User Tag List

DDS won't run

This is a discussion on DDS won't run within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I know I have something bad on my computer McAfee is continually popping up. I tried to view a


 
 
Thread Tools Search this Thread
Old 10-03-2015, 03:12 AM   #1
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8



Hi,

I know I have something bad on my computer McAfee is continually popping up. I tried to view a manual using adobe, but it didn't come up, showed a message saying I must have adobe to view and said click here. I now have lots of new apps, which I have tried unsuccessfully to uninstall, McAfee is giving me warnings every 30 seconds and have pop ups preventing me from accessing webpages.

I have used advice from this site before and found it to be exceptionally helpful so returned and followed the instructions for DDS. When I click to run it, I get a message saying cannot run in compatibility mode and closes.

I am using a Lenovo laptop with windows 8 (.1 I think).

Please can you help me proceed?

Thanks

Jo
jnnelias is offline  
Sponsored Links
Advertisement
 
Old 10-03-2015, 04:49 PM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello jnnelias,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the below instructions.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 10-04-2015, 12:42 AM   #3
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8



Thank you Tolga.

I have open pop ups that will not close and installers running which will not close.

Attached please find the requested logs.

I look forward to hearing from you again soon.

Jo

FRST.txt

Addition.txt
jnnelias is offline  
Sponsored Links
Advertisement
 
Old 10-05-2015, 12:34 PM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jo,

Thanks for the logs. Please do the following steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

=========================================================

STEP 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
__________________
tekir06 is offline  
Old 10-05-2015, 01:24 PM   #5
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8



Thanks again.

Adware log below:

# AdwCleaner v5.010 - Logfile created 05/10/2015 at 21:08:55
# Updated 04/10/2015 by Xplode
# Database : 2015-10-05.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Jo - LENOVO-PC
# Running from : C:\Users\Jo\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : BrsHelper
[-] Service Deleted : bsdriver
[-] Service Deleted : cherimoya
[-] Service Deleted : csrcc
[-] Service Deleted : globalUpdate
[-] Service Deleted : globalUpdatem
[-] Service Deleted : sbmntr
[-] Service Deleted : SMUpd
[-] Service Deleted : SMUpdd
[-] Service Deleted : SPBIUpd
[-] Service Deleted : SPBIUpdd
[-] Service Deleted : wbsvc
[-] Service Deleted : acengine
[-] Service Deleted : acwfp
[-] Service Deleted : gyvixodu
[-] Service Deleted : sewyxowu
[-] Service Deleted : ppfd_vw_1_10_0_24
[-] Service Deleted : ppsvc_1.10.0.24
[-] Service Deleted : 72D89F10-E7B1-4F7E-877D-BB327DEA39BF
[!] Service Not Deleted : csrcc
[-] Service Deleted : Kixjucfio
[-] Service Deleted : shopperz011020151101 Updater
[-] Service Deleted : SutsytCofgi
[!] Service Not Deleted : 72D89F10-E7B1-4F7E-877D-BB327DEA39BF
[!] Service Not Deleted : shopperz011020151101 Updater

