9AE9-44AEBFD2F152} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295941&CUI=UN29678006851196812&UM=2
SearchScopes: HKCU - {0213FFDE-519B-44FE-9AE9-44AEBFD2F152} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295941&CUI=UN29678006851196812&UM=2
SearchScopes: HKCU - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^ZJ^xdm268^YYA^us&si=CIycmvjN0bsCFcJqfgodD24AAA&ptb=6C6C4F15-533B-47F1-BE41-25F1465D2EEF&ind=2013122718&n=77fdd09e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {BC34E828-797D-4B59-885C-76829FEB7EF4} URL = www.ask.com/web?q={searchterms}&l=dis&o=ushpd
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
C:\Users\Leilani and Jordan\AppData\Local\Temp\ijmqv3rk.dll
C:\Users\Leilani and Jordan\AppData\Local\Temp\SPSetup.exe
C:\Users\Owner\AppData\Local\Temp\73agyz05.dll
C:\Users\Owner\AppData\Local\Temp\qud1ckn-.dll
C:\Users\Owner\AppData\Local\Temp\yrmmmvet.dll
HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-4140619084-4278925724-3609858787-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Reboot:
end
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DW7 => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4140619084-4278925724-3609858787-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => Key deleted successfully.
"HKCR\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0213FFDE-519B-44FE-9AE9-44AEBFD2F152}" => Key deleted successfully.
"HKCR\CLSID\{0213FFDE-519B-44FE-9AE9-44AEBFD2F152}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => Key deleted successfully.
"HKCR\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC34E828-797D-4B59-885C-76829FEB7EF4}" => Key deleted successfully.
"HKCR\CLSID\{BC34E828-797D-4B59-885C-76829FEB7EF4}" => Key not found.
"HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully.
C:\Users\Leilani and Jordan\AppData\Local\Temp\ijmqv3rk.dll => Moved successfully.
C:\Users\Leilani and Jordan\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\73agyz05.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\qud1ckn-.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\yrmmmvet.dll => Moved successfully.
"HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-4140619084-4278925724-3609858787-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-4140619084-4278925724-3609858787-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
The system needed a reboot.
==== End of Fixlog ====