Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Multiple Virus detection and Rogue Programs.

This is a discussion on Multiple Virus detection and Rogue Programs. within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have been passed a computer that appear to be badly infected with numerous nasties. Hopefully these are just adware


 
 
Thread Tools Search this Thread
Old 04-02-2014, 02:05 PM   #1
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



I have been passed a computer that appear to be badly infected with numerous nasties. Hopefully these are just adware but probably not

AVG reports the following

Adware MultiBundle.V
Adware Generic5.APKC
Adware Generic5.APFQ

Unfortunately the person has compounded the problem by downloading numerous PC speedup software offerings, the one I can see include

System Seedup
Optimizer Pro
SpeedUpMyPC
PC Speed Ip
PC Performer
PC Speed Maximizer

another program I don't recognise is
Advanced System Protector

Thankyou for any help you can give.

P.

Below is the DDS.txt file and attached is the attach.zip file as requested
-----------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16798 BrowserJavaVersion: 10.21.2
Run by rachstock at 21:32:13 on 2014-04-02
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.8078.1833 [GMT 1:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\PC Speed Up\PCSUService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~2\FROMDO~1\bar\2.bin\65barsvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\PROGRA~2\MAPSGA~1\bar\1.bin\39barsvc.exe
C:\windows\system32\mfevtps.exe
C:\PROGRA~2\POPULA~1\bar\3.bin\7ibarsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Fighters\FighterSuiteService.exe
C:\Users\rachstock\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\PROGRA~2\UTILIT~1\bar\1.bin\49barsvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files (x86)\Iminent\WinkHandler.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
C:\Program Files (x86)\Iminent\WinkHandler.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Re-Markable\Re-Markable_wd.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\AppIntegrator64.exe
C:\Program Files (x86)\FromDocToPDF_65\bar\2.bin\AppIntegrator64.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Free Ride Games\GPlayer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\rachstock\AppData\Local\iLivid\iLivid.exe
C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\PC Speed Maximizer\SPMReminder.exe
C:\Program Files (x86)\FastMediaConverter\FastMediaConverterApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ibrmon.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe
C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
C:\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65brmon.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files (x86)\Speed Analysis 3\BackgroundHost64.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\system32\msiexec.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\system32\wwahost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~1\mcafee\mqs\qcshm.exe
C:\PROGRA~2\COMMON~1\McAfee\Installer\mcinst.exe
C:\Program Files\Common Files\McAfee\VSCore\McVscIns.exe
C:\Program Files\Common Files\McAfee\VSCore\mfehidin.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p14_serp_ie_uk_display?ie=UTF8&tagbase=bds-p14&tbrId=v1_abb-channel-14_f8195d304f574e4b86c264cac6184ab7_16_37_20130707_GB_ie_sp_BD20130707
uDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
mStart Page = hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028&q={searchTerms}
mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028&q={searchTerms}
uURLSearchHooks: <No Name>: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65SrcAs.dll
uURLSearchHooks: <No Name>: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll
uURLSearchHooks: <No Name>: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
uURLSearchHooks: <No Name>: {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iSrcAs.dll
uURLSearchHooks: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
mURLSearchHooks: Begin-download FLV B2 Toolbar: {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files (x86)\Begin-download_FLV_B2\prxtbBegi.dll
mURLSearchHooks: Installl Converter Toolbar: {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - C:\Program Files (x86)\Installl_Converter\prxtbInst.dll
mWinlogon: Userinit = userinit.exe
BHO: Search Assistant BHO: {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll
BHO: Toolbar BHO: {0709f2cc-d1e6-4b43-9efc-1c0701cb173d} - C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ibar.dll
BHO: freeven: {11111111-1111-1111-1111-110511161180} - C:\Program Files (x86)\freeven\freeven-bho.dll
BHO: hdtotal1.2: {11111111-1111-1111-1111-110511291122} - C:\Program Files (x86)\hdtotal1.2\hdtotal1.2-bho.dll
BHO: iminent Helper Object: {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\bh\iminent.dll
BHO: PriceGong - Price Comparison: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll
BHO: Speed Analysis 2: {18DBB6CE-3148-4FEC-B481-103CB3290427} - C:\Program Files (x86)\Speed Analysis 2\ScriptHost.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Search Assistant BHO: {3a6625a2-591b-4e83-ac3f-8c25eea30ac0} - C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iSrcAs.dll
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.): {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll
BHO: Toolbar BHO: {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
BHO: Installl Converter Toolbar: {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - C:\Program Files (x86)\Installl_Converter\prxtbInst.dll
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
BHO: AVG Nation toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.3.0.49\AVG Nation toolbar_toolbar.dll
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll
BHO: Toolbar BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65bar.dll
BHO: Speed Analysis 3: {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - C:\Program Files (x86)\Speed Analysis 3\ScriptHost.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: DealPly Shopping: {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Begin-download FLV B2 Toolbar: {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files (x86)\Begin-download_FLV_B2\prxtbBegi.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} -
BHO: {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - <orphaned>
BHO: buenosearch Helper Object: {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch\buenosearch\1.8.21.22\bh\buenosearch.dll
BHO: Search Assistant BHO: {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65SrcAs.dll
BHO: AlxHelper Class: {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO: XBTBPos00 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Nation Toolbar\tbunsc1D91.tmp\tbcore3.dll
TB: Nation Toolbar: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\Nation Toolbar\tbunsc1D91.tmp\tbcore3.dll
TB: PopularScreensavers: {F339A07F-9578-412D-85E0-B8A80277151A} - C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ibar.dll
TB: MapsGalaxy: {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB: Utility Chest: {CF67755F-9265-449C-87CF-B945519E073B} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
TB: Begin-download FLV B2 Toolbar: {BD8006AA-6E85-4B36-BB42-7F97053D5B70} - C:\Program Files (x86)\Begin-download_FLV_B2\prxtbBegi.dll
TB: Installl Converter Toolbar: {6EC74131-08B2-4F67-A9BC-5914EF1EDB97} - C:\Program Files (x86)\Installl_Converter\prxtbInst.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Nation Toolbar: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\Nation Toolbar\tbunsc1D91.tmp\tbcore3.dll
TB: PopularScreensavers: {f339a07f-9578-412d-85e0-b8a80277151a} - C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ibar.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
TB: Amazon Browser Bar: {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
TB: FromDocToPDF: {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65bar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll
TB: Movies Toolbar (Dist. by Bandoo Media, Inc.): {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll
TB: Begin-download FLV B2 Toolbar: {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files (x86)\Begin-download_FLV_B2\prxtbBegi.dll
TB: buenosearch Toolbar: {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch\buenosearch\1.8.21.22\buenosearchTlbr.dll
TB: Installl Converter Toolbar: {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - C:\Program Files (x86)\Installl_Converter\prxtbInst.dll
TB: AVG Nation toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.3.0.49\AVG Nation toolbar_toolbar.dll
TB: Iminent Toolbar: {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminentTlbr.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DownloadManager] "C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe" /as
uRun: [FDPRO-516] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [AVG-Secure-Search-Update_0913b] C:\Users\rachstock\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 087cd0c1317147d39dc7d92928f7445c-5932566804f30aa6e7d22bee43be65babec9118f --CMPID 0913b
uRun: [iLivid] "C:\Users\rachstock\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\rachstock\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRun: [PC Speed Maximizer] C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
uRun: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PopularScreensavers_7i Browser Plugin Loader] C:\PROGRA~2\POPULA~1\bar\3.bin\7ibrmon.exe
mRun: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~1\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~1\bar\1.bin\39brmon.exe
mRun: [Utility Chest Search Scope Monitor] "C:\PROGRA~2\UTILIT~1\bar\1.bin\49srchmn.exe" /m=2 /w /h
mRun: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~2\UTILIT~1\bar\1.bin\49brmon.exe
mRun: [PopularScreensavers Search Scope Monitor] "C:\PROGRA~2\POPULA~1\bar\3.bin\7isrchmn.exe" /m=2 /w /h
mRun: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
mRun: [FromDocToPDF_65 Browser Plugin Loader] C:\PROGRA~2\FROMDO~1\bar\2.bin\65brmon.exe
mRun: [FromDocToPDF Search Scope Monitor] "C:\PROGRA~2\FROMDO~1\bar\2.bin\65srchmn.exe" /m=2 /w /h
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
mRunOnce: [SPUpdSentinel] "C:\Program Files (x86)\Common Files\Umbrella\Umbrella_bkp.exe" -SERVICEARGS=c
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\RACHST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\FASTME~1.LNK - C:\Program Files (x86)\FastMediaConverter\FastMediaConverterApp.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{51E2E9CD-74E7-49E4-B9D1-02A8375A975B} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{51E2E9CD-74E7-49E4-B9D1-02A8375A975B}\244524573796E6563737845726D2639323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{699950F8-CFCB-41B0-8CFF-61E8E57477B1} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
x64-mStart Page = hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
x64-mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028&q={searchTerms}
x64-mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
x64-mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028&q={searchTerms}
x64-BHO: weDownload: {11111111-1111-1111-1111-110411581120} - C:\Program Files (x86)\weDownload\weDownload-bho64.dll
x64-BHO: freeven: {11111111-1111-1111-1111-110511161180} - C:\Program Files (x86)\freeven\freeven-bho64.dll
x64-BHO: hdtotal1.2: {11111111-1111-1111-1111-110511291122} - C:\Program Files (x86)\hdtotal1.2\hdtotal1.2-bho64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll
x64-BHO: Speed Analysis 3: {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - C:\Program Files (x86)\Speed Analysis 3\ScriptHost64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [MapsGalaxy Home Page Guard 64 bit] "C:\PROGRA~2\MAPSGA~1\bar\1.bin\AppIntegrator64.exe"
x64-Run: [Utility Chest Home Page Guard 64 bit] "C:\PROGRA~2\UTILIT~1\bar\1.bin\AppIntegrator64.exe"
x64-Run: [PopularScreensavers Home Page Guard 64 bit] "C:\PROGRA~2\POPULA~1\bar\3.bin\AppIntegrator64.exe"
x64-Run: [FromDocToPDF Home Page Guard 64 bit] "C:\PROGRA~2\FROMDO~1\bar\2.bin\AppIntegrator64.exe"
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browsermngr.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-10 31544]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 340216]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-11-1 212280]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-10-21 252728]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-2-23 3782672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
R2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [2013-7-4 3422720]
R2 FromDocToPDF_65Service;FromDocToPDFService;C:\PROGRA~2\FROMDO~1\bar\2.bin\65barsvc.exe [2013-7-8 42504]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-27 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-12-27 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-27 166720]
R2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~1\bar\1.bin\39barsvc.exe [2013-7-6 42504]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-8-17 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-17 182752]
R2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\PC Speed Up\PCSUService.exe [2014-2-9 417072]
R2 PopularScreensavers_7iService;PopularScreensaversService;C:\PROGRA~2\POPULA~1\bar\3.bin\7ibarsvc.exe [2013-7-6 42504]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SProtection;SProtection;C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe [2014-3-11 2922304]
R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2013-5-29 1281568]
R2 TorchCrashHandler;Torch Crash Handler;C:\Users\rachstock\AppData\Local\Torch\Update\TorchCrashHandler.exe [2013-6-27 1205088]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-27 365376]
R2 Updater Service for AMZN;Updater Service for AMZN;C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2013-3-21 222368]
R2 UtilityChest_49Service;Utility ChestService;C:\PROGRA~2\UTILIT~1\bar\1.bin\49barsvc.exe [2013-7-6 42504]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-3-8 1770312]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-5-2 109064]
R2 WinkHandler;WinkHandler;C:\Program Files (x86)\Iminent\WinkHandler.exe [2014-3-11 425792]
R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2013-7-24 56136]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 Common Toolkit 2;Common Toolkit 2;C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [2013-5-17 338944]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-11-9 21152]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-9 342528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 515968]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-12-27 295056]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-27 683664]
S?2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-8-17 241456]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-18 69168]
S2 0273701396470287mcinstcleanup;McAfee Application Installer Cleanup (0273701396470287);C:\Users\RACHST~1\AppData\Local\Temp\027370~1.EXE -cleanup -nolog --> C:\Users\RACHST~1\AppData\Local\Temp\027370~1.EXE -cleanup -nolog [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/12/27 14:01:39;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-5-23 243728]
S2 dealplylive;DealPly Live Service (dealplylive);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-7-24 148000]
S2 Re-Markable;Re-Markable;C:\Program Files (x86)\Re-Markable\Re-Markable153.exe [2014-2-9 181760]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]
S3 dealplylivem;DealPly Live Service (dealplylivem);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-7-24 148000]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-22 106552]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2014-04-01 04:41:01 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-20 12:25:44 -------- d-----w- C:\Program Files (x86)\GUMEA7A.tmp
2014-03-11 19:17:44 -------- d-----w- C:\ProgramData\Oracle
2014-03-11 19:17:20 973736 ----a-w- C:\Windows\System32\deployJava1.dll
2014-03-11 19:17:19 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll
2014-03-11 19:16:58 -------- d-----w- C:\Program Files (x86)\melondrea
2014-03-11 19:16:45 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-03-11 19:14:48 -------- d-----w- C:\ProgramData\Systweak
2014-03-11 19:14:43 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2014-03-11 19:14:43 -------- d-----w- C:\Program Files (x86)\Advanced System Protector
2014-03-11 19:14:23 -------- d-----w- C:\Users\rachstock\AppData\Roaming\Advanced System Protector
2014-03-11 19:14:07 -------- d-----w- C:\Program Files (x86)\hdtotal1.2
2014-03-11 19:14:05 -------- d-----w- C:\Program Files (x86)\IminentToolbar
2014-03-11 19:13:55 -------- d-----w- C:\Users\rachstock\AppData\Roaming\IminentToolbar
2014-03-11 19:13:51 -------- d-----w- C:\Users\rachstock\AppData\Roaming\System Speedup
2014-03-11 19:13:42 -------- d-----w- C:\Users\rachstock\AppData\Roaming\systweak
2014-03-11 19:13:18 -------- d-----w- C:\Program Files (x86)\Common Files\Umbrella
2014-03-11 19:13:14 -------- d-----w- C:\Program Files (x86)\System Speedup
2014-03-11 19:13:14 -------- d-----w- C:\Program Files (x86)\Iminent
2014-03-07 22:05:28 -------- d-----w- C:\Users\rachstock\AppData\Roaming\AVG2014
2014-03-07 22:00:23 -------- d-----w- C:\Users\rachstock\AppData\Local\AVG Nation toolbar
2014-03-07 21:59:39 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-03-07 21:59:29 -------- d-----w- C:\ProgramData\AVG Nation toolbar
2014-03-07 21:59:27 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2014-03-07 21:59:22 -------- d-----w- C:\Program Files (x86)\AVG Nation toolbar
2014-03-07 21:54:26 -------- d-----w- C:\ProgramData\AVG2014
2014-03-07 21:51:31 -------- d-----w- C:\Program Files (x86)\Uninstaller
2014-03-07 21:49:31 -------- d-----w- C:\Users\rachstock\AppData\Local\Avg2014
2014-03-07 21:49:10 -------- d-----w- C:\Users\rachstock\AppData\Roaming\Uniblue
2014-03-07 21:49:10 -------- d-----w- C:\Program Files (x86)\Uniblue
2014-03-07 21:49:04 -------- d-----w- C:\Program Files (x86)\freeven
2014-03-07 21:30:03 -------- d-----w- C:\Users\rachstock\AppData\Local\iConvertor
.
==================== Find3M ====================
.
2014-02-20 17:03:06 401 ----a-w- C:\Users\rachstock\AppData\Roaming\sp_data.sys
2014-02-09 10:08:37 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-01 09:19:36 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-01 09:19:36 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-01 09:18:25 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-01 07:58:24 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-01 07:57:20 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-01 05:08:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-01-30 21:10:35 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 21:10:35 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-12 23:30:39 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-01-12 23:30:18 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 21:33:41.01 ===============
Attached Files
File Type: zip attach.zip (3.7 KB, 53 views)
loftyandroley is offline  
Sponsored Links
Advertisement
 