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\WebBar
[#] Folder Deleted : C:\Program Files\shopperz011020151101
[-] Folder Deleted : C:\Program Files (x86)\AnyProtectEx
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\ShopperPro
[-] Folder Deleted : C:\Program Files (x86)\YTDownloader
[-] Folder Deleted : C:\Program Files (x86)\Crossbrowse
[-] Folder Deleted : C:\Program Files (x86)\Fast-Search
[-] Folder Deleted : C:\Program Files (x86)\A85E6518-1443863831-11E4-82A0-D05349E3FCC2
[-] Folder Deleted : C:\Program Files (x86)\PhraseProfessor_1.10.0.24
[-] Folder Deleted : C:\Program Files (x86)\CinePlus-1.44V03.10
[-] Folder Deleted : C:\Program Files (x86)\CinePlus-1.44V04.10
[!] Folder Not Deleted : C:\Program Files (x86)\Crossbrowse
[-] Folder Deleted : C:\Program Files (x86)\MyBrowser
[-] Folder Deleted : C:\Program Files (x86)\MyBrowser 1.0.2V03.10
[-] Folder Deleted : C:\Program Files (x86)\gmsd_gb_005010105
[-] Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.01
[-] Folder Deleted : C:\Program Files\Common Files\Goobzo
[-] Folder Deleted : C:\Program Files\Common Files\ShopperPro
[-] Folder Deleted : C:\ProgramData\SearchModule
[-] Folder Deleted : C:\ProgramData\ShopperPro
[-] Folder Deleted : C:\ProgramData\FlashBeat
[-] Folder Deleted : C:\ProgramData\InstallSightSDK
[-] Folder Deleted : C:\ProgramData\28341ff220e0446c9fff27c4493d622e
[-] Folder Deleted : C:\ProgramData\Service1291
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
[!] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser
[-] Folder Deleted : C:\Users\Jo\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Jo\AppData\Local\SmartWeb
[-] Folder Deleted : C:\Users\Jo\AppData\Local\WebBar
[-] Folder Deleted : C:\Users\Jo\AppData\Local\BrowserHelper
[-] Folder Deleted : C:\Users\Jo\AppData\Local\Crossbrowse
[-] Folder Deleted : C:\Users\Jo\AppData\Local\DeskBar
[-] Folder Deleted : C:\Users\Jo\AppData\Local\BrowserAir
[!] Folder Not Deleted : C:\Users\Jo\AppData\Local\Crossbrowse
[-] Folder Deleted : C:\Users\Jo\AppData\Local\MyBrowser
[-] Folder Deleted : C:\Users\Jo\AppData\Local\gmsd_gb_005010105
[-] Folder Deleted : C:\Users\Jo\AppData\LocalLow\SmartWeb
[-] Folder Deleted : C:\Users\Jo\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\AnyProtectEx
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\Nosibay
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\Store
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\VOPackage
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\WTools
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\ortmp
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
[-] Folder Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
[-] Folder Deleted : C:\Users\Public\Documents\ShopperPro
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\acengine

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Bubble Dock.boostrap.log
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Bubble Dock.installation.log
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Selection Tools.installation.log
[-] File Deleted : C:\Users\Jo\AppData\Roaming\WindApp.boostrap.log
[-] File Deleted : C:\Users\Jo\AppData\Roaming\WindApp.installation.log
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MyBrowser.lnk
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\crossbrowse.lnk
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BrowserAir.lnk
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
[-] File Deleted : C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
[-] File Deleted : C:\Users\Jo\Desktop\AnyProtect.lnk
[-] File Deleted : C:\Users\Jo\Desktop\Continue Live Installation.lnk
[-] File Deleted : C:\Users\Jo\Desktop\Optimizer Pro.lnk
[-] File Deleted : C:\Users\Jo\Desktop\YTDownloader.lnk
[-] File Deleted : C:\Users\Jo\Desktop\BrowserAir.lnk
[-] File Deleted : C:\Users\Public\Desktop\crossbrowse.lnk
[-] File Deleted : C:\Users\Public\Desktop\MyBrowser.lnk
[-] File Deleted : C:\windows\SysNative\acengineOff.ini
[-] File Deleted : C:\windows\SysNative\acengine64.dll
[-] File Deleted : C:\windows\SysNative\Kixjucfio64.dll
[-] File Deleted : C:\windows\SysNative\drivers\bsdriver.sys
[-] File Deleted : C:\windows\SysNative\drivers\cherimoya.sys
[-] File Deleted : C:\windows\SysNative\drivers\acwfp64.sys
[-] File Deleted : C:\windows\SysNative\drivers\ppfd_vt_1_10_0_24.sys
[-] File Deleted : C:\windows\SysNative\drivers\ppfd_vw_1_10_0_24.sys
[-] File Deleted : C:\windows\SysWOW64\acengineOff.ini
[-] File Deleted : C:\windows\SysWOW64\acengine.dll
[-] File Deleted : C:\windows\SysWOW64\Kixjucfio.dll

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : APSnotifierPP1
[-] Task Deleted : APSnotifierPP2
[-] Task Deleted : APSnotifierPP3
[-] Task Deleted : Crossbrowse
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : Inst_Rep
[-] Task Deleted : ShopperProJSUpd
[-] Task Deleted : Smp
[-] Task Deleted : WebBarLaunchTask
[-] Task Deleted : WebBarUpdateTask
[-] Task Deleted : YTDownloader
[-] Task Deleted : YTDownloaderUpd
[-] Task Deleted : WindApp Update
[-] Task Deleted : Selection Tools Update
[-] Task Deleted : MyBrowser
[-] Task Deleted : PhraseProfessor Auto Updater 1.10.0.24 Core
[-] Task Deleted : PhraseProfessor Auto Updater 1.10.0.24 Pending Update
[-] Task Deleted : Selection Tools Update
[-] Task Deleted : WindApp Update
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-1-6
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-1-7
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-10_user
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-5
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-5_user
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-1-6
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-1-7
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-10_user
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-5
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-5_user
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-1-6
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-1-7
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-10_user
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-5
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-5_user
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-1-6
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-1-7
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-10_user
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-5
[-] Task Deleted : 3c47534d-1500-4330-ae5b-5f42a0688a78-5_user
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-1-6
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-1-7
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-10_user
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-5
[-] Task Deleted : 8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-5_user
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-1-6
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-1-7
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-10_user
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-5
[-] Task Deleted : e31a9082-03d5-420d-a961-935022726e54-5_user
[-] Task Deleted : SMW_UpdateTask_Time_323838383537363436342d41783445372a453478325a57
[-] Task Deleted : SPBIW_UpdateTask_Time_323838383537363436342d41783445372a453478325a57
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CRSBRWSHTML
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
[-] Value Deleted : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Value Deleted : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataContainer
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acengine
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.WFPController
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.WFPController.1
[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DeskBar]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [MyBrowser]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mybrowser.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\mybrowser.exe
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acwfp
[-] Key Deleted : HKLM\SOFTWARE\Classes\Crossbrowse
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_gb_005010102]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_gb_005010105]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [upgmsd_gb_005010105.exe]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [shopperz011020151101]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [shopperz01102015110164]
[-] Key Deleted : HKLM\SOFTWARE\shopperz011020151101
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1478E71F-577C-4F90-8289-864775A91E66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{689960B3-2BC4-478F-8F66-9B0EB5BC2FC8}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87351D3C-AFFF-419C-85E7-C728C6A4E459}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9136C298-84B7-4456-aC38-D1663D8695F0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2FFCAE8-21D4-4D36-845F-FD7F4F615D5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDDE1B0A-D7CF-4F3F-8D42-BCFF4ED53AE6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{029AF757-A988-4BDD-A744-A4C7BCEBB011}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{124CA0BE-F86B-4C53-8FFB-EEF058D2AE47}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9A6E2FF5-3587-48A7-8C13-D3B1FD71D7AC}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
[-] Key Deleted : HKU\.DEFAULT\Software\CinePlus-1.44V03.10-nv-ie
[-] Key Deleted : HKU\.DEFAULT\Software\CinePlus-1.44V04.10-nv-ie
[-] Key Deleted : HKU\.DEFAULT\Software\MyBrowser 1.0.2V03.10-nv-ie
[-] Key Deleted : HKU\.DEFAULT\Software\{5E3806DC-5791-452A-8A9E-134943F12304}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\AnyProtect
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Nosibay
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\YTDownloader
[-] Key Deleted : HKCU\Software\WTools
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\DeskBar
[-] Key Deleted : HKCU\Software\BrowserAir
[-] Key Deleted : HKCU\Software\CinePlus-1.44V03.10
[-] Key Deleted : HKCU\Software\CinePlus-1.44V03.10-nv-ie
[-] Key Deleted : HKCU\Software\CinePlus-1.44V04.10
[-] Key Deleted : HKCU\Software\CinePlus-1.44V04.10-nv-ie
[!] Key Not Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\MyBrowser
[-] Key Deleted : HKCU\Software\MyBrowser 1.0.2V03.10
[-] Key Deleted : HKCU\Software\MyBrowser 1.0.2V03.10-nv-ie
[-] Key Deleted : HKCU\Software\{5E3806DC-5791-452A-8A9E-134943F12304}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
[-] Key Deleted : HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\acengine
[-] Key Deleted : HKLM\SOFTWARE\Fast-Search
[-] Key Deleted : HKLM\SOFTWARE\PhraseProfessor_1.10.0.24
[-] Key Deleted : HKLM\SOFTWARE\CinePlus-1.44V03.10
[-] Key Deleted : HKLM\SOFTWARE\CinePlus-1.44V03.10-nv-ie
[-] Key Deleted : HKLM\SOFTWARE\CinePlus-1.44V04.10
[-] Key Deleted : HKLM\SOFTWARE\CinePlus-1.44V04.10-nv-ie
[!] Key Not Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\MyBrowser
[-] Key Deleted : HKLM\SOFTWARE\MyBrowser 1.0.2V03.10
[-] Key Deleted : HKLM\SOFTWARE\MyBrowser 1.0.2V03.10-nv-ie
[!] Key Not Deleted : HKLM\SOFTWARE\shopperz011020151101
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Dock
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast-Search
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhraseProfessor_1.10.0.24
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinePlus-1.44V03.10
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinePlus-1.44V04.10
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser 1.0.2V03.10
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_gb_005010105_is1
[!] Key Not Deleted : [x64] HKCU\Software\AnyProtect
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\Nosibay
[!] Key Not Deleted : [x64] HKCU\Software\Optimizer Pro
[!] Key Not Deleted : [x64] HKCU\Software\Store
[!] Key Not Deleted : [x64] HKCU\Software\Tutorials
[!] Key Not Deleted : [x64] HKCU\Software\TutoTag
[!] Key Not Deleted : [x64] HKCU\Software\YTDownloader
[!] Key Not Deleted : [x64] HKCU\Software\WTools
[!] Key Not Deleted : [x64] HKCU\Software\CrossBrowser
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[!] Key Not Deleted : [x64] HKCU\Software\DeskBar
[!] Key Not Deleted : [x64] HKCU\Software\BrowserAir
[!] Key Not Deleted : [x64] HKCU\Software\CinePlus-1.44V03.10
[!] Key Not Deleted : [x64] HKCU\Software\CinePlus-1.44V03.10-nv-ie
[!] Key Not Deleted : [x64] HKCU\Software\CinePlus-1.44V04.10
[!] Key Not Deleted : [x64] HKCU\Software\CinePlus-1.44V04.10-nv-ie
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\MyBrowser
[!] Key Not Deleted : [x64] HKCU\Software\MyBrowser 1.0.2V03.10
[!] Key Not Deleted : [x64] HKCU\Software\MyBrowser 1.0.2V03.10-nv-ie
[!] Key Not Deleted : [x64] HKCU\Software\{5E3806DC-5791-452A-8A9E-134943F12304}
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\shopperz011020151101
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}_is1
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\AppDataLow\Software\SmartWeb
[!] Key Not Deleted : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[!] Data Not Restored : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2A39F228-3D25-4E20-9375-7AEEE201A158}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6096BCE6-1402-4965-BD4A-6DAAB907DCFE}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{65E9E5C6-D8F9-4EE4-B6E7-3915BB11CAC3}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2A39F228-3D25-4E20-9375-7AEEE201A158}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6096BCE6-1402-4965-BD4A-6DAAB907DCFE}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{65E9E5C6-D8F9-4EE4-B6E7-3915BB11CAC3}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
[!] Key Not Deleted : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2A39F228-3D25-4E20-9375-7AEEE201A158}
[-] Data Restored : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6096BCE6-1402-4965-BD4A-6DAAB907DCFE}
[!] Key Not Deleted : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{65E9E5C6-D8F9-4EE4-B6E7-3915BB11CAC3}
[!] Key Not Deleted : HKU\S-1-5-21-383635955-2260302333-3078040823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [35222 bytes] ##########


JRT Log Below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by Jo on 05/10/2015 at 21:17:01.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\DropboxOEM



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_147CC84D30D486F0D02EEA1B897A1BB4
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F7BBCB50319591201BA11175ACC40584



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\wbsvc



~~~ Files

Failed to delete: [File] C:\windows\system32\drivers\bsdriver.sys
Successfully deleted: [File] C:\windows\system32\drivers\cherimoya.sys
Successfully deleted: [File] C:\Users\Jo\Appdata\Local\nseF35C.tmp
Successfully deleted: [File] C:\Users\Jo\Appdata\Local\nsi6045.tmp
Successfully deleted: [File] C:\Users\Jo\Appdata\Local\nso9DC3.tmp
Successfully deleted: [File] C:\Users\Jo\Appdata\Local\nsoF904.tmp



~~~ Folders

Failed to delete: [Folder] C:\Program Files\shopperz011020151101
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Successfully deleted: [Folder] C:\Users\Jo\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Jo\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Jo\Appdata\LocalLow\company





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/10/2015 at 21:19:20.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jnnelias is offline  
Old 10-05-2015, 03:03 PM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jo,

Thanks for the logs. Logs looks good. Lets continue.

Please re-run FRST tool and attach fresh FRST.txt and Addition.txt.
__________________
tekir06 is offline  
Old 10-06-2015, 09:40 AM   #7
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8



Hi Tolga,

It is so much easier to use this computer now that all the pop ups have gone. Thanks you. Attached please find the requested logs.

Jo
Attached Files
File Type: txt Addition.txt (31.4 KB, 25 views)
File Type: txt FRST.txt (37.1 KB, 28 views)
jnnelias is offline  
Old 10-06-2015, 03:33 PM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jo,

You're welcome

This is good news. But it's not over yet. Lets move on. Please do the following instructions.

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (1.7 KB, 25 views)
__________________
tekir06 is offline  
Old 10-07-2015, 12:17 AM   #9
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8



As requested.

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Jo (2015-10-07 08:07:30) Run:1
Running from C:\Users\Jo\Desktop
Loaded Profiles: Jo (Available Profiles: Jo & John & tasha_000 & Liam)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {B5B09A67-FC4A-4AF8-A3FB-27FF59ED7108} - System32\Tasks\Delhivv => C:\Program Files\shopperz011020151101\Jewai.bat <==== ATTENTION
Task: {B79C7746-C950-4CB8-B6BD-0B3877319FD1} - System32\Tasks\{D59837DE-F0E7-4890-ACE6-D891B2CD5E93} => pcalua.exe -a C:\ProgramData\FlashBeat\uninstall.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-383635955-2260302333-3078040823-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R1 bsdriver; C:\windows\system32\drivers\bsdriver.sys [34720 2015-10-03] ()
2015-10-03 17:43 - 2015-10-03 17:43 - 00034720 _____ () C:\windows\system32\Drivers\bsdriver.sys
2015-10-03 17:41 - 2015-10-05 21:08 - 00004816 _____ C:\windows\SysWOW64\Kixjucfio.ini
2015-10-03 17:41 - 2015-10-05 21:08 - 00002528 _____ C:\windows\SysWOW64\KixjucfioOff.ini
2015-10-03 17:41 - 2015-10-05 21:08 - 00002528 _____ C:\windows\system32\KixjucfioOff.ini
2015-10-03 17:39 - 2015-10-05 21:18 - 00000000 ____D C:\Program Files\shopperz011020151101
2015-10-03 16:53 - 2015-10-03 16:53 - 00267776 _____ C:\windows\SysWOW64\bb.exe
2015-10-03 16:49 - 2015-10-05 20:53 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-03 12:34 - 2015-03-24 21:11 - 00000000 ____D C:\ProgramData\McAfee
2015-10-03 11:34 - 2015-07-18 17:30 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2015-08-05 13:03 - 2015-08-05 13:07 - 0022528 _____ () C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-24 20:30 - 2015-03-24 20:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
EmptyTemp:

*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5B09A67-FC4A-4AF8-A3FB-27FF59ED7108}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5B09A67-FC4A-4AF8-A3FB-27FF59ED7108}" => key removed successfully
C:\windows\System32\Tasks\Delhivv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Delhivv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B79C7746-C950-4CB8-B6BD-0B3877319FD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B79C7746-C950-4CB8-B6BD-0B3877319FD1}" => key removed successfully
C:\windows\System32\Tasks\{D59837DE-F0E7-4890-ACE6-D891B2CD5E93} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D59837DE-F0E7-4890-ACE6-D891B2CD5E93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-383635955-2260302333-3078040823-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
bsdriver => Unable to stop service.
bsdriver => service could not remove
Could not move "C:\windows\system32\Drivers\bsdriver.sys" => Scheduled to move on reboot.
C:\windows\SysWOW64\Kixjucfio.ini => moved successfully
C:\windows\SysWOW64\KixjucfioOff.ini => moved successfully
C:\windows\system32\KixjucfioOff.ini => moved successfully
C:\Program Files\shopperz011020151101 => moved successfully
C:\windows\SysWOW64\bb.exe => moved successfully
C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\windows\System32\Tasks\McAfee => moved successfully
C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
EmptyTemp: => 4.3 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-07 08:13:44)

"C:\windows\system32\Drivers\bsdriver.sys" => Could not move

==== End of Fixlog 08:13:44 ====
jnnelias is offline  
Old 10-07-2015, 02:45 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jo,

How is the machine behaving now? What problems do you still have?
__________________
tekir06 is offline  
Old 10-08-2015, 01:43 AM   #11
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8


Hi Tolga,

Only other problem I have is that Internet Explorer has been 'deleted' by the virus. The app has gone off the home screen and the link has gone off the toolbar on the desktop screen. I know it is still on the computer as it opens when I click on my pinned webpages, if I could get that back that would be helpful. otherwise machine is running as it was before infection.

Thanks for your help.

Jo
jnnelias is offline  
Old 10-08-2015, 03:55 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jo,

Please do the following instructions.

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

=====================================================

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 10-09-2015, 12:56 PM   #13
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8



Hi Tolga,

I ran Malware and it quarantined 39 detected items. While turning off for restart the machine hung and would not turn off so I had to reboot. When turning back on I had a message saying it needed to restart again and that Malware should be run a second time. I did this and there were no further detections. The I have attached both logs Scanninghistory1 is the first scan and Scanninghistory2 is the second scan.

Jo
Attached Files
File Type: txt Scanninghistorylog1.txt (6.6 KB, 23 views)
File Type: txt Scanninghistorylog2.txt (1.0 KB, 22 views)
jnnelias is offline  
Old 10-09-2015, 04:12 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jo,

Thanks for the log. Log looks good. Please do the following.

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 10-10-2015, 10:55 PM   #15
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8



Latest scan results posted below.

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\sma.exe.vir a variant of Win64/SBWatchman.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe.vir a variant of Win32/SpeedBit.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smw.sys.vir a variant of Win64/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbia.exe.vir a variant of Win64/SBWatchman.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbiw.sys.vir a variant of Win64/SBWatchman.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Ajeotjai.exe.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Amepmuf.dll.vir a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Amepmuf64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\dr_inst.exe.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Firle.dll.vir a variant of Win32/Toolbar.Perion.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Firle64.dll.vir a variant of Win64/Toolbar.Perion.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\gcpum.dll.vir Win32/Fingprint.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Hhsus.dll.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Hhsus64.dll.vir a variant of Win64/Toolbar.Perion.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\JeiuobCugwu.exe.vir a variant of Win32/Adware.PennyBee.AD application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\jiumnity.exe.vir a variant of Win32/RiskWare.Komodia.C application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\jiumnity64.exe.vir a variant of Win64/Riskware.Komodia.A application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Kixjucfio.dll.vir a variant of Win32/RiskWare.Komodia.I application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Kixjucfio.EXE.vir a variant of Win32/RiskWare.Komodia.J application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Kixjucfio64.dll.vir a variant of Win64/Riskware.Komodia.D application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Mahcul.exe.vir a variant of Win32/Toolbar.Perion.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Mahcul64.exe.vir a variant of Win64/Toolbar.Perion.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Oirer.dll.vir a variant of Win32/Toolbar.Perion.T potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Oirer64.dll.vir a variant of Win64/Toolbar.Perion.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Okokbamx.dll.vir a variant of Win32/Toolbar.Perion.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\rmvall.exe.vir a variant of Win32/Adware.PennyBee.AD application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Vubficvh.exe.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\wrapper.exe.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Firefox\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}.xpi.vir Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\WebBar\ISightSDK.dll.vir a variant of Win32/WebBar.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\WebBar\wbsvc.exe.vir a variant of MSIL/WebBar.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\WebBar\2.0.5659.26749\ISightSDK.dll.vir a variant of Win32/WebBar.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\WebBar\2.0.5659.26749\ISightSDK_x64.dll.vir Win64/WebBar.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\WebBar\2.0.5659.26749\wb.exe.vir a variant of MSIL/WebBar.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\A85E6518-1443863831-11E4-82A0-D05349E3FCC2\hnsj7A47.tmp.vir a variant of Win32/Adware.ConvertAd.ZE application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\A85E6518-1443863831-11E4-82A0-D05349E3FCC2\knsiDA6A.tmp.vir a variant of Win32/Adware.ConvertAd.AAI application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\A85E6518-1443863831-11E4-82A0-D05349E3FCC2\rnsq5758.exe.vir a variant of Win32/Adware.ConvertAd.AAC application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\A85E6518-1443863831-11E4-82A0-D05349E3FCC2\vnsv325E.tmp.vir a variant of Win32/Adware.ConvertAd.ZY application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtect.exe.vir Win32/AnyProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\Uninstall.exe.vir Win32/AnyProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V03.10\e31a9082-03d5-420d-a961-935022726e54-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V03.10\e31a9082-03d5-420d-a961-935022726e54-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V03.10\e31a9082-03d5-420d-a961-935022726e54-10.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V03.10\e31a9082-03d5-420d-a961-935022726e54-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V03.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V03.10\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V03.10\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V04.10\3c47534d-1500-4330-ae5b-5f42a0688a78-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V04.10\3c47534d-1500-4330-ae5b-5f42a0688a78-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V04.10\3c47534d-1500-4330-ae5b-5f42a0688a78-10.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V04.10\3c47534d-1500-4330-ae5b-5f42a0688a78-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V04.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V04.10\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.44V04.10\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe.vir a variant of Win32/AlteredSoftware.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\new_chrome.exe.vir a variant of Win32/AlteredSoftware.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe.vir a variant of Win32/Toolbar.CrossRider.CW potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe.vir a variant of Win32/AlteredSoftware.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrome.7z.vir a variant of Win32/AlteredSoftware.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe.vir a variant of Win32/AlteredSoftware.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\ACDLL.dll.vir a variant of Win32/Packed.Komodia.D suspicious application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\acengine.dll.vir a variant of Win32/Packed.Komodia.D suspicious application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\acengine.exe.vir a variant of Win32/Packed.Komodia.A suspicious application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\acenginecert.dll.vir a variant of Win32/Packed.Komodia.D suspicious application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\lengine.exe.vir a variant of Win32/Packed.Komodia.D suspicious application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\globalupdate.exe.vir Win32/AlteredSoftware.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdate.exe.vir Win32/AlteredSoftware.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe.vir Win32/AlteredSoftware.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe.vir Win32/AlteredSoftware.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe.vir Win32/AlteredSoftware.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir a variant of Win32/AlteredSoftware.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll.vir a variant of Win32/AlteredSoftware.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_gb_005010105\gamesdesktop_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_gb_005010105\gmsd_gb_005010105.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe.vir a variant of Win32/AlteredSoftware.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\utility.exe.vir a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe.vir a variant of Win32/AlteredSoftware.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrome.7z.vir a variant of Win32/AlteredSoftware.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe.vir a variant of Win32/AlteredSoftware.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V03.10\8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V03.10\8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V03.10\8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-10.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V03.10\8d0e2ef8-a4e4-4b53-8eb2-73479f3daded-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V03.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V03.10\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V03.10\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.01\OptimizerPro.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.01\OptProHelper.dll.vir a variant of Win32/OptimizerPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.01\OptProLauncher.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AC application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.01\OptProUninstaller.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.01\SafeCheckout.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AR application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PhraseProfessor_1.10.0.24\Service\ppsvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe.vir a variant of MSIL/Adware.Vitruvian.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe.vir a variant of Win32/ShopperPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.sys.vir a variant of Win64/ShopperPro.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe.vir a variant of Win32/SBWatchman.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir a variant of Win32/SBWatchman.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir a variant of Win32/SpeedBit.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\NSISHelper.dll.vir a variant of Win32/Adware.CouponMarvel.Q application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Local\DeskBar\dblaunch.exe.vir a variant of Win32/Goobzo.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Local\DeskBar\2.6.5.0\DeskBar.exe.vir a variant of MSIL/Goobzo.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Local\gmsd_gb_005010105\upgmsd_gb_005010105.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Local\gmsd_gb_005010105\Download\myoffergroup_gb4.exe.vir multiple threats
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Local\SmartWeb\SmartWebApp.exe.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Local\SmartWeb\SmartWebHelper.exe.vir Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Local\SmartWeb\swhk.dll.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Local\SmartWeb\__u.exe.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Update.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\Store\WindApp\WindApp Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\Store\WindApp\WindApp Update.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\VOPackage\VOPackage.exe.vir a variant of Win32/Adware.ConvertAd.AAI application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\WTools\Selection Tools\Selection Tools Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jo\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\windows\SysNative\Kixjucfio64.dll.vir a variant of Win64/Riskware.Komodia.D application
C:\AdwCleaner\Quarantine\C\windows\SysNative\drivers\ppfd_vt_1_10_0_24.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\windows\SysNative\drivers\ppfd_vw_1_10_0_24.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\acengine.dll.vir a variant of Win32/Packed.Komodia.D suspicious application
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\Kixjucfio.dll.vir a variant of Win32/RiskWare.Komodia.I application
C:\FRST\Quarantine\C\Program Files\shopperz011020151101\csrcc.exe a variant of Win32/Toolbar.Perion.R potentially unwanted application
C:\FRST\Quarantine\C\Program Files\shopperz011020151101\Socpaxe.dll a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\FRST\Quarantine\C\windows\SysWOW64\bb.exe.xBAD a variant of Win32/Toolbar.CrossRider.BX potentially unwanted application
jnnelias is offline  
Old 10-12-2015, 04:00 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello. Thanks for log. It seems the files in the quarantine folder other tools in the ESET log.

I don't see any issue in your logs. The issue does not seem malware related.

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.
Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn on Automatic Updates in Windows 8.1

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 8.1 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 10-14-2015, 03:34 AM   #17
Registered Member
 
Join Date: Jun 2010
Posts: 64
OS: windows 8



Thank you so much. All tools have now been uninstalled and the machine is running great. You are a superstar!

Jo
jnnelias is offline  
Old 10-14-2015, 04:27 AM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jo,

You're Welcome! Thank you for your patience and cooperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
fra.loadresync.net adding lines of code to webpage
In my case I am using Firefox to create automated test cases. During this process is discovered fra.loadresync.net was running a delaying my page loads and actions on a page, anytime the page went to gather information this site would be called. I have researched online and I find very little about...
kfoxsr Resolved HJT Threads 17 09-22-2015 11:21 AM
PC has the fbi virus and can't go into safe mode.
This is a continuation of this post: https://www.techsupportforum.com/forums/f284/pc-has-the-fbi-virus-and-cant-go-into-safe-mode-696891.html Sorry for the long response, I have not been able to use a computer until now. Ok, so I ran FST and the results are included in this post. ...
Crazy-U2_Nin-ja Inactive Malware Help Topics 30 08-31-2013 06:32 PM
BSODs on new install
OS - Windows 7 x64 What was original installed OS on system? OEM came with Vista, later upgraded to Windows 7 x86, recently to Windows 7 x64 full retail version Age of system (hardware) Main system was purchased 2007, DVD drives, motherboard original equipment. Two new HDD, Seagate...
KelvinF BSOD, App Crashes And Hangs 3 03-21-2013 07:42 PM
PCEU Virus = Complete lockdown
I'm wondering i lf anyone can help me. Basically here's the story, I was typing up on a document and suddenly my computer screen went to this whole police thing and said I need to pay a fine. I was scared out of my wits but then I researched it and found it was a virus called PCEU.So I restarted my...
bluedrakona Resolved HJT Threads 36 11-30-2012 09:03 AM
Rogue XP Antispyware 2012
Hi, My computer has apparently gotten the XP Antispyware 2012 virus. There are constant pop-ups that tell me that my computer is infected or that my privacy is being intruded. I always x out of these pop-ups but they keep coming back. In addition, there seems to be a fake Windows security center...
12Pineapple34 Resolved HJT Threads 20 01-19-2012 05:50 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:14 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts