Giving my desktop a once over

Hey, I’ve done the first two steps and I was looking at the fixlist.txt before I run FRST. I wanted to check with you on what it’s going to do because it looks like it might get rid of things I need/want/use and I want to confirm whether or not these are infected or if you’re just getting rid of them because you think they have vulnerabilities.

For example, I’ve intentionally set up that proxy server config and entered manual DNS entries on FF because I had built a CentOS box and was testing squid, which I’ve mentioned here in this thread. I have intentionally not updated past WinAmp 2.91 because I don’t want all the bloatware that came with later versions. It looks like your proposed fix will remove some of my plugins. I’m not aware of PUTTY.RND being a problem file (unless it’s infected)? Etc.

I ask all this because a previous fix done in this thread removed the power saving feature client for my Buffalo TeraStation, which made it a real PITA to access my NAS for a bit (and scared the crap out of me for a moment) until I figured out what happened and turned off the power saving feature. Unless there’s a vulnerability with that feature you know about I would’ve preferred to leave that. Etc.

Nothing really needs to go, so long as you setup the proxy then I am just removing redundant files… Are you having any issues?

You can edit everything out of the fix except these and run it.

Okay, after reading your last comment I went back and looked, and realized the Winamp references were pointing to a folder that doesn’t exist anymore, not to my actual installation. The only issue I’ve had was that this process removed a file from my PC that interacts with my Buffalo NAS. When I start my PC it tells the NAS to power up and when I shut down my PC it tells the NAS to go to sleep. For the moment I’ve not reinstalled it because it’s not clear if that was truly compromised or if it was a false positive. For now I’m just leaving my NAS on 24/7. Other than that no issues to report.

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 01.10.2016 05:22:49
Path starting: C:\Users********\AppData\Local\Temp\SecurityCheck\ SecurityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: ********
VersionXML: 3.39is-26.09.2016

---

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 17.07.2013 03:55:10
LicenseStatus: Windows(R) 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [249.2 Gb] Free: [216.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18282 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Notify before download
Date install updates: 2016-05-06 07:01:03
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.4518.1014
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.50.67
--------------------------- [ OtherUtilities ] ----------------------------
Foxit Reader v.7.2.8.1124 Warning! Download Update
WinRAR archiver
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.21 v.7.21.100 Warning! Download Update
^Optional update.[1]
--------------------------------- [ P2P ] ---------------------------------
BitTorrent v.7.9.6.42095 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 31 v.8.0.310 Warning! Download Update
Uninstall old version and install new one (jre-8u102-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.[2]
iTunes v.11.0.4.4 Warning! Download Update
^Please use Apple Software Update tool.[3]
QuickTime v.7.69.80.9 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 23 ActiveX v.23.0.0.162
Adobe Flash Player 23 NPAPI v.23.0.0.162
------------------------------- [ Browser ] -------------------------------
Google Chrome v.53.0.2785.116
Mozilla Firefox 47.0 (x86 en-US) v.47.0 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender (WinDefend) - The service is running
ZAM Controller Service (ZAMSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 10-10-2016
Ran by ******** (11-10-2016 06:40:05) Run:1
Running from C:\Users********\Desktop\Virus Stuff
Loaded Profiles: ******** (Available Profiles: ********)
Boot Mode: Normal[/HEADING]
fixlist content:

---

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [“DropboxExt1”] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [“DropboxExt2”] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [“DropboxExt3”] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [“DropboxExt4”] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [“DropboxExt5”] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [“DropboxExt6”] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [“DropboxExt7”] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [“DropboxExt8”] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [“DropboxExt1”] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [“DropboxExt2”] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [“DropboxExt3”] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [“DropboxExt4”] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [“DropboxExt5”] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [“DropboxExt6”] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [“DropboxExt7”] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [“DropboxExt8”] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3113485377-2953679804-1031508582-1000: @unity3d.com/UnityPlayer,version=1.0 → C:\Users*\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D 32.dll [No File]
C:\Users*\AppData\Roaming\BitTorrent
2014-05-25 23:28 - 2014-05-25 23:28 - 0004608 _____ () C:\Users*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-16 19:24 - 2013-07-16 19:24 - 0000093 _____ () C:\Users*\AppData\Local\fusioncache.dat
2015-08-16 12:25 - 2016-09-13 23:55 - 0000600 _____ () C:\Users*\AppData\Local\PUTTY.RND
2014-06-22 17:16 - 2014-06-22 17:16 - 0009133 _____ () C:\Users*\AppData\Local\recently-used.xbel
2014-02-14 17:12 - 2014-02-14 17:12 - 0000040 ___SH () C:\ProgramData.zreglib
2014-04-21 21:05 - 2014-04-21 21:05 - 0001534 _____ () C:\ProgramData\ss.ini
Task: {0130F891-3294-4032-A95E-2551D0785764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {10F79057-2BA5-4EF2-9C33-C6803BF2343F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {17A3A26B-8904-4FC0-8EA4-1FA5F34B0499} - System32\Tasks{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8} => pcalua.exe -a C:\Users*\Desktop\WinAmp\Nulsoft_WMA_Input_Plugin.exe -d C:\Users*\Desktop\WinAmp
Task: {48E8C69E-3232-4C58-8D50-89E05A199CA5} - System32\Tasks{10E18378-6BD7-4004-8E1E-01EFE3AF895E} => pcalua.exe -a C:\Users*\Desktop\WinAmp\Monkey_Audio_Winamp_Plugin.exe -d C:\Users*\Desktop\WinAmp
Task: {A0D703AA-157D-4B49-87F0-1F44E9BCB6BC} - System32\Tasks{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324} => pcalua.exe -a “C:\Users*\Desktop\New folder\irfanview_plugins_430_setup.exe" -d "C:\Users*\Desktop\New folder”
Task: {D25D2FF5-6CAA-49BA-B31C-5F14CE31FC4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {D2D672C5-BE14-408F-84C4-0FCA6CF64C9B} - System32\Tasks{4AE2B404-0A18-4C78-9A08-066ED4826374} => pcalua.exe -a “C:\Users*\Desktop\WinAmp\WinAmp 2.91\Flac_Plugin_for_WA2.exe" -d "C:\Users*\Desktop\WinAmp\WinAmp 2.91”
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
ShortcutWithArgument: C:\Users********\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla
AlternateDataStreams: C:\Windows:73C67ABEEE751B55 [50]
AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [217]
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end

---

Restore point was successfully created.
Processes closed successfully.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers"DropboxExt1"” => key removed successfully
HKCR\CLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers"DropboxExt2"” => key removed successfully
HKCR\CLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers"DropboxExt3"” => key removed successfully
HKCR\CLSID{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers"DropboxExt4"” => key removed successfully
HKCR\CLSID{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers"DropboxExt5"” => key removed successfully
HKCR\CLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers"DropboxExt6"” => key removed successfully
HKCR\CLSID{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers"DropboxExt7"” => key removed successfully
HKCR\CLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers"DropboxExt8"” => key removed successfully
HKCR\CLSID{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers"Dro pboxExt1"” => key removed successfully
HKCR\Wow6432Node\CLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers"Dro pboxExt2"” => key removed successfully
HKCR\Wow6432Node\CLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers"Dro pboxExt3"” => key removed successfully
HKCR\Wow6432Node\CLSID{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers"Dro pboxExt4"” => key removed successfully
HKCR\Wow6432Node\CLSID{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers"Dro pboxExt5"” => key removed successfully
HKCR\Wow6432Node\CLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers"Dro pboxExt6"” => key removed successfully
HKCR\Wow6432Node\CLSID{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers"Dro pboxExt7"” => key removed successfully
HKCR\Wow6432Node\CLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers"Dro pboxExt8"” => key removed successfully
HKCR\Wow6432Node\CLSID{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
“HKLM\Software\MozillaPlugins@microsoft.com/GENUINE” => key removed successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@microsoft.com/GENUINE” => key removed successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3” => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9” => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
“HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\MozillaPlugins@unity3d.com/UnityPlayer,version=1.0” => key removed successfully
C:\Users*\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D 32.dll => not found.
C:\Users*\AppData\Roaming\BitTorrent => moved successfully
C:\Users*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users*\AppData\Local\fusioncache.dat => moved successfully
C:\Users*\AppData\Local\PUTTY.RND => moved successfully
C:\Users*\AppData\Local\recently-used.xbel => moved successfully
C:\ProgramData.zreglib => moved successfully
C:\ProgramData\ss.ini => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{0130F89 1-3294-4032-A95E-2551D0785764}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0130F89 1-3294-4032-A95E-2551D0785764}” => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{10F7905 7-2BA5-4EF2-9C33-C6803BF2343F}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{10F7905 7-2BA5-4EF2-9C33-C6803BF2343F}” => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{17A3A26 B-8904-4FC0-8EA4-1FA5F34B0499}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{17A3A26 B-8904-4FC0-8EA4-1FA5F34B0499}” => key removed successfully
C:\Windows\System32\Tasks{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8} => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{48E8C69 E-3232-4C58-8D50-89E05A199CA5}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{48E8C69 E-3232-4C58-8D50-89E05A199CA5}” => key removed successfully
C:\Windows\System32\Tasks{10E18378-6BD7-4004-8E1E-01EFE3AF895E} => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{10E18378-6BD7-4004-8E1E-01EFE3AF895E}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{A0D703A A-157D-4B49-87F0-1F44E9BCB6BC}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A0D703A A-157D-4B49-87F0-1F44E9BCB6BC}” => key removed successfully
C:\Windows\System32\Tasks{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324} => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{D25D2FF 5-6CAA-49BA-B31C-5F14CE31FC4C}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D25D2FF 5-6CAA-49BA-B31C-5F14CE31FC4C}” => key removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner SkipUAC” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{D2D672C 5-BE14-408F-84C4-0FCA6CF64C9B}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D2D672C 5-BE14-408F-84C4-0FCA6CF64C9B}” => key removed successfully
C:\Windows\System32\Tasks{4AE2B404-0A18-4C78-9A08-066ED4826374} => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{4AE2B404-0A18-4C78-9A08-066ED4826374}” => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Users********\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk => Shortcut argument removed successfully.
C:\Windows => “:73C67ABEEE751B55” ADS removed successfully.
C:\ProgramData\PACE => “:BAE58937CBFFCB07” ADS removed successfully.

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21827746 B
Java, Flash, Steam htmlcache => 1536 B
Windows/system/drivers => 16648 B
Edge => 0 B
Chrome => 913479491 B
Firefox => 35597106 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 39125 B
LocalService => 33125 B
NetworkService => 60691 B
******** => 272018144 B
UpdatusUser => 0 B

RecycleBin => 271949826 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 06:41:07 ====

---

1. /b ↩︎
2. /b ↩︎
3. /b ↩︎

1.4 gigs of temp files is a bit large, IK suggest that you run this tool.
You can safely reinstall. I doubt that it has malware, sometimes malware tools will remove legit programs; it happens. Also, make sure and update your java etc…

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Download DelFix by “Xplode” to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

Downloads - DelFix - Download Now - ToolsLib

This is the updated link for DelFix. Please download and post the log

Got it, thanks. A huge LOL @ the log though. It didn’t actually delete any of those files because none of them were located in the root of the C drive. It doesn’t matter though, I can delete them. I mainly wanted to do it for cleaning/resetting the restore point and whatever else it was going to do. But from a programmer’s point of view that output is false, and would make me question the rest of the tool.
[HEADING=1]DelFix v1.013 - Logfile created 13/10/2016 at 12:50:03[/HEADING]
[HEADING=1]Updated 17/04/2016 by Xplode[/HEADING]
[HEADING=1]Username : ******** - ********-PC[/HEADING]
[HEADING=1]Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)[/HEADING]
~ Removing disinfection tools …

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\AdsFix
Deleted : C:\SecurityCheck
Deleted : C:\AdsFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2016-03-08-135141.log
Deleted : C:\zoek-results2016-09-25-011322.log
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASW MBR

~ Creating registry backup … OK

~ Cleaning system restore …

Deleted : RP #346 [Restore Point Created by FRST | 10/11/2016 10:40:11]
Deleted : RP #347 [Restore point | 10/12/2016 10:54:06]

New restore point created !

########## - EOF - ##########

So, all is well then?

Yes, thank you for the help. Just to confirm … I don’t think I saw anything in the scan results? Only the false positives from some tools looking at other tools, right?

Just your basic clutter trash - redundant file minor adware build up. Nothing to get in a fuss about. Have a great night.