Old 04-07-2014, 12:20 PM   #2
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.
DrDOS is offline  
Old 04-08-2014, 06:56 PM   #3
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

Hello and welcome to TSF. My name is Drew and I will be helping you with the problem that brought you here. I am currently reviewing any log(s) you posted. If you haven't done so, Read This Before Posting For Malware Removal Help. This might be a good time to get familiar with what we can do, what you can expect from your visit at TSF and how you can help.

Take note of some guidelines for this fix so we can work together to resolve any issues.
  • Read my instructions completely. If you do not understand any step(s) provided, feel free to Stop before continuing and let me know what is unclear. I would much rather clarify instructions or explain them in a different way than have something important broken. There really is no "dumb" question here.
  • Perform everything in the order offered. Sometimes one step requires the previous one.
  • "Save it to your DeskTop" is said in many of our tools. In later versions of Windows, "where" to save a file is not always offered. The default location is
    C:\Users\rachstock\Downloads
    Move (or at least copy) your download from here, put on your DeskTop, and run the file from there based on the instructions given.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you to do so. If you can not post all Logfiles in one reply, feel free to use several posts. Please post these Logfiles in their entirety even if you are trying to show me something. Just add a NOTE and say so. I really need to see the whole picture.
  • Some malware may take a lot of steps to resolve, or in the worst case, reloading your system entirely. I can't stress enough the importance for you to backup any data. Whatever your method, it is an important step to do this before beginning any malware fix.
  • Refrain from making any changes to your computer including installing/uninstalling any programs, deleting files, modifying the registry, and running any scanners or tools unless I tell you to do so. Doing so could be confusing for me and cause changes to the directions I have to give you and extend the time required to fix your computer. Furthermore, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you need to change any passwords, please do so from another, clean computer. Using this one may make things worse for you.
  • Even if things appear to be better, it might not mean we are truly done. Please continue to follow my instructions and reply back until I give you the all clear. We do not want to clean you part-way, only to have the system re-infected for some reason. I will also give you some advice about prevention. Absence of symptoms does not always mean the computer is clean.
  • Please set your system to show all files. Each system is a bit different so again, ask if you're not sure how. Return this setting when done.
  • You may wish to Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near the top), then click Subscribe to this Thread. Make sure it is set to Instant Notification by email, then click Add Subscription.

If I haven't put you to sleep, let's proceed.


Quote:
I have been passed a computer that appear to be badly infected with numerous nasties. Hopefully these are just adware but probably not
You're right. I wouldn't want those on my computer either. Since your OS is Windows 8 and this is a new (at least to you) computer, have you considered this as an option?

A Windows 8 How-To: File History, Refresh and Reset - Page 2

The list you provided is just a sampling of what needs to be removed via Start->(or Computer)->Control Panel->(Programs)->Programs and Features. For instance:
  • Advanced System Protector<<Please read this

    Also delete the following Folders if they still exist:

    C:\Program Files\Advanced System Protector
  • PC Speed Up<<Please read this

    Also delete the following Folders if they still exist:

    C:\Program Files\PC Speed Up
  • Optimizer Pro<<Please read this

    Also delete the following Folders if they still exist:

    C:\Program Files\Optimizer Pro
  • SpeedUpMyPC<<Please read this

    Also delete the following Folders if they still exist:

    C:\Program Files\SpeedUpMyPC


Yes, we could remove these and the other bad guys.

Let me know your thoughts on this. Thanks.
DrDOS is offline  
Sponsored Links
Advertisement
 
Old 04-08-2014, 11:24 PM   #4
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Ok, I understand the reset and restore would be the quickest option and would definitely go this route if it were my computer. Although I have a lot of experience on computers I don't seem to get on well with windows8 and especially the iTunes product they have installed. They had previously asked me to try and transfer their library between the old computer and this one and no matter which route I took I was unable to achieve the desired result.

I also don;t know if they can get hold of initial disks.

Do you have a link to the best way of backing up and restoring the iTunes library and will the system reset require the initial install disks or does a windows8 installation do this from scratch.

I should be able to backup most of their other files myself.

BTW I have just seen the number of toolbars they have in internet explorer so may be the nuclear option is the best. One issue they have with the PC from what I see is they have no user accounts, everything seems to be under a single Admin login which the kids also use. If I create user accounts later will this prevent toolbars being installed or is their a way to disable them being added in explorer.


Regards
PCB.
loftyandroley is offline  
Old 04-08-2014, 11:41 PM   #5
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Drew,

I will also ask the person if they know all the passwords and usernames etc for any online things they use or if they rely on the browser remembering them.

PCB
loftyandroley is offline  
Old 04-09-2014, 09:13 AM   #6
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

Quote:
I also don;t know if they can get hold of initial disks.
You shouldn't need them. See this article

Quote:
They had previously asked me to try and transfer their library between the old computer and this one and no matter which route I took I was unable to achieve the desired result.

Do you have a link to the best way of backing up and restoring the iTunes library and will the system reset require the initial install disks or does a windows8 installation do this from scratch.
See if this doesn't answer both concerns.

Quote:
If I create user accounts later will this prevent toolbars being installed or is their a way to disable them being added in explorer.
Not sure if I know exactly what you mean. It's always a good idea to create user accounts separate from an administrator account. Any concerns can be addressed as they arise.


We should be able to clean up the adware fairly easily, then we can go from there to see if there is anything worse on the machine.


Let me know how you are going to proceed or if you have more questions.
DrDOS is offline  
Old 04-09-2014, 11:35 AM   #7
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Drew,

OK I would like then to try and remove the Adware. If nastier viruses are revealed below this then we can go to full re-install.

PCB.
loftyandroley is offline  
Old 04-09-2014, 06:55 PM   #8
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

Quote:
OK I would like then to try and remove the Adware. If nastier viruses are revealed below this then we can go to full re-install.
That's fine. Anything else we find we should be able to remove too. Refresh or Reset can be our "net" if we get into trouble. Let's get started.

  1. Normally I give a list like I did in a Post #3 but you have a lot (38) of programs on your computer that need to be removed. I'll just provide that list and you can go into your Control Panel via Start->(or Computer)->Control Panel->(Programs)->Programs and Features, removing any folders of the same name you find as well. (If you are at the Start screen, start typing "Control Panel" until recognized, and press Enter.) 1

    I suspect that most of the folders will be in the C:\Program Files (x86) folder but you can check the 64-bit folder C:\Program Files as well.

    == List of Programs to Remove ==

    • Advanced System Protector
    • Optimizer Pro
    • PC Speed Up
    • SpeedUpMyPC
    • Begin-download FLV B2 Toolbar for IE
    • Bueno Chrome Toolbar
    • buenosearch toolbar
    • Dealply
    • DealPly (remove only)
    • Delta Chrome Toolbar
    • Delta toolbar
    • DMUninstaller
    • FastMediaConverter
    • Free Ride Games Player
    • freeven
    • FULL-DISKfighter
    • iLivid
    • Iminent
    • Iminent Toolbar on IE and Chrome
    • MapsGalaxy Firefox Toolbar
    • MapsGalaxy Internet Explorer Toolbar
    • Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
    • MyPC Backup
    • Nation Toolbar
    • Search Protect
    • Solid Savings
    • Speed Analysis 2
    • Speed Analysis 3
    • SpeedUpMyPC
    • System Speedup
    • Torch
    • Updater Service
    • Wajam
    • weDownload
    • Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
    • WinFlash
    • WiseConvert
    • Zoom Downloader

    These entries are classified as malware, spyware, adware, or other potentially unwanted software.

  2. Please download Malwarebytes Anti-Rootkit (MBAR) from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

    Doubleclick on the MBAR file and allow it to run.

    • Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
    • mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
    • After reading the Introduction, click 'Next' if you agree.
    • On the Update Database screen, click on the 'Update' button.
    • Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

    With some infections, you may see two messages boxes:

    1. 'Could not load protection driver'. Click 'OK'.
    2. 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.

I'd like to see the log first so I can see what it may be targeting. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please post the contents of that log in your next reply.

There is another log I would like you to post. It can be found in the same folder. It is system-log.txt.


Logs I need from you (both in mbar folder on DeskTop)
  • MBAR-log-<date and time>***.txt
  • system-log.txt


1 Question: If I need to tailor my answers, are you using the Start screen?
DrDOS is offline  
Old 04-10-2014, 03:21 PM   #9
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Things are already looking better, at least the PC is at a useable speed.

I will probably want the amazon and google toolbars removed presumably in the same manner but this can be later.

I tend to run things from the dedsktop or by using the window-f key then searching for the file. I don't use windows 8 myself only on other peoples computers so I'm not overly familiar with the start screen I should however be able to follow any instructions you give.

I have removed everything apart from the ASUS WinFlash program which asks if I wan 147ee.msi to modify the computer. As this was different to all the others I though I would ask if it is OK to alllow this before proceeding.

Below is the logs you requested from mbar
----------------------------------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version: v2014.04.10.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
rachstock :: STOCKSEY73 [administrator]

10/04/2014 22:48:15
mbar-log-2014-04-10 (22-48-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 252736
Time elapsed: 16 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> No action taken.

Files Detected: 2
C:\Users\rachstock\AppData\Local\Temp\n1852\HDTotal_UK_1003-cc434dd1.exe (Heuristics.Shuriken) -> No action taken.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)









---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16798

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 8469909504, free: 6771585024

Downloaded database version: v2014.04.10.08
Canceled update
Downloaded database version: v2014.04.10.08
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
04/10/2014 22:48:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800aaaf740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000060\
Lower Device Object: 0xfffffa800bf74b00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007bea060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xfffffa800740f270
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007bea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007beaa30, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80066bf680, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800740f270, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A3362226

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3990418913
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 7f6ea309-1bab-4d4a-9090-5f8ed778c7
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3990418913
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 7f6ea309-1bab-4d4a-9090-5f8ed778c7
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 1911a6cf-3fb3-482e-a9c-adf7ec2c1936
FirstLBA 2048 Last LBA 616447
Attributes 0
Partition Name EFI system partition

GPT Partition 0 is bootable
Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID da68fad7-b4a8-4234-84d1-1e8656d17d2a
FirstLBA 616448 Last LBA 2459647
Attributes 1
Partition Name Basic data partition

Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b2d0ea0c-64c2-4535-bf3c-6acf8653ab2a
FirstLBA 2459648 Last LBA 2721791
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID af029779-e09a-4a94-88c3-333d9f956017
FirstLBA 2721792 Last LBA 784130047
Attributes 0
Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 30a505e4-fe71-4789-b286-cd6486f3b475
FirstLBA 784130048 Last LBA 1911560191
Attributes 0
Partition Name Basic data partition

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID af4e95d7-e18b-444b-aef5-e5c637ba81d
FirstLBA 1911560192 Last LBA 1953523711
Attributes 1
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800aaaf740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac99270, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800aaaf740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800bf74b00, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 8064 Numsec = 7800960

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 3998220288 bytes
Sector size: 512 bytes

Done!
Read File: File "c:\programdata\avg2014\chjw\58c2bbeec2bbce8e.dat:f76b3c6b-bafd-470f-adf9-b07db0402e0e" is sparse (flags = 32768)
Infected: C:\Users\rachstock\AppData\Local\Temp\n1852\HDTotal_UK_1003-cc434dd1.exe --> [Heuristics.Shuriken]
Infected file C:\Users\rachstock\AppData\Local\Temp\is45637729\184838721_stp\wajam_validate.exe could not be remediated because backup file is not available
Infected file C:\Users\rachstock\AppData\Local\Temp\is45637729\44230773_stp\wajam_validate.exe could not be remediated because backup file is not available
Infected: C:\ProgramData\IBUpdaterService\repository.xml --> [Adware.InstallBrain]
Infected: C:\ProgramData\IBUpdaterService --> [Adware.InstallBrain]
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished
loftyandroley is offline  
Old 04-11-2014, 12:56 PM   #10
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

I'll do the questions first.

Quote:
Things are already looking better, at least the PC is at a useable speed.
Always good to hear.

Quote:
I will probably want the amazon and google toolbars removed presumably in the same manner but this can be later.
Not sure I know exactly what you mean. If another tool says to remove anything, unless I say otherwise, please do so.

Quote:
I tend to run things from the dedsktop or by using the window-f key then searching for the file. I don't use windows 8 myself only on other peoples computers so I'm not overly familiar with the start screen I should however be able to follow any instructions you give.
Good.

Quote:
I have removed everything apart from the ASUS WinFlash program which asks if I wan 147ee.msi to modify the computer. As this was different to all the others I though I would ask if it is OK to alllow this before proceeding.
If you are removing it the way you did all others. go ahead.

  1. Doubleclick on the MBAR.exe file in the mbar folder and allow it to run again.

    • Check for Updates, then Scan your system for malware.
    • When the scan is finished, the tool will show up its findings.
    • Mark all of them and ensure the "Create restore point" box is checked.
    • Hit Cleanup - The tool will prompt you for a reboot, accept that.

    With some infections, you may see two messages boxes:

    1. 'Could not load protection driver'. Click 'OK'.
    2. 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

    Let me know how your system now responds. Need those two logs again.

  2. Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Logs I need from you
  • MBAR-log-<date and time>***.txt (in mbar folder on DeskTop)
  • system-log.txt (in mbar folder on DeskTop)
  • C:\AdwCleaner\AdwCleaner[R0].txt
DrDOS is offline  
Old 04-11-2014, 03:42 PM   #11
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



There were no abnormal messages running the malwarebytes cleanup.

don't know if this will be important but windows ran and installed its latest updates before I did these scans and logs.

Logs request below

PCB

------------------------# AdwCleaner v3.023 - Report created 11/04/2014 at 23:28:50
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : rachstock - STOCKSEY73
# Running from : C:\Users\rachstock\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : FromDocToPDF_65Service
Service Found : SProtection
Service Found : Updater Service for AMZN
Service Found : UtilityChest_49Service
Service Found : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Public\Desktop\PC Performer.lnk
File Found : C:\Users\rachstock\AppData\Roaming\speedanalysis.ico
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\Windows\System32\Tasks\Dealply
File Found : C:\Windows\System32\Tasks\hdtotal1.2-chromeinstaller
File Found : C:\Windows\System32\Tasks\hdtotal1.2-codedownloader
File Found : C:\Windows\System32\Tasks\hdtotal1.2-enabler
File Found : C:\Windows\System32\Tasks\hdtotal1.2-firefoxinstaller
File Found : C:\Windows\System32\Tasks\hdtotal1.2-updater
File Found : C:\Windows\System32\Tasks\PC Performer
File Found : C:\Windows\System32\Tasks\PC Performer_DEFAULT
File Found : C:\Windows\System32\Tasks\PC Performer_UPDATES
File Found : C:\Windows\System32\Tasks\Re-Markable Update
File Found : C:\Windows\System32\Tasks\Re-Markable_wd
File Found : C:\Windows\SysWOW64\p5PSSavr.scr
File Found : C:\Windows\Tasks\Dealply.job
File Found : C:\Windows\Tasks\hdtotal1.2-chromeinstaller.job
File Found : C:\Windows\Tasks\hdtotal1.2-codedownloader.job
File Found : C:\Windows\Tasks\hdtotal1.2-enabler.job
File Found : C:\Windows\Tasks\hdtotal1.2-firefoxinstaller.job
File Found : C:\Windows\Tasks\hdtotal1.2-updater.job
File Found : C:\Windows\Tasks\PC Performer_DEFAULT.job
File Found : C:\Windows\Tasks\PC Performer_UPDATES.job
File Found : C:\Windows\Tasks\Re-Markable Update.job
File Found : C:\Windows\Tasks\Re-Markable_wd.job
Folder Found : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Found : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg
Folder Found : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg
Folder Found C:\Program Files (x86)\Amazon Browser Bar
Folder Found C:\Program Files (x86)\AVG Nation toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\Umbrella
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\fileopenerpro
Folder Found C:\Program Files (x86)\FromDocToPDF_65
Folder Found C:\Program Files (x86)\hdtotal1.2
Folder Found C:\Program Files (x86)\Installl_Converter
Folder Found C:\Program Files (x86)\melondrea
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\Program Files (x86)\PopularScreensavers
Folder Found C:\Program Files (x86)\PriceGong
Folder Found C:\Program Files (x86)\UtilityChest_49
Folder Found C:\ProgramData\AVG Nation toolbar
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\DealPlyLive
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Found C:\Users\RACHST~1\AppData\Local\Temp\Iminent
Folder Found C:\Users\RACHST~1\AppData\Local\Temp\melondrea
Folder Found C:\Users\rachstock\AppData\Local\Amazon Browser Bar
Folder Found C:\Users\rachstock\AppData\Local\AVG Nation toolbar
Folder Found C:\Users\rachstock\AppData\Local\Conduit
Folder Found C:\Users\rachstock\AppData\Local\DealPlyLive
Folder Found C:\Users\rachstock\AppData\Local\FromDocToPDF_65
Folder Found C:\Users\rachstock\AppData\Local\genienext
Folder Found C:\Users\rachstock\AppData\Local\iac
Folder Found C:\Users\rachstock\AppData\Local\Mobogenie
Folder Found C:\Users\rachstock\AppData\Local\SearchProtect
Folder Found C:\Users\rachstock\AppData\Local\Zoom_Downloader
Folder Found C:\Users\rachstock\AppData\LocalLow\AVG Nation toolbar
Folder Found C:\Users\rachstock\AppData\LocalLow\Conduit
Folder Found C:\Users\rachstock\AppData\LocalLow\Delta
Folder Found C:\Users\rachstock\AppData\LocalLow\FromDocToPDF_65
Folder Found C:\Users\rachstock\AppData\LocalLow\iac
Folder Found C:\Users\rachstock\AppData\LocalLow\IminentToolbar
Folder Found C:\Users\rachstock\AppData\LocalLow\Installl_Converter
Folder Found C:\Users\rachstock\AppData\LocalLow\PopularScreensavers
Folder Found C:\Users\rachstock\AppData\LocalLow\PriceGong
Folder Found C:\Users\rachstock\AppData\LocalLow\searchresultstb
Folder Found C:\Users\rachstock\AppData\LocalLow\UtilityChest_49
Folder Found C:\Users\rachstock\AppData\Roaming\Advanced System Protector
Folder Found C:\Users\rachstock\AppData\Roaming\Babylon
Folder Found C:\Users\rachstock\AppData\Roaming\DealPly
Folder Found C:\Users\rachstock\AppData\Roaming\file scout
Folder Found C:\Users\rachstock\AppData\Roaming\IminentToolbar
Folder Found C:\Users\rachstock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\rachstock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found C:\Users\rachstock\AppData\Roaming\newnext.me
Folder Found C:\Users\rachstock\AppData\Roaming\PerformerSoft
Folder Found C:\Users\rachstock\AppData\Roaming\SpeedAnalysis2
Folder Found C:\Users\rachstock\AppData\Roaming\SpeedAnalysis3
Folder Found C:\Users\rachstock\AppData\Roaming\Systweak
Folder Found C:\Users\rachstock\AppData\Roaming\VOPackage
Folder Found C:\Users\rachstock\Documents\Mobogenie
Folder Found C:\Users\rachstock\Documents\PC Speed Maximizer

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\848c8be769e414
Key Found : HKCU\Software\Alexa Internet
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Found : HKCU\Software\AppDataLow\Software\hdtotal1.2
Key Found : HKCU\Software\AppDataLow\Software\Installl_Converter
Key Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Key Found : HKCU\Software\AppDataLow\Software\PopularScreensavers
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\UtilityChest_49
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Nation toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\DealPlyLive
Key Found : HKCU\Software\distromatic
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\FromDocToPDF_65
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\MapsGalaxy_39
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511161180}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511291122}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF67755F-9265-449C-87CF-B945519E073B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511161180}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511291122}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF67755F-9265-449C-87CF-B945519E073B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Found : HKCU\Software\Nation Toolbar
Key Found : HKCU\Software\PerformerSoft
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\UtilityChest_49
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\Alexa Internet
Key Found : [x64] HKCU\Software\AVG Nation toolbar
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\DealPlyLive
Key Found : [x64] HKCU\Software\distromatic
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\FromDocToPDF_65
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\MapsGalaxy_39
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Key Found : [x64] HKCU\Software\Nation Toolbar
Key Found : [x64] HKCU\Software\PerformerSoft
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\UtilityChest_49
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\848c8be769e414
Key Found : HKLM\Software\aartemisSoftware
Key Found : HKLM\Software\AVG Nation toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Found : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Found : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
Key Found : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{008F6853-9CB4-41C5-A950-39D55E5E06BA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291122}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222622278}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422582220}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292222}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23699B0B-C14D-4054-A545-FC0927BB0879}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2BB3E614-F616-42DD-A99A-69C1FC268741}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35274ADF-B8DE-4909-80D1-A26269216903}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F2F1B3C-EDA7-46EC-A1CA-12A67CD00A82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BBF357E-EA8C-48BF-83CA-DE279FB83BBA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AAFD84D-5F7F-42E5-9FB4-157925C3ED2F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FB5B50A-863D-4C0D-8E84-92A59565D087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83CE5D73-E3DE-4DC5-82C2-3B65DFD0A849}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{929825DF-A1B4-40C9-8F3C-6DA06BADC150}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A72B8EA8-5B63-4C90-9FE8-D9C76C99DE32}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C86BFADB-406F-47C7-A8D8-FAA37B39089F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF67755F-9265-449C-87CF-B945519E073B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D92EDE9A-70A4-469F-AF8F-38C3F278B0A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8E1BDAB-F48F-46F9-8693-4EECB83D1AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051680.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051680.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051680.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051680.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0052922.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0052922.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0052922.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0052922.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Found : HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Found : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165580}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295522}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296622}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D03FA45-4B8C-4427-BE67-EE8885147151}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3297964
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3299872
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{103E3C9A-E8AE-4B19-A339-01FE9439763E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{24486CE9-7BC2-4516-B743-39FFDD4F861B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{326C4F48-FE3B-4E54-9118-9B6C3B6C9B1E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39D884BB-2881-4F3A-B9B9-2D3AF4C2C191}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244624478}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444584420}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164480}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544294422}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{59E5BDB9-126F-4575-901E-D32132A19B94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5CF866F0-10A3-4ED4-9BE3-668F2F148E2F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{618B2F0C-A1AF-4D1D-9354-CF0C42AF5BCB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8EFEE482-37BC-4F3D-83E6-CB5BBE077E43}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CE1482C8-E8FD-4277-9A4F-094D712F6B60}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEFDBFA7-0F18-4216-8F90-6B6F71D6AB83}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F12BA68C-976E-4567-BA3B-629DFCEBC5FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F66F6A81-E727-4774-B461-8A5CB7F7DE07}
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DealPlyLive
Key Found : HKLM\Software\FromDocToPDF_65
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Found : HKLM\Software\hdtotal1.2
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\installedbrowserextensions
Key Found : HKLM\Software\Installl_Converter
Key Found : HKLM\Software\MapsGalaxy_39
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{242D8A1B-9DAE-488A-8A9B-70A5FA0BF162}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590f0a8a-1790-46ea-801c-990df74b8fe2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590f0a8a-1790-46ea-801c-990df74b8fe2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590f0a8a-1790-46ea-801c-990df74b8fe2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F3052D7-DFED-4AF3-952D-827DF4BC5FED}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{992177A5-DF3C-4EC2-B779-6A5F94704CCC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFBAF9B2-2093-4D16-9D1F-348AE68408E4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfe48d06-89a7-4ca8-afc3-1e422aba0fde}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfe48d06-89a7-4ca8-afc3-1e422aba0fde}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfe48d06-89a7-4ca8-afc3-1e422aba0fde}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511161180}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291122}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hdtotal1.2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Found : HKLM\Software\Nation Toolbar
Key Found : HKLM\Software\PerformerSoft
Key Found : HKLM\Software\PopularScreensavers
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\torch
Key Found : HKLM\Software\Umbrella
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\UtilityChest_49
Key Found : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292222}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165580}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295522}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166680}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296622}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Found : [x64] HKLM\SOFTWARE\Iminent
Key Found : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590f0a8a-1790-46ea-801c-990df74b8fe2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590f0a8a-1790-46ea-801c-990df74b8fe2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590f0a8a-1790-46ea-801c-990df74b8fe2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfe48d06-89a7-4ca8-afc3-1e422aba0fde}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfe48d06-89a7-4ca8-afc3-1e422aba0fde}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfe48d06-89a7-4ca8-afc3-1e422aba0fde}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CF67755F-9265-449C-87CF-B945519E073B}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7A55CBB2-2B2E-4A41-9DE1-6AC5D2C2BE0A}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CF67755F-9265-449C-87CF-B945519E073B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PopularScreensavers Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PopularScreensavers_7i Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Utility Chest Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [UtilityChest_49 Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]_65.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]_7i.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.aartemis.com/web/?type=ds&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.aartemis.com/web/?type=ds&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.aartemis.com/web/?type=ds&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://aartemis.com/?type=hp&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.aartemis.com/web/?type=ds&ts=1385748536&from=s32&uid=ST1000LM024XHN-M101MBB_S2TTJ9CCA33028&q={searchTerms}

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [57408 octets] - [11/04/2014 23:28:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [57469 octets] ##########
-----------------------------------------------------




Malwarebytes Anti-Rootkit BETA 1.07.0.1009
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version: v2014.04.11.13

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
rachstock :: STOCKSEY73 [administrator]

11/04/2014 22:59:03
mbar-log-2014-04-11 (22-59-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 253425
Time elapsed: 19 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.

Files Detected: 2
C:\Users\rachstock\AppData\Local\Temp\n1852\HDTotal_UK_1003-cc434dd1.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)




---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16798

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 8469909504, free: 6771585024

Downloaded database version: v2014.04.10.08
Canceled update
Downloaded database version: v2014.04.10.08
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
04/10/2014 22:48:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800aaaf740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000060\
Lower Device Object: 0xfffffa800bf74b00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007bea060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xfffffa800740f270
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007bea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007beaa30, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80066bf680, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800740f270, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A3362226

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3990418913
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 7f6ea309-1bab-4d4a-9090-5f8ed778c7
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3990418913
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 7f6ea309-1bab-4d4a-9090-5f8ed778c7
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 1911a6cf-3fb3-482e-a9c-adf7ec2c1936
FirstLBA 2048 Last LBA 616447
Attributes 0
Partition Name EFI system partition

GPT Partition 0 is bootable
Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID da68fad7-b4a8-4234-84d1-1e8656d17d2a
FirstLBA 616448 Last LBA 2459647
Attributes 1
Partition Name Basic data partition

Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b2d0ea0c-64c2-4535-bf3c-6acf8653ab2a
FirstLBA 2459648 Last LBA 2721791
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID af029779-e09a-4a94-88c3-333d9f956017
FirstLBA 2721792 Last LBA 784130047
Attributes 0
Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 30a505e4-fe71-4789-b286-cd6486f3b475
FirstLBA 784130048 Last LBA 1911560191
Attributes 0
Partition Name Basic data partition

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID af4e95d7-e18b-444b-aef5-e5c637ba81d
FirstLBA 1911560192 Last LBA 1953523711
Attributes 1
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800aaaf740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac99270, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800aaaf740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800bf74b00, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 8064 Numsec = 7800960

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 3998220288 bytes
Sector size: 512 bytes

Done!
Read File: File "c:\programdata\avg2014\chjw\58c2bbeec2bbce8e.dat:f76b3c6b-bafd-470f-adf9-b07db0402e0e" is sparse (flags = 32768)
Infected: C:\Users\rachstock\AppData\Local\Temp\n1852\HDTotal_UK_1003-cc434dd1.exe --> [Heuristics.Shuriken]
Infected file C:\Users\rachstock\AppData\Local\Temp\is45637729\184838721_stp\wajam_validate.exe could not be remediated because backup file is not available
Infected file C:\Users\rachstock\AppData\Local\Temp\is45637729\44230773_stp\wajam_validate.exe could not be remediated because backup file is not available
Infected: C:\ProgramData\IBUpdaterService\repository.xml --> [Adware.InstallBrain]
Infected: C:\ProgramData\IBUpdaterService --> [Adware.InstallBrain]
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16798

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 8469909504, free: 6723293184

Downloaded database version: v2014.04.11.13
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
04/11/2014 22:58:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007bea060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xfffffa800740f270
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007bea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007beaa30, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80066bf680, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800740f270, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A3362226

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3990418913
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 7f6ea309-1bab-4d4a-9090-5f8ed778c7
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3990418913
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 7f6ea309-1bab-4d4a-9090-5f8ed778c7
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 1911a6cf-3fb3-482e-a9c-adf7ec2c1936
FirstLBA 2048 Last LBA 616447
Attributes 0
Partition Name EFI system partition

GPT Partition 0 is bootable
Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID da68fad7-b4a8-4234-84d1-1e8656d17d2a
FirstLBA 616448 Last LBA 2459647
Attributes 1
Partition Name Basic data partition

Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b2d0ea0c-64c2-4535-bf3c-6acf8653ab2a
FirstLBA 2459648 Last LBA 2721791
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID af029779-e09a-4a94-88c3-333d9f956017
FirstLBA 2721792 Last LBA 784130047
Attributes 0
Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 30a505e4-fe71-4789-b286-cd6486f3b475
FirstLBA 784130048 Last LBA 1911560191
Attributes 0
Partition Name Basic data partition

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID af4e95d7-e18b-444b-aef5-e5c637ba81d
FirstLBA 1911560192 Last LBA 1953523711
Attributes 1
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Read File: File "c:\programdata\avg2014\chjw\58c2bbeec2bbce8e.dat:8927d317-5e2e-4b29-ae92-2a33e6ea7b12" is sparse (flags = 32768)
Infected: C:\Users\rachstock\AppData\Local\Temp\n1852\HDTotal_UK_1003-cc434dd1.exe --> [Heuristics.Shuriken]
Infected file C:\Users\rachstock\AppData\Local\Temp\is45637729\184838721_stp\wajam_validate.exe could not be remediated because backup file is not available
Infected file C:\Users\rachstock\AppData\Local\Temp\is45637729\44230773_stp\wajam_validate.exe could not be remediated because backup file is not available
Infected: C:\ProgramData\IBUpdaterService\repository.xml --> [Adware.InstallBrain]
Infected: C:\ProgramData\IBUpdaterService --> [Adware.InstallBrain]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished
loftyandroley is offline  
Old 04-13-2014, 08:31 AM   #12
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

Quote:
don't know if this will be important but windows ran and nstalled its latest updates before I did these scans and logs.
That should be fine.

  1. Double click on AdwCleaner.exe to run the tool again.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

  2. Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a check mark is placed next to:
      • Launch Malwarebytes' Anti-Malware, and removed from
      • Enable free trial of Malwarebytes Anti-Malware Premium, unless you plan on purchasing
    • Then click Finish.
    • If an update is ever found during any part of the scan, it will prompt you to download the latest version. Please do so.
    • Click on Scan Now.
    • When the scan is complete, click Quarantine All if anything found.
    • Click View detailed log even if No malicious items detected. Export to a .txt file and save to your DeskTop. Send me that log. Here's an example:
      mbam-(19-3-14)_(08-36-27).txt


    Of Special Note:
    **Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

    **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

DrDOS is offline  
Old 04-13-2014, 10:12 AM   #13
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Drew

Logs as requested below.

PCB

# AdwCleaner v3.023 - Report created 13/04/2014 at 17:27:26
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : rachstock - STOCKSEY73
# Running from : C:\Users\rachstock\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : FromDocToPDF_65Service
Service Deleted : SProtection
Service Deleted : Updater Service for AMZN
Service Deleted : UtilityChest_49Service
Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Nation toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DealPlyLive
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Program Files (x86)\Amazon Browser Bar
Folder Deleted : C:\Program Files (x86)\AVG Nation toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\fileopenerpro
Folder Deleted : C:\Program Files (x86)\FromDocToPDF_65
Folder Deleted : C:\Program Files (x86)\melondrea
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\PopularScreensavers
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\UtilityChest_49
Folder Deleted : C:\Program Files (x86)\hdtotal1.2
Folder Deleted : C:\Program Files (x86)\Installl_Converter
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Users\rachstock\AppData\Local\Amazon Browser Bar
Folder Deleted : C:\Users\rachstock\AppData\Local\AVG Nation toolbar
Folder Deleted : C:\Users\rachstock\AppData\Local\Conduit
Folder Deleted : C:\Users\rachstock\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\rachstock\AppData\Local\FromDocToPDF_65
Folder Deleted : C:\Users\rachstock\AppData\Local\genienext
Folder Deleted : C:\Users\rachstock\AppData\Local\iac
Folder Deleted : C:\Users\rachstock\AppData\Local\Mobogenie
Folder Deleted : C:\Users\rachstock\AppData\Local\SearchProtect
Folder Deleted : C:\Users\rachstock\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\RACHST~1\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\RACHST~1\AppData\Local\Temp\melondrea
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\AVG Nation toolbar
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\Delta
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\FromDocToPDF_65
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\iac
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\PopularScreensavers
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\UtilityChest_49
Folder Deleted : C:\Users\rachstock\AppData\LocalLow\Installl_Converter
Folder Deleted : C:\Users\rachstock\AppData\Roaming\Advanced System Protector
Folder Deleted : C:\Users\rachstock\AppData\Roaming\Babylon
Folder Deleted : C:\Users\rachstock\AppData\Roaming\DealPly
Folder Deleted : C:\Users\rachstock\AppData\Roaming\file scout
Folder Deleted : C:\Users\rachstock\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\rachstock\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\rachstock\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\rachstock\AppData\Roaming\SpeedAnalysis2
Folder Deleted : C:\Users\rachstock\AppData\Roaming\SpeedAnalysis3
Folder Deleted : C:\Users\rachstock\AppData\Roaming\Systweak
Folder Deleted : C:\Users\rachstock\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\rachstock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\rachstock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\rachstock\Documents\Mobogenie
Folder Deleted : C:\Users\rachstock\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg
Folder Deleted : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\PC Performer.lnk
File Deleted : C:\Windows\SysWOW64\p5PSSavr.scr
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\rachstock\AppData\Roaming\speedanalysis.ico
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\PC Performer
File Deleted : C:\Windows\Tasks\PC Performer_DEFAULT.job
File Deleted : C:\Windows\System32\Tasks\PC Performer_DEFAULT
File Deleted : C:\Windows\Tasks\PC Performer_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\PC Performer_UPDATES
File Deleted : C:\Windows\Tasks\Re-Markable Update.job
File Deleted : C:\Windows\System32\Tasks\Re-Markable Update
File Deleted : C:\Windows\Tasks\Re-Markable_wd.job
File Deleted : C:\Windows\System32\Tasks\Re-Markable_wd
File Deleted : C:\Windows\Tasks\hdtotal1.2-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\hdtotal1.2-chromeinstaller
File Deleted : C:\Windows\Tasks\hdtotal1.2-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\hdtotal1.2-codedownloader
File Deleted : C:\Windows\Tasks\hdtotal1.2-enabler.job
File Deleted : C:\Windows\System32\Tasks\hdtotal1.2-enabler
File Deleted : C:\Windows\Tasks\hdtotal1.2-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\hdtotal1.2-firefoxinstaller
File Deleted : C:\Windows\Tasks\hdtotal1.2-updater.job
File Deleted : C:\Windows\System32\Tasks\hdtotal1.2-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]_65.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]_7i.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051680.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051680.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051680.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051680.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0052922.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0052922.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0052922.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0052922.Sandbox.1
Key Deleted : HKCU\Software\848c8be769e414
Key Deleted : HKLM\SOFTWARE\848c8be769e414
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297964
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299872
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Utility Chest Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PopularScreensavers Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PopularScreensavers_7i Browser Plugin Loader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [UtilityChest_49 Browser Plugin Loader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{008F6853-9CB4-41C5-A950-39D55E5E06BA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23699B0B-C14D-4054-A545-FC0927BB0879}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BB3E614-F616-42DD-A99A-69C1FC268741}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35274ADF-B8DE-4909-80D1-A26269216903}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F2F1B3C-EDA7-46EC-A1CA-12A67CD00A82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BBF357E-EA8C-48BF-83CA-DE279FB83BBA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AAFD84D-5F7F-42E5-9FB4-157925C3ED2F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FB5B50A-863D-4C0D-8E84-92A59565D087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83CE5D73-E3DE-4DC5-82C2-3B65DFD0A849}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{929825DF-A1B4-40C9-8F3C-6DA06BADC150}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A72B8EA8-5B63-4C90-9FE8-D9C76C99DE32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C86BFADB-406F-47C7-A8D8-FAA37B39089F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF67755F-9265-449C-87CF-B945519E073B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D92EDE9A-70A4-469F-AF8F-38C3F278B0A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8E1BDAB-F48F-46F9-8693-4EECB83D1AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291122}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222622278}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422582220}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292222}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D03FA45-4B8C-4427-BE67-EE8885147151}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165580}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295522}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296622}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103E3C9A-E8AE-4B19-A339-01FE9439763E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{24486CE9-7BC2-4516-B743-39FFDD4F861B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{326C4F48-FE3B-4E54-9118-9B6C3B6C9B1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39D884BB-2881-4F3A-B9B9-2D3AF4C2C191}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{59E5BDB9-126F-4575-901E-D32132A19B94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5CF866F0-10A3-4ED4-9BE3-668F2F148E2F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{618B2F0C-A1AF-4D1D-9354-CF0C42AF5BCB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8EFEE482-37BC-4F3D-83E6-CB5BBE077E43}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CE1482C8-E8FD-4277-9A4F-094D712F6B60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEFDBFA7-0F18-4216-8F90-6B6F71D6AB83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F12BA68C-976E-4567-BA3B-629DFCEBC5FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F66F6A81-E727-4774-B461-8A5CB7F7DE07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244624478}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444584420}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164480}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544294422}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511161180}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291122}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF67755F-9265-449C-87CF-B945519E073B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511161180}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511291122}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF67755F-9265-449C-87CF-B945519E073B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511161180}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511291122}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{992177A5-DF3C-4EC2-B779-6A5F94704CCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFBAF9B2-2093-4D16-9D1F-348AE68408E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590f0a8a-1790-46ea-801c-990df74b8fe2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfe48d06-89a7-4ca8-afc3-1e422aba0fde}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{242D8A1B-9DAE-488A-8A9B-70A5FA0BF162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F3052D7-DFED-4AF3-952D-827DF4BC5FED}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CF67755F-9265-449C-87CF-B945519E073B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CF67755F-9265-449C-87CF-B945519E073B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7A55CBB2-2B2E-4A41-9DE1-6AC5D2C2BE0A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292222}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165580}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295522}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296622}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590f0a8a-1790-46ea-801c-990df74b8fe2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfe48d06-89a7-4ca8-afc3-1e422aba0fde}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPlyLive
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\MapsGalaxy_39
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\UtilityChest_49
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Key Deleted : HKCU\Software\AppDataLow\Software\PopularScreensavers
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\UtilityChest_49
Key Deleted : HKCU\Software\AppDataLow\Software\hdtotal1.2
Key Deleted : HKCU\Software\AppDataLow\Software\Installl_Converter
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\aartemisSoftware
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPlyLive
Key Deleted : HKLM\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\MapsGalaxy_39
Key Deleted : HKLM\Software\Nation Toolbar
Key Deleted : HKLM\Software\PerformerSoft
Key Deleted : HKLM\Software\PopularScreensavers
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\UtilityChest_49
Key Deleted : HKLM\Software\hdtotal1.2
Key Deleted : HKLM\Software\Installl_Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hdtotal1.2
Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [57918 octets] - [11/04/2014 23:28:50]
AdwCleaner[R1].txt - [57979 octets] - [13/04/2014 17:25:50]
AdwCleaner[S0].txt - [55376 octets] - [13/04/2014 17:27:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [55437 octets] ##########




________________________________________________________________


Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 13/04/2014
Scan Time: 17:52:51
Logfile: mbam-(13-3-14)_(17-52-51).txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: rachstock

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 243689
Time Elapsed: 9 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\AppIntegrator64.exe, 3636, Delete-on-Reboot, [55f414ebdc9e1620e3fc2196ad56b34d]

Modules: 0
(No malicious items detected)

Registry Keys: 20
PUP.Optional.AudioToAudioToolBar.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PopularScreensavers_7iService, Quarantined, [f7526e91aecc1323544b552e1be5bf41],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{16f059cb-3d3f-4ecc-b426-bafa47233676}, Quarantined, [e465d7287ffb12241f99e15dad55a25e],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4ab7647f-75b6-4486-9584-efee06afee68}, Quarantined, [e465d7287ffb12241f99e15dad55a25e],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AE20B22F-60C1-4753-ABAE-459C85D3E303}, Quarantined, [e465d7287ffb12241f99e15dad55a25e],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AE20B22F-60C1-4753-ABAE-459C85D3E303}, Quarantined, [e465d7287ffb12241f99e15dad55a25e],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4ab7647f-75b6-4486-9584-efee06afee68}, Quarantined, [e465d7287ffb12241f99e15dad55a25e],
PUP.Optional.Melondrea.A, HKU\S-1-5-21-3413566485-2077981265-676840433-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{16F059CB-3D3F-4ECC-B426-BAFA47233676}, Quarantined, [e465d7287ffb12241f99e15dad55a25e],
PUP.Optional.Melondrea.A, HKU\S-1-5-21-3413566485-2077981265-676840433-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{16F059CB-3D3F-4ECC-B426-BAFA47233676}, Quarantined, [e465d7287ffb12241f99e15dad55a25e],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\PopularScreensavers_7i.SkinLauncherSettings, Quarantined, [1633b54aa7d3f442fb613d38d42e9967],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\PopularScreensavers_7i.SkinLauncherSettings.1, Quarantined, [bc8d21de3f3b5bdb203ca6cf10f214ec],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PopularScreensavers_7i.SkinLauncherSettings, Quarantined, [bc8d21de3f3b5bdb203ca6cf10f214ec],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PopularScreensavers_7i.SkinLauncherSettings.1, Quarantined, [bc8d21de3f3b5bdb203ca6cf10f214ec],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\CLASSES\AlxTB2.AlxHelper, Quarantined, [e46539c67208e650c6a6cca99a68768a],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\CLASSES\AlxTB2.AlxHelper.1, Quarantined, [b69359a6ceac1b1b5a124d2805fd867a],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AlxTB2.AlxHelper, Quarantined, [b69359a6ceac1b1b5a124d2805fd867a],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AlxTB2.AlxHelper.1, Quarantined, [b69359a6ceac1b1b5a124d2805fd867a],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\WOW6432NODE\melondrea, Quarantined, [72d7a6591565b4829effc6c8877bc33d],
PUP.Optional.SolidSavings.A, HKLM\SOFTWARE\WOW6432NODE\Solid Savings, Quarantined, [86c3fd02b8c26fc7f6f7aae1e51d8e72],
PUP.Optional.Iminent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinkHandler, Quarantined, [b495c837f8821c1a9dd3167f38cabf41],
PUP.Optional.Melondrea.A, HKU\S-1-5-21-3413566485-2077981265-676840433-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\melondrea, Quarantined, [ba8f45ba2c4e4de959435d31837f23dd],

Registry Values: 3
PUP.Optional.MindSpark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Utility Chest Home Page Guard 64 bit, "C:\PROGRA~2\UTILIT~1\bar\1.bin\AppIntegrator64.exe", Quarantined, [56f30df27a006fc727b813a413f003fd]
PUP.Optional.MindSpark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PopularScreensavers Home Page Guard 64 bit, "C:\PROGRA~2\POPULA~1\bar\3.bin\AppIntegrator64.exe", Quarantined, [55f414ebdc9e1620e3fc2196ad56b34d]
PUP.Optional.MindSpark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FromDocToPDF Home Page Guard 64 bit, "C:\PROGRA~2\FROMDO~1\bar\2.bin\AppIntegrator64.exe", Quarantined, [0841ba45027838fec01f61569c67837d]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\CT3317212, Quarantined, [87c20ef1e694ab8b44c088ff7b8747b9],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\CT3318857, Quarantined, [13368d72eb8fb581bd47abdcb1513ac6],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\CT3319611, Quarantined, [2d1ca35cde9c86b03fc5c6c1758d36ca],
PUP.Optional.CrossRider.A, C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg, Quarantined, [460318e7b9c18da93c543f4b21e1619f],
PUP.Optional.PriceGong.A, C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, Quarantined, [e069ed124c2eea4cff1cdcaf21e18e72],
PUP.Optional.CrossRider.A, C:\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg, Quarantined, [f7524cb3b0ca15216a0e0c7f758d50b0],

Files: 57
PUP.Optional.AudioToAudioToolBar.A, C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ibarsvc.exe, Delete-on-Reboot, [f7526e91aecc1323544b552e1be5bf41],
PUP.Optional.Aartemis.A, C:\Users\rachstock\AppData\Local\Temp\1384432943_s32_aartemis_20131111182247.exe, Quarantined, [aa9fc03f156588ae139c393d25dcce32],
PUP.Optional.Babylon.A, C:\Users\rachstock\AppData\Local\Temp\D0CD.tmp, Quarantined, [1336d827c0bac076897d016bf50b8c74],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\nsnC738.exe, Quarantined, [0f3ab8473644f541ef51ef71a061fb05],
PUP.Optional.InstallCore.A, C:\Users\rachstock\AppData\Local\Temp\ICReinstall_Setup.exe, Quarantined, [4ffa45ba28528da9666a53cdec18f20e],
PUP.Optional.SearchProtect.A, C:\Users\rachstock\AppData\Local\Temp\nsbDB31.exe, Quarantined, [e76287788ded0333fb59c6a57d8460a0],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\nsbE4DE.exe, Quarantined, [9aaf04fb58220c2a9da3b7a9d32ec13f],
PUP.Optional.PriceGong.A, C:\Users\rachstock\AppData\Local\Temp\cheFFC.tmp, Quarantined, [28211de2db9f3afcb153e1c0f8095da3],
PUP.Optional.BundleInstaller.A, C:\Users\rachstock\AppData\Local\Temp\bhs67E7.tmp, Quarantined, [2623ab5461198da92964bfc39967d42c],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\nsh3B4.exe, Quarantined, [6edb8877a0da6cca85bb58083cc513ed],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\nsk23D2.exe, Quarantined, [4ffa1ee1b3c7b77fac940060669b0cf4],
PUP.Optional.Conduit, C:\Users\rachstock\AppData\Local\Temp\tbBeg2.dll, Quarantined, [77d235cae19981b568fed4a951aff907],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\nsd1DC3.exe, Quarantined, [53f623dcaad0171ffe42a4bc81806c94],
PUP.Optional.SearchProtect.A, C:\Users\rachstock\AppData\Local\Temp\nskD813.exe, Quarantined, [a8a19f60b3c7ef4784d08cdff40d6b95],
PUP.Optional.SearchProtect.A, C:\Users\rachstock\AppData\Local\Temp\nsw2913.exe, Quarantined, [54f5c53ad4a611256be9b0bb5ba6649c],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\SPStub.exe, Quarantined, [b495aa554634bf77bcc0f36b47ba6e92],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\SPWrap.exe, Quarantined, [95b4e51a0476c27429536ef0fc05e31d],
PUP.Optional.SpeedUpMyPC, C:\Users\rachstock\AppData\Local\Temp\d77b7fdf-da17-4af2-93d6-293ad6023e1d\software\speedupmypc.exe, Quarantined, [be8b1be46713c96d5196c2de39c8c937],
PUP.Optional.SpeedUpMyPC, C:\Users\rachstock\AppData\Local\Temp\is-R69DB.tmp\SpeedUpMyPC-standalone-setup.exe, Quarantined, [f15832cd780230068463f7a998698878],
PUP.Optional.Iminent.A, C:\Users\rachstock\AppData\Local\Temp\n1852\Iminent_1712-b2fcad5e.exe, Quarantined, [6edba35c99e1c3730ef4cfb7dd2413ed],
PUP.Optional.Rapiddown, C:\Users\rachstock\AppData\Local\Temp\n1852\s1852.exe, Quarantined, [1c2d16e95a200b2b83b2129150b1fb05],
PUP.Optional.Iminent, C:\Users\rachstock\AppData\Local\Temp\RarSFX0\MetroInstallerAPP.exe, Quarantined, [f7524cb351291521eec8d871ae53ca36],
PUP.Optional.Iminent, C:\Users\rachstock\AppData\Local\Temp\RarSFX0\MetroInstallPack.MIP, Quarantined, [2e1b758a502a1d1931852d1c0100ce32],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\CF47.tmp\bin\SPHook64.dll_20131129180611.474, Quarantined, [1a2ff90690eaab8bbc843d23669bcf31],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus181E\CrxUpdater_d.exe, Quarantined, [67e2a45b88f2cc6aa21a52c402022dd3],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus2326\CrxUpdater_d.exe, Quarantined, [88c1f50af6842b0b9d1f8096e81c4ab6],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus232B\CrxUpdater_d.exe, Quarantined, [4bfe6d929ddd49ed16a6f422b351c13f],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus26F\CrxUpdater_d.exe, Quarantined, [361328d772083bfb803c3bdbeb191ae6],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus2946\CrxUpdater_d.exe, Quarantined, [97b200ffe793ca6cc9f3888ede26a65a],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus3DE0\CrxUpdater_d.exe, Quarantined, [0247a7586614f04613a9c35357adec14],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus41E9\CrxUpdater_d.exe, Quarantined, [91b8bb4494e6cd69665655c135cf817f],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus4368\CrxUpdater_d.exe, Quarantined, [4cfdb44be4961e189a2252c45aaa6e92],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus49E0\CrxUpdater_d.exe, Quarantined, [3415c8375f1b5adce9d319fdb0545ea2],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus4F2F\CrxUpdater_d.exe, Quarantined, [83c613eca3d752e403b9b165ce36ea16],
PUP.Optional.BabSolution.A, C:\Users\rachstock\AppData\Local\Temp\bus502C\BUSolution.dll, Quarantined, [e36647b89ae0ee48153de866be43ba46],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus539D\CrxUpdater_d.exe, Quarantined, [e564d02f9bdf52e4299348ce40c409f7],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus568E\CrxUpdater_d.exe, Quarantined, [80c9e61938426ec8b50764b23acadf21],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus8D0C\CrxUpdater_d.exe, Quarantined, [c98002fddc9e88aea4181402e81ce41c],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus996D\CrxUpdater_d.exe, Quarantined, [56f37e81e694e650caf24dc992729e62],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus9CD8\CrxUpdater_d.exe, Quarantined, [6ddc0af57cfee155992344d221e3dc24],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\busBCC2\CrxUpdater_d.exe, Quarantined, [51f818e76e0cf93dd5e73dd91ee6a15f],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\busC098\CrxUpdater_d.exe, Quarantined, [5fea5aa509717cba714b37dfe123b24e],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\busCE7\CrxUpdater_d.exe, Quarantined, [83c608f77703da5c497346d012f2c53b],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\busCF86\CrxUpdater_d.exe, Quarantined, [71d824db700aba7c7e3e070f36ce728e],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\busDD37\CrxUpdater_d.exe, Quarantined, [6fdad9265b1fac8a5c609185a85cf40c],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\busE088\CrxUpdater_d.exe, Quarantined, [9eabb44b017968cef3c94fc7ce36e917],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus12BC\CrxUpdater_d.exe, Quarantined, [3c0d8f706515023403b91df96f954cb4],
PUP.Optional.CRX.A, C:\Users\rachstock\AppData\Local\Temp\bus1599\CrxUpdater_d.exe, Quarantined, [d277ef10f88289adead2e036c93bdc24],
PUP.Optional.Babylon.A, C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Setup.exe, Quarantined, [92b73ec1b1c99f970150a1aced148080],
PUP.Optional.Delta, C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Latest\MyDeltaTB.exe, Quarantined, [51f84fb0720887af0ce7bf8bbf42c838],
PUP.Optional.Babylon.A, C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Latest\CrxInstaller.dll, Quarantined, [73d651ae9fdb42f466a1de7d9c65d12f],
PUP.Optional.PCOptimizerPro, C:\Windows\Temp\Optimizer_Pro.exe, Quarantined, [c7829a65097185b1a33bba92e21f18e8],
PUP.Optional.IBryte.A, C:\Users\rachstock\Downloads\Setup.exe, Quarantined, [321758a71367979f4b0fa7a21de4bd43],
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\AppIntegrator64.exe, Delete-on-Reboot, [55f414ebdc9e1620e3fc2196ad56b34d],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\CT3317212\ddt.csf, Quarantined, [87c20ef1e694ab8b44c088ff7b8747b9],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\CT3318857\ddt.csf, Quarantined, [13368d72eb8fb581bd47abdcb1513ac6],
PUP.Optional.Conduit.A, C:\Users\rachstock\AppData\Local\Temp\CT3319611\ddt.csf, Quarantined, [2d1ca35cde9c86b03fc5c6c1758d36ca],

Physical Sectors: 0
(No malicious items detected)


(end)
loftyandroley is offline  
Old 04-13-2014, 11:23 AM   #14
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Drew,

Malware bytes was unable to access update server. database dated v2014.03.04.09

PCB
loftyandroley is offline  
Old 04-14-2014, 02:55 PM   #15
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

Thanks for those logs.

Quote:
Malware bytes was unable to access update server. database dated v2014.03.04.09
Servers can be busy for various reasons. Traffic, outages .. check back periodically and you should be fine. I was able to contact their server even though I didn't need an update. Can you access the mbam servers now?
  1. Regarding Refresh or Reset, good to know - Refreshing Your PC Won’t Help: Why Bloatware is Still a Problem on Windows 8

  2. Please run this online scan to help look for remnants. If you have any, ensure your external and/or USB drives are inserted during the scan.

    Go here to run an online scannner from ESET.

    In Microsoft Windows Vista/Win7/Win8, you must open the Web browser via a right-click using the 'Run as administrator' command.

    • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is ticked
    • Click on Advanced Settings, ensure these options are ticked
      • Scan for potentially unwanted applications,
      • Scan for potentially unsafe applications, and
      • Enable Anti-Stealth Technology
    • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
    • Tick all the boxes that correspond to your external/inserted drives.
    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Close the ESET online scan, and let me know how things are now.
DrDOS is offline  
Old 04-14-2014, 10:42 PM   #16
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Drew

Malware bytes updated and found no threats.
Eset found a few most are the quarantined remenants of already removed software and a few old install files but there are possibly some still hanging around. Logs attached below

PCB.

---------------------------------------------------------------------
C:\$Recycle.Bin\S-1-5-21-3413566485-2077981265-676840433-1001\$RK7OUVS.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3413566485-2077981265-676840433-1001\$R0FXAG2\Datamngr\del_DM_LL_nsk9D19.dll Win32/Toolbar.SearchSuite.F potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3413566485-2077981265-676840433-1001\$R0FXAG2\Datamngr\x64\del_DM_LL_nsk9D19.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3413566485-2077981265-676840433-1001\$RK5YVTG\PCPerformer.dll Win32/PCPerformer.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Amazon Browser Bar\search_protect.exe.vir Win32/Distromatic.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65barsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65bprtct.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65impipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65Plugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65reghk.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\65SrchMn.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\NP65Stub.dll.vir Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\2.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\utils.exe.vir Win32/Toolbar.CrossRider.AB potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter\hk64tbInst.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter\hktbInst.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter\Installl_ConverterToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter\ldrtbInst.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter\prxtbInst.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter\tbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\melondrea\melondreaUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5Html.dll.vir a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5PSSavr.scr.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5ScrCtr.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\FF\plugins\npPriceGong_FF.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49bprtct.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49impipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49Plugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49reghk.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll.vir Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir Win32/Toolbar.Babylon.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Conduit\CT3299872\Installl_ConverterAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js.vir Win32/PriceGong.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg\1.26.22_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\hk64tbIns0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\hk64tbInst.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\hktbIns0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\hktbInst.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\ldrtbIns0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\ldrtbInst.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\tbIns0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\tbIns1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\tbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\Installl_Converter\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\LocalLow\PriceGong\ext\ext_e.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Roaming\SpeedAnalysis3\install_helper.exe.vir Win32/bProtector.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Roaming\VOPackage\Setup.exe.vir a variant of Win32/InstallCore.JA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\rachstock\AppData\Roaming\VOPackage\VOPackage.exe.vir Win32/VuuPc.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\p5PSSavr.scr.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\AppIntegratorStub64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\Hpg64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\2.bin\AppIntegratorStub64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\2.bin\Hpg64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iauxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ibar.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ibprtct.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ibrmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7idatact.dll a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ihtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iimpipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iPlugin.dll probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7ireghk.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iskin.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iskplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\7iSrchMn.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\AppIntegratorStub64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\CREXT.DLL a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\Hpg64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\NP7iStub.dll Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\Program Files (x86)\PopularScreensavers_7i\bar\3.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\Program Files (x86)\Re-Markable\Re-Markable_wd.exe a variant of Win32/AdWare.AddLyrics.AJ application
C:\Program Files (x86)\Re-Markable\Uninstall.exe Win32/AdWare.AddLyrics.AE application
C:\Program Files (x86)\SearchProtect687795984\Main\bin\CltMngSvc.exe Win32/Conduit.SearchProtect.F potentially unwanted application
C:\Program Files (x86)\SearchProtect687795984\Main\bin\SPTool.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\SearchProtect687795984\Main\bin\uninstall.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\SearchProtect687795984\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\Program Files (x86)\SearchProtect687795984\SearchProtect\bin\SPTool64.exe a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect687795984\SearchProtect\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\SearchProtect687795984\SearchProtect\bin\SPVC32Loader.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\SearchProtect687795984\SearchProtect\bin\SPVC64.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect687795984\SearchProtect\bin\SPVC64Loader.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\Users\rachstock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T108D9X\728x90[1].htm HTML/Iframe.B.Gen virus
C:\Users\rachstock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59IHKT2T\FkwJYTM0uSREALpiYfM7_9mhb53qbQfdyzaJvdC0tqQqidK_[1].htm SWF/Exploit.CVE-2014-0322.B trojan
C:\Users\rachstock\AppData\Local\Temp\1374592013_PCSpeedMaximizer.exe a variant of Win32/SpeedingUpMyPC.F application
C:\Users\rachstock\AppData\Local\Temp\1385723378_wedownload.exe Win32/Packed.ScrambleWrapper.G potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\install_helper.exe Win32/bProtector.H potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Latest\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Latest\MntrDLLInstall.dll a variant of Win32/Toolbar.Babylon.V potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\d77b7fdf-da17-4af2-93d6-293ad6023e1d\software\deven-1-1.exe a variant of Win32/Packed.ScrambleWrapper.K potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\DTX\Reporting\ReportingHelper.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Users\rachstock\AppData\Local\Temp\is45637729\184838607_stp\ClickMeInSetup.exe Win32/VuuPc.C potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\is45637729\184838721_stp\wajam_validate.exe Win32/Wajam.F potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\is45637729\44230581_stp\ClickMeInSetup.exe Win32/VOPackage.A potentially unwanted application
C:\Users\rachstock\AppData\Local\Temp\is45637729\44230773_stp\wajam_validate.exe Win32/Wajam.F potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1] a variant of Win32/Distromatic.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[2] a variant of Win32/Distromatic.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1] Win32/Distromatic potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[2] Win32/Distromatic potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1] a variant of Win32/Distromatic.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1] Win32/Distromatic.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1] a variant of Win32/Distromatic.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[2] a variant of Win32/Distromatic.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1] Win32/Distromatic potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[2] Win32/Distromatic potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1] a variant of Win32/Distromatic.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1] Win32/Distromatic.B potentially unwanted application
C:\Windows\Temp\2c542955\SetupDataMngr_iLivid.exe a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application
D:\old laptop\Program Files\PCFix\AssistPCFix.exe Win32/Adware.PCFixCleaner application
D:\old laptop\Program Files\PCFix\PCFix.exe probably a variant of Win32/Adware.PCFixCleaner application
D:\old laptop\Program Files\PCFix\rebooter.exe Win32/Adware.PCFixCleaner application
loftyandroley is offline  
Old 04-15-2014, 09:14 AM   #17
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

Quote:
Malware bytes updated and found no threats.
Glad it finally worked.

Quote:
Eset found a few most are the quarantined remenants of already removed software and a few old install files but there are possibly some still hanging around.
The file you're going to create below should take care of the hangers on. The one's in quarantine we'll deal with later. It will display a black box on your screen briefly. This is normal.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\$Recycle.Bin\S-1-5-21-3413566485-2077981265-676840433-1001\$RK7OUVS.dll"
"C:\$Recycle.Bin\S-1-5-21-3413566485-2077981265-676840433-1001\$R0FXAG2\Datamngr\del_DM_LL_nsk9D19.dll"
"C:\$Recycle.Bin\S-1-5-21-3413566485-2077981265-676840433-1001\$R0FXAG2\Datamngr\x64\del_DM_LL_nsk9D19.dll"
"C:\$Recycle.Bin\S-1-5-21-3413566485-2077981265-676840433-1001\$RK5YVTG\PCPerformer.dll"
"C:\Users\rachstock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T108D9X\728x90[1].htm"
"C:\Users\rachstock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59IHKT2T\FkwJYTM0uSREALpiYfM7_9mhb53qbQfdyzaJvdC0tqQqidK_[1].htm"
"C:\Users\rachstock\AppData\Local\Temp\1374592013_PCSpeedMaximizer.exe"
"C:\Users\rachstock\AppData\Local\Temp\1385723378_wedownload.exe"
"C:\Users\rachstock\AppData\Local\Temp\install_helper.exe"
"C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Latest\IEHelper.dll"
"C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Latest\MntrDLLInstall.dll"
"C:\Users\rachstock\AppData\Local\Temp\3D7F2639-BAB0-7891-A836-CF82E7E3D602\Latest\Setup.exe"
"C:\Users\rachstock\AppData\Local\Temp\d77b7fdf-da17-4af2-93d6-293ad6023e1d\software\deven-1-1.exe"
"C:\Users\rachstock\AppData\Local\Temp\DTX\Reporting\ReportingHelper.dll"
"C:\Users\rachstock\AppData\Local\Temp\is45637729\184838607_stp\ClickMeInSetup.exe"
"C:\Users\rachstock\AppData\Local\Temp\is45637729\184838721_stp\wajam_validate.exe"
"C:\Users\rachstock\AppData\Local\Temp\is45637729\44230581_stp\ClickMeInSetup.exe"
"C:\Users\rachstock\AppData\Local\Temp\is45637729\44230773_stp\wajam_validate.exe"
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[2]"
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]"
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[2]"
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]"
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[2]"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[2]"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
"C:\Windows\Temp\2c542955\SetupDataMngr_iLivid.exe"
"D:\old laptop\Program Files\PCFix\AssistPCFix.exe"
"D:\old laptop\Program Files\PCFix\PCFix.exe"
"D:\old laptop\Program Files\PCFix\rebooter.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\Program Files (x86)\PopularScreensavers_7i"
"C:\Program Files (x86)\Re-Markable"
"C:\Program Files (x86)\SearchProtect687795984"


) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply.
DrDOS is offline  
Old 04-15-2014, 01:21 PM   #18
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Drew,

running batch file results in the message

'Deleted Successfully !!'

PCB
loftyandroley is offline  
Old 04-15-2014, 07:19 PM   #19
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



loftyandroley,

Quote:
'Deleted Successfully !!'
Good! Sounds like you were successful! Congrats!

How would you say everything is running? Any outstanding issues?
DrDOS is offline  
Old 04-15-2014, 10:58 PM   #20
Registered Member
 
Join Date: Jun 2007
Posts: 23
OS: xp



Drew

everything seems to be running smoothly and as it should thankyou. The PC had AVG free on it but they accidentally upgraded to the "Free" trial version that has now expired as a result there is no real-time virus checking at the moment.

Should I uninstall AVG and re-install the AVG free variant or is there a better recommended program.

PCB.
loftyandroley is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:49 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts