bmg
-
Posts
129 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by bmg
-
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Will try... -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
MB = MalwareBytes. It now seems even this program will not run. As stated before, an alert box pops up; and when I click on this, another with the message: Runtime error 383 appears. When I try to start this from the icon, nothing happens. -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Same thing happens. There are items in the list, but it stops when MB pops up a window 20% into the scan, with about 16,000 items scanned. -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Firefox 28. It seems MB is showing a box, and when I click on it, a pop-up says: Runtime error: 383. The scan hangs from there. (Microsoft Essentials is being alerted also.) -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Scan jams up at 20% for over 2 hours... -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Everything seems to be OK; is everything out of the system? And should MB be scanning all the time in the background, or scan only when I want to? -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Sometimes 'threat scan' button is there, other time's it's not; depends on whether it has already scanned the system, I think. Here is the MB log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/29/2014 Scan Time: 8:14:43 PM Logfile: log.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.29.09 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: L33tMaN Scan Type: Threat Scan Result: Completed Objects Scanned: 323598 Time Elapsed: 8 min, 28 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 34 PUP.Optional.Wajam.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [7888c838649c48b876698e91e31f43bd], PUP.Optional.Wajam.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [7888c838649c48b876698e91e31f43bd], PUP.Optional.PricePeep.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, Quarantined, [30d036ca57a9d32d6d5b58f9fa088c74], PUP.Optional.PricePeep.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, Quarantined, [30d036ca57a9d32d6d5b58f9fa088c74], PUP.Optional.ConnectDLC.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}, Quarantined, [11ef35cbbc4451af5a16a67652b01de3], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [f10f718f14ec55abf67860bfce34dc24], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [29d712ee68981de3c0ae2ff014ee60a0], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [29d712ee68981de3c0ae2ff014ee60a0], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [29d712ee68981de3c0ae2ff014ee60a0], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [4fb16e9207f9946c541ab56a91718878], PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, Quarantined, [3bc5f40cae523ac61342128ee71c22de], PUP.Optional.DPMM.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DP1815, Quarantined, [b24ee818a9573cc43b9488f7847ee719], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.5, Quarantined, [ab55639d8f71867a8404a5d61fe33ac6], PUP.Optional.Adpeak, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, Quarantined, [c63a03fd639d7c84520b2f5a15ed45bb], PUP.Optional.CrossRider.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [1be5f10f45bb11efd7a99320758e8779], PUP.Optional.PricePeep.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PricePeep, Quarantined, [36caad5339c715ebebd8d6b59072659b], PUP.Optional.ShoppingSideKick.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Shopping Sidekick Plugin, Quarantined, [1ae6a15f42bebc4406064c389270f50b], PUP.Optional.BProtector.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [df214cb4b24e05fb63bf9111c43f7e82], PUP.Optional.SmartBar, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, Quarantined, [11ef926e5ea2c43ce69be7d009fa5aa6], PUP.Optional.SmartBar, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, Quarantined, [c33d19e7f8086b951f614b6c09fa2ed2], PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TidyNetwork, Quarantined, [827eb7490df3bc44f814daa248ba2dd3], PUP.Optional.CrossRider.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [bd437c842ed2926e2b552a89e61d39c7], PUP.Optional.DPMM.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DP1815, Quarantined, [36cac33dad53db2506c9b8c7bd452fd1], PUP.Optional.PlusHD.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.5, Quarantined, [f10f38c8d12f7987fe8a6d0e15edc63a], PUP.Optional.PriceGong.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [0af64fb1b14fe7190bfd4b38da289b65], PUP.Optional.Adpeak, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, Quarantined, [37c9ac54738d37c93429c3c6d62c7b85], PUP.Optional.ScorpionSaver.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ScorpionSaver, Quarantined, [05fba06010f028d883f83a4017eb5fa1], PUP.Optional.ShoppingSideKick.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Shopping Sidekick Plugin, Quarantined, [2dd3d03056aa758be9230a7a52b024dc], PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [51af57a942bec739a015b0d0699924dc], PUP.Optional.Conduit.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [a65a39c70af644bcb1c1604446bd46ba], PUP.Optional.ValueApps.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [30d0d828f50b30d0a892dfaaeb17f907], PUP.Optional.CrossRider.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 Apps, Quarantined, [c23e58a88080a35d479a3744bf43c040], PUP.Optional.PlusHD.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HD, Quarantined, [d72918e88a769c6456332d4e13ef34cc], PUP.Optional.Softonic.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [46ba30d0956bef116b8a4630a161d828], Registry Values: 3 PUP.BProtector, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://search.babylon.com/?affID=110801&tl=280113_9103&tt=280113_9103&babsrc=HP_ss&mntrId=86966daa000000000000083e8e4eeb3f, Quarantined, [dd23bc4433cd9b655b6c990550b38f71] PUP.BProtector, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [a45cb54b6c949a66ad1bc5d923e0bd43] PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49}, C:\Users\cynical\AppData\Local\GreatArcadeHits\gahff.xpi, Quarantined, [817fc33da65aa65ac57dfab818ebb749] Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.AmazonTB.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\jetpack\abb@amazon.com, Quarantined, [f10f13ed3ac612eecb56dc8fb1510ef2], PUP.Optional.AmazonTB.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\jetpack\abb@amazon.com\simple-storage, Quarantined, [f10f13ed3ac612eecb56dc8fb1510ef2], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3306061, Quarantined, [34cc19e7ba469d63064e303c22e0d828], Files: 7 PUP.Optional.AmazonTB.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\abb@amazon.com.xpi, Quarantined, [37c916ea5ea29e621b50522ba26058a8], PUP.Optional.SwiftBrowse.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\firefox@swiftbrowse.net.xpi, Quarantined, [11ef6d9321df38c876f36c12db27cc34], PUP.Optional.AmazonTB.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\jetpack\abb@amazon.com\simple-storage\store.json, Quarantined, [f10f13ed3ac612eecb56dc8fb1510ef2], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3306061\CT3306061.fullUserID, Quarantined, [34cc19e7ba469d63064e303c22e0d828], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3306061\CT3306061.UserID, Quarantined, [34cc19e7ba469d63064e303c22e0d828], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3306061\originalSearchEngine.xml, Quarantined, [34cc19e7ba469d63064e303c22e0d828], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?ctid=CT3287802&SearchSource=48&CUI=UN37897023201727314&UM=2&sspv=TB_CNI1" ],), Replaced,[77893ec23fc19d6305e78cd44aba30d0] Physical Sectors: 0 (No malicious items detected) (end) Here is the other: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-04-2014 03 Ran by L33tMaN at 2014-04-30 19:40:38 Run:2 Running from C:\Users\L33tMaN\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_home.maxwebsearch.com_0.localstorage C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_home.maxwebsearch.com_0.localstorage-journal C:\Program Files (x86)\Webinternetsecurity C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_webinternetsecurity.com_0.localstorage C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_webinternetsecurity.com_0.localstorage-journal C:\Windows\Prefetch\UNINSTALL.WEBINTERNETSECURITY-06945CD6.pf C:\Windows\Prefetch\WEBINTERNETSECURITY.EXE-E54ED12E.pf C:\Program Files (x86)\Maxwebsearch C:\Users\cynical\AppData\LocalLow\Maxwebsearch C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity C:\Users\L33tMaN\AppData\Local\WebInternetSecurity Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Maxwebsearch Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch Reg: reg delete HKEY_CURRENT_USER\Software\AppDataLow\Software\BobyLyrics-16 Reg: reg delete HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1001\Software\AppDataLow\Software\BobyLyrics-16 Reg: reg delete HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\Plus-HD-2.5 Reg: reg delete HKEY_CURRENT_USER\Software\WebinternetsecurityInstalled Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASAPI32 Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASMANCS Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v WebInternetSecurity ***************** C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_home.maxwebsearch.com_0.localstorage => Moved successfully. C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_home.maxwebsearch.com_0.localstorage-journal => Moved successfully. C:\Program Files (x86)\Webinternetsecurity => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity => Moved successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_webinternetsecurity.com_0.localstorage => Moved successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_webinternetsecurity.com_0.localstorage-journal => Moved successfully. "C:\Windows\Prefetch\UNINSTALL.WEBINTERNETSECURITY-06945CD6.pf" => File/Directory not found. C:\Windows\Prefetch\WEBINTERNETSECURITY.EXE-E54ED12E.pf => Moved successfully. C:\Program Files (x86)\Maxwebsearch => Moved successfully. C:\Users\cynical\AppData\LocalLow\Maxwebsearch => Moved successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity" => File/Directory not found. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity" => File/Directory not found. C:\Users\L33tMaN\AppData\Local\WebInternetSecurity => Moved successfully. ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Maxwebsearch ========= Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Maxwebsearch (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch ========= Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKEY_CURRENT_USER\Software\AppDataLow\Software\BobyLyrics-16 ========= Permanently delete the registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\BobyLyrics-16 (Yes/No)? The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1001\Software\AppDataLow\Software\BobyLyrics-16 ========= Permanently delete the registry key HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1001\Software\AppDataLow\Software\BobyLyrics-16 (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\Plus-HD-2.5 ========= Permanently delete the registry key HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\Plus-HD-2.5 (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKEY_CURRENT_USER\Software\WebinternetsecurityInstalled ========= Permanently delete the registry key HKEY_CURRENT_USER\Software\WebinternetsecurityInstalled (Yes/No)? The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASAPI32 ========= Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASAPI32 (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASMANCS ========= Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASMANCS (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity ========= Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity ========= Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v WebInternetSecurity ========= Delete the registry value WebInternetSecurity (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ==== End of Fixlog ==== -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Confusing new interface. There is no 'threat scan' under my scan button. Program was already scanning and updated, with no input from me, so don't know if this is what you want: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/27/2014 Scan Time: 6:43:40 PM Logfile: lpg.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.27.01 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: L33tMaN Scan Type: Threat Scan Result: Completed Objects Scanned: 321883 Time Elapsed: 16 hr, 29 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 34 PUP.Optional.Wajam.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, No Action By User, [0845ee417dfe45f1a71323fa6d95659b], PUP.Optional.Wajam.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, No Action By User, [0845ee417dfe45f1a71323fa6d95659b], PUP.Optional.PricePeep.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, No Action By User, [f65781ae493270c61f843b1490726997], PUP.Optional.PricePeep.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, No Action By User, [f65781ae493270c61f843b1490726997], PUP.Optional.ConnectDLC.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}, No Action By User, [09449c93e19a2a0c73d8b169be4425db], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, No Action By User, [dc71da550c6f290dd47531ecab57e11f], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, No Action By User, [b29b32fdf68545f1d871928be81a3cc4], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, No Action By User, [b29b32fdf68545f1d871928be81a3cc4], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, No Action By User, [b29b32fdf68545f1d871928be81a3cc4], PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, No Action By User, [d17cd857780379bd84c51effc63cb64a], PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, No Action By User, [7ad38ca37308f83e948f3a637b8837c9], PUP.Optional.DPMM.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DP1815, No Action By User, [aca18ea1c8b3e4529a03621aa75b6898], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.5, No Action By User, [2e1fb57a95e6053199b798e0ca386799], PUP.Optional.Adpeak, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, No Action By User, [ce7f46e9bdbe6ec8eb406b1b4eb40ff1], PUP.Optional.CrossRider.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [77d66bc4b0cb9d99be9117997093c937], PUP.Optional.PricePeep.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PricePeep, No Action By User, [6ce1ce61b4c7ec4a9100147421e19e62], PUP.Optional.ShoppingSideKick.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Shopping Sidekick Plugin, No Action By User, [d27bb17e1f5cb28404d62d53ab57a759], PUP.Optional.BProtector.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, No Action By User, [a5a8d55a92e930063fb2950901028878], PUP.Optional.SmartBar, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, No Action By User, [440932fd54276bcbbc942d87e91ab24e], PUP.Optional.SmartBar, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, No Action By User, [78d5aa85d5a6132369e680345da60df3], PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TidyNetwork, No Action By User, [50fd9d92c7b443f3973daace62a0837d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [153878b72e4de1555bf4753b31d22cd4], PUP.Optional.DPMM.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DP1815, No Action By User, [5bf245ea8deed3633f5e631920e2c040], PUP.Optional.PlusHD.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.5, No Action By User, [bc91b7780279a69073ddb1c74eb4649c], PUP.Optional.PriceGong.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, No Action By User, [c885ef40daa172c41eb85f200ff3cd33], PUP.Optional.Adpeak, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, No Action By User, [dd70ae8186f55bdb6cbf7c0a8280b34d], PUP.Optional.ScorpionSaver.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ScorpionSaver, No Action By User, [420bcc635724bd7951f21067897938c8], PUP.Optional.ShoppingSideKick.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Shopping Sidekick Plugin, No Action By User, [c6872e01fa817fb71ebcff81f909e61a], PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, No Action By User, [0f3e58d74f2c9d9991f22e4f11f1718f], PUP.Optional.Conduit.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, No Action By User, [4607ce611d5e77bfdd641b868b78bc44], PUP.Optional.ValueApps.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, No Action By User, [64e9c669d3a8c96ddf291d6944be1fe1], PUP.Optional.CrossRider.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 Apps, No Action By User, [ee5f2d028fec55e1decb95e3828039c7], PUP.Optional.PlusHD.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HD, No Action By User, [88c51a15b3c8f5419db446321de5a65a], PUP.Optional.Softonic.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, No Action By User, [8ebf3af5a3d8979fbc01adc646bc50b0], Registry Values: 3 PUP.BProtector, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://search.babylon.com/?affID=110801&tl=280113_9103&tt=280113_9103&babsrc=HP_ss&mntrId=86966daa000000000000083e8e4eeb3f, No Action By User, [3617959a2c4f76c00194debda162649c] PUP.BProtector, HKU\S-1-5-21-383299565-3798718073-3649502856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, No Action By User, [2c2157d8e99260d6ebab465540c360a0] PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49}, C:\Users\cynical\AppData\Local\GreatArcadeHits\gahff.xpi, No Action By User, [b59857d84932ce680b06eec1ac575ca4] Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.AmazonTB.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\jetpack\abb@amazon.com, No Action By User, [3d10af80ee8d47ef52aa70f827db847c], PUP.Optional.AmazonTB.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\jetpack\abb@amazon.com\simple-storage, No Action By User, [3d10af80ee8d47ef52aa70f827db847c], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3306061, No Action By User, [07466dc222598aac5bd46901b052837d], Files: 7 PUP.Optional.AmazonTB.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\abb@amazon.com.xpi, No Action By User, [b99448e7ea9144f2fa3abcbee81adb25], PUP.Optional.SwiftBrowse.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\firefox@swiftbrowse.net.xpi, No Action By User, [bc9142eddf9c66d0a29057240cf614ec], PUP.Optional.AmazonTB.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\jetpack\abb@amazon.com\simple-storage\store.json, No Action By User, [3d10af80ee8d47ef52aa70f827db847c], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3306061\CT3306061.fullUserID, No Action By User, [07466dc222598aac5bd46901b052837d], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3306061\CT3306061.UserID, No Action By User, [07466dc222598aac5bd46901b052837d], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3306061\originalSearchEngine.xml, No Action By User, [07466dc222598aac5bd46901b052837d], PUP.Optional.Conduit.A, C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?ctid=CT3287802&SearchSource=48&CUI=UN37897023201727314&UM=2&sspv=TB_CNI1" ],), No Action By User,[4904d659a2d946f048d0e27ba0648b75] Physical Sectors: 0 (No malicious items detected) (end) -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Here is the scan: SystemLook 30.07.11 by jpshortstuff Log created at 19:48 on 23/04/2014 by L33tMaN Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "*Websearch*" C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\WebSearch.xml.vir --a---- 643 bytes [02:48 23/11/2013] [02:48 23/11/2013] 33AE28D38714AA7C83981A97CF2CD700 C:\Program Files (x86)\Origin Games\Battlefield 2 Complete Collection\Support\EA Help\websearch.gif --a---- 1137 bytes [15:29 28/06/2011] [15:29 28/06/2011] 3F27060B77FBAF2D7FBF4C0445F189EB C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_home.maxwebsearch.com_0.localstorage --a---- 3072 bytes [02:25 16/01/2013] [02:25 16/01/2013] A59E63D4C2626752A801DF734410F643 C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_home.maxwebsearch.com_0.localstorage-journal --a---- 3608 bytes [02:25 16/01/2013] [02:25 16/01/2013] AB3B4AC1BB13D448F98F120E0C6E02F8 Searching for "*WebInternetSecurity*" C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe --a---- 3548160 bytes [22:06 20/01/2014] [22:06 20/01/2014] E9266785503519DBC15BFADA8C19C40E C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe --a---- 797184 bytes [19:02 05/12/2013] [20:13 30/12/2013] 32EABDEC77EE9D02EA0ACDE54E817A2C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity\WebInternetSecurity.lnk --a---- 1204 bytes [22:06 20/01/2014] [22:06 20/01/2014] 1B0DBBC3CB832EF64483DE97008AA8F0 C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity\WebInternetSecurity.lnk --a---- 1204 bytes [22:06 20/01/2014] [22:06 20/01/2014] 1B0DBBC3CB832EF64483DE97008AA8F0 C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_webinternetsecurity.com_0.localstorage --a---- 3072 bytes [23:16 20/01/2014] [08:57 01/02/2014] 0451EC36C8CBC098EF258CC6B18443B1 C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_webinternetsecurity.com_0.localstorage-journal --a---- 3608 bytes [23:16 20/01/2014] [08:57 01/02/2014] 20BD5D11722A008E105F19DA59DA7957 C:\Windows\Prefetch\UNINSTALL.WEBINTERNETSECURITY-06945CD6.pf --a---- 2502 bytes [08:30 19/04/2014] [08:30 19/04/2014] 5B78D526134F2BB37331F65D03CA8BE4 C:\Windows\Prefetch\WEBINTERNETSECURITY.EXE-E54ED12E.pf --a---- 96574 bytes [00:35 15/04/2014] [00:35 15/04/2014] 69793E6170B524C8CD24BCD5AB541947 ========== folderfind ========== Searching for "*Websearch*" C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch d------ [00:24 26/03/2014] C:\FRST\Quarantine\C\Users\cynical\AppData\LocalLow\Maxwebsearch d------ [21:07 06/04/2014] C:\Program Files (x86)\Maxwebsearch d------ [23:48 13/01/2013] C:\Program Files (x86)\Maxwebsearch\Maxwebsearch d------ [23:48 13/01/2013] C:\Users\cynical\AppData\LocalLow\Maxwebsearch d------ [23:48 13/01/2013] C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Firefox\maxwebsearch@maxwebsearch.com d------ [23:48 13/01/2013] Searching for "*WebInternetSecurity*" C:\Program Files (x86)\Webinternetsecurity d------ [22:06 20/01/2014] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity d------ [22:06 20/01/2014] C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity d------ [22:06 20/01/2014] C:\Users\L33tMaN\AppData\Local\WebInternetSecurity d------ [20:58 10/02/2014] ========== regfind ========== Searching for "Websearch" [HKEY_CURRENT_USER\Software\AppDataLow\Software\BobyLyrics-16\Plugins\91] "JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++){af=ah.charCodeAt(ai);ag+=aj.charAt((af>> [HKEY_LOCAL_MACHINE\SOFTWARE\Maxwebsearch] [HKEY_LOCAL_MACHINE\SOFTWARE\Maxwebsearch\Maxwebsearch] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch] "DisplayName"="Max Websearch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch] "Publisher"="Maxwebsearch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch] "InstallLocation"="C:\Program Files (x86)\Maxwebsearch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch] "UninstallString"=""C:\Program Files (x86)\Maxwebsearch\uninstall.exe" /u /UserID=acbe75a5-0395-4d54-b43f-c2868abe120f /SourceID= /ImplementationID=maxwebsearch" [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1001\Software\AppDataLow\Software\BobyLyrics-16\Plugins\91] "JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++){a [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\BobyLyrics-16\Plugins\91] "JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var T=0;var ab="";function S(ae){return ac(Q(U(ae)));}function R(ae){return E(Q(U(ae)));}function L(ae,af){return H(Q(U(ae)),af);}function Z(ae,af){return ac(J(U(ae),U(af)));}function O(ae,af){return E(J(U(ae),U(af)));}function K(ae,ag,af){return H(J(U(ae),U(ag)),af);}function ad(){return S("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function Q(ae){return X(I(P(ae),ae.length*8));}function J(ag,aj){var ai=P(ag);if(ai.length>16){ai=I(ai,ag.length*8);}var ae=Array(16),ah=Array(16);for(var af=0;af<16;af++){ae[af]=ai[af]^909522486;ah[af]=ai[af]^1549556828;}var ak=I(ae.concat(P(aj)),512+aj.length*8);return X(I(ah.concat(ak),512+128));}function ac(ag){if(typeof T==="undefined"){T=0;}var ai=T?"0123456789ABCDEF":"0123456789abcdef";var af="";var ae;for(var ah=0;ah<ag.length;ah++){ae [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\Conduit\ChromeExtData\ieiiggnfmhgcolbimglmfjfpkjildjdd\Repository] "CT3287802.Default.originalOmniBoxUrl"="http://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_cr_us_display?ie=UTF8&tagbase=bds-y46&tag=bds-y46-serp-us-cr-20&tbrId=v1_bds-y46_e020580ae7d7492c8a581e14c36c7dde_1012_1005_20131123_US_cr_ds_todownload&query={searchTerms}" [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\DP1815\Plugins\91] "JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var T=0;var ab="";function S(ae){return ac(Q(U(ae)));}function R(ae){return E(Q(U(ae)));}function L(ae,af){return H(Q(U(ae)),af);}function Z(ae,af){return ac(J(U(ae),U(af)));}function O(ae,af){return E(J(U(ae),U(af)));}function K(ae,ag,af){return H(J(U(ae),U(ag)),af);}function ad(){return S("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function Q(ae){return X(I(P(ae),ae.length*8));}function J(ag,aj){var ai=P(ag);if(ai.length>16){ai=I(ai,ag.length*8);}var ae=Array(16),ah=Array(16);for(var af=0;af<16;af++){ae[af]=ai[af]^909522486;ah[af]=ai[af]^1549556828;}var ak=I(ae.concat(P(aj)),512+aj.length*8);return X(I(ah.concat(ak),512+128));}function ac(ag){if(typeof T==="undefined"){T=0;}var ai=T?"0123456789ABCDEF":"0123456789abcdef";var af="";var ae;for(var ah=0;ah<ag.length;ah++){ae=ag.cha [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\Plus-HD-2.5\Plugins\91] "JavaScript"=" //------------------ PLUGIN monetizationLoader.js START ------------------ (function(i){var q=(function(){var T=0;var ab="";function S(ae){return ac(Q(U(ae)));}function R(ae){return E(Q(U(ae)));}function L(ae,af){return H(Q(U(ae)),af);}function Z(ae,af){return ac(J(U(ae),U(af)));}function O(ae,af){return E(J(U(ae),U(af)));}function K(ae,ag,af){return H(J(U(ae),U(ag)),af);}function ad(){return S("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function Q(ae){return X(I(P(ae),ae.length*8));}function J(ag,aj){var ai=P(ag);if(ai.length>16){ai=I(ai,ag.length*8);}var ae=Array(16),ah=Array(16);for(var af=0;af<16;af++){ae[af]=ai[af]^909522486;ah[af]=ai[af]^1549556828;}var ak=I(ae.concat(P(aj)),512+aj.length*8);return X(I(ah.concat(ak),512+128));}function ac(ag){if(typeof T==="undefined"){T=0;}var ai=T?"0123456789ABCDEF":"0123456789abcdef";var af="";var ae;for(var ah=0;ah<ag.length;ah [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\SweetPacks\toolbar\Settings\BackHandStorage\IndexTable\2895427961] "value"="mam_gk_appState_PiclickV2-WebSearch" [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\weDownload Manager Pro\Plugins\91] "JavaScript"="(function(h){var p=(function(){var R=0;var Z="";function Q(ac){return aa(O(S(ac)));}function P(ac){return C(O(S(ac)));}function J(ac,ad){return F(O(S(ac)),ad);}function X(ac,ad){return aa(H(S(ac),S(ad)));}function M(ac,ad){return C(H(S(ac),S(ad)));}function I(ac,ae,ad){return F(H(S(ac),S(ae)),ad);}function ab(){return Q("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function O(ac){return V(G(N(ac),ac.length*8));}function H(ae,ah){var ag=N(ae);if(ag.length>16){ag=G(ag,ae.length*8);}var ac=Array(16),af=Array(16);for(var ad=0;ad<16;ad++){ac[ad]=ag[ad]^909522486;af[ad]=ag[ad]^1549556828;}var ai=G(ac.concat(N(ah)),512+ah.length*8);return V(G(af.concat(ai),512+128));}function aa(ae){if(typeof R==="undefined"){R=0;}var ag=R?"0123456789ABCDEF":"0123456789abcdef";var ad="";var ac;for(var af=0;af<ae.length;af++){ac=ae.charCodeAt(af);ad+=ag.charAt((ac>>>4)&15)+ag.charAt(ac&1 [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Conduit\ValueApps\CH\Repository] "bck.valueApps.ct3316263.mam_gk_appsConfig"="%7B%22AppsConfiguration%22%3A%5B%7B%22id%22%3A%22Clarity_Active%22%2C%22url%22%3A%22http%3A//storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%22f8dd215a-c407-4376-ae89-b7a125d9f652%22%2C%22domains%22%3A%5B%22*%22%5D%2C%22domainsException%22%3A%5B%22bing.%22%2C%22google.com%22%2C%22yahoo.%22%5D%7D%5D%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22Clarity%22%2C%22appDesc%22%3Anull%2C%22privacyPolicyUrl%22%3Anull%2C%22termsOfUseUrl%22%3Anull%7D%2C%22HiddenApp%22%3Atrue%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22JobsMiner%22%2C%22url%22%3A%22http%3A//jobsminer.com/collaborations/conduit/index2.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%224adeb322-2ac8-4ad6-85bd-8ad10cfc5123%22%2C%22domains%22%3A%5B%22americasjobexchange.com%22%2C%22car [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Conduit\ValueApps\IE\Repository] "mam_gk_appsConfig"="{"AppsConfiguration":[{"id":"Clarity_Active","url":"http://storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html","scriptUrl":null,"criterias":[{"criteriaId":"b0219e05-af2c-4abc-84eb-658b86e91ac1","domains":["*],"domainsException":["bing.","google.com","yahoo."]}],"optionsDialog":{"displayName":"Clarity","appDesc":null,"privacyPolicyUrl":null,"termsOfUseUrl":null},"HiddenApp":true,"EnabledInHttps":false},{"id":"JobsMiner","url":"http://jobsminer.com/collaborations/conduit/index2.html","scriptUrl":null,"criterias":[{"criteriaId":"ad4174e8-caef-45c6-83ab-7bdb3b4160f9","domains":["americasjobexchange.com","careerbuilder.com","dice.com","indeed.com","job.com","jobsearch.local-jobs","jobungo.com","snagajob.com","thingamajob.com"],"domainsException":[""]}],"optionsDialog":{"displayName":"JobsMiner","appDesc":"Jobsminer is a unique job search engine finding job offerings \nposted on lea [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}] "URL"="http://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_ie_us_display?ie=UTF8&tagbase=bds-y46&tag=bds-y46-serp-us-ie-20&tbrId=v1_bds-y46_e020580ae7d7492c8a581e14c36c7dde_1012_1005_20131123_US_ie_ds_todownload&query={searchTerms}" Searching for "WebInternetSecurity" [HKEY_CURRENT_USER\Software\WebinternetsecurityInstalled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebInternetSecurity"=""C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity] "DisplayName"="WebInternetSecurity" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity] "DisplayIcon"="C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity] "Publisher"="Webinternetsecurity" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity] "InstallLocation"="C:\Program Files (x86)\Webinternetsecurity" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity] "UninstallString"=""C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe" /u /UserID=74b36710-9e5e-4564-9ff9-cd390b3247df /SourceID=webinternetsecurity-vertisa /ImplementationID=webinternetsecurity-vertisa" [HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity] [HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity] "ptn"="webinternetsecurity-vertisa" [HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity] "sourceid"="webinternetsecurity-vertisa" [HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity] "implementationid"="webinternetsecurity-vertisa" [HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1001\Software\WebinternetsecurityInstalled] -= EOF =- -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Yes, it appears the computer can connect, but I am concerned about this Max Websearch program, which is still listed under 'programs.' Is this a dangerous program to have installed? -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Here is the last log: MiniToolBox by Farbar Version: 23-01-2014 Ran by L33tMaN (administrator) on 09-04-2014 at 19:43:26 Running from "C:\Users\L33tMaN\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is enabled. ProxyServer: http=127.0.0.1:49225;https=127.0.0.1:49225 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ Dell Wireless 1502 802.11b/g/n = Wireless Network Connection (Connected) Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : L33tMaN-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : home Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Dell Wireless 1502 802.11b/g/n Physical Address. . . . . . . . . : 08-3E-8E-4E-EB-3F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::ff:2f1d:3274:67ec%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, April 09, 2014 5:16:48 PM Lease Expires . . . . . . . . . . : Thursday, April 10, 2014 5:16:48 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 235466169 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C9-65-E8-84-8F-69-F5-75-EE DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 84-8F-69-F5-75-EE DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.home: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Reusable ISATAP Interface {EB646E42-B551-41DF-9398-D730745925BD}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:c2:3676:9f1f:3284(Preferred) Link-local IPv6 Address . . . . . : fe80::c2:3676:9f1f:3284%14(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: Wireless_Broadband_Router.home Address: 192.168.1.1 Name: google.com Addresses: 2a00:1450:400c:c06::8b 63.117.14.213 63.117.14.219 63.117.14.217 63.117.14.216 63.117.14.212 63.117.14.215 63.117.14.218 63.117.14.214 Pinging google.com [63.117.14.214] with 32 bytes of data: Reply from 63.117.14.214: bytes=32 time=13ms TTL=250 Reply from 63.117.14.214: bytes=32 time=11ms TTL=250 Ping statistics for 63.117.14.214: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 11ms, Maximum = 13ms, Average = 12ms Server: Wireless_Broadband_Router.home Address: 192.168.1.1 Name: yahoo.com Addresses: 98.139.183.24 98.138.253.109 206.190.36.45 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=72ms TTL=250 Reply from 98.138.253.109: bytes=32 time=70ms TTL=250 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 70ms, Maximum = 72ms, Average = 71ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=5ms TTL=128 Reply from 127.0.0.1: bytes=32 time=2ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 5ms, Average = 3ms =========================================================================== Interface List 13...08 3e 8e 4e eb 3f ......Dell Wireless 1502 802.11b/g/n 11...84 8f 69 f5 75 ee ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.3 281 192.168.1.3 255.255.255.255 On-link 192.168.1.3 281 192.168.1.255 255.255.255.255 On-link 192.168.1.3 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.3 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.3 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 14 58 ::/0 On-link 1 306 ::1/128 On-link 14 58 2001::/32 On-link 14 306 2001:0:9d38:90d7:c2:3676:9f1f:3284/128 On-link 13 281 fe80::/64 On-link 14 306 fe80::/64 On-link 14 306 fe80::c2:3676:9f1f:3284/128 On-link 13 281 fe80::ff:2f1d:3274:67ec/128 On-link 1 306 ff00::/8 On-link 14 306 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/09/2014 05:44:22 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/07/2014 05:19:22 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/06/2014 07:01:43 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater18.0.5 since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (04/06/2014 07:01:43 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service ShopOn Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (04/06/2014 05:38:53 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater18.0.5 since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (04/06/2014 05:38:53 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service ShopOn Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (04/06/2014 00:24:49 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (04/05/2014 02:40:49 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/29/2014 00:22:40 PM) (Source: Application Hang) (User: ) Description: The program BF2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a6c Start Time: 01cf4b6ab5764aac Termination Time: 56 Application Path: C:\Program Files (x86)\Origin Games\Battlefield 2 Complete Collection\BF2.exe Report Id: Error: (03/28/2014 08:05:37 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall System errors: ============= Error: (04/09/2014 05:18:58 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (04/09/2014 05:18:58 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (04/09/2014 05:18:16 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (04/09/2014 05:18:16 PM) (Source: WMPNetworkSvc) (User: ) Error: (04/09/2014 05:18:16 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (04/09/2014 05:18:16 PM) (Source: WMPNetworkSvc) (User: ) Error: (04/07/2014 06:27:29 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (04/07/2014 06:27:29 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (04/07/2014 06:26:07 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (04/07/2014 06:26:07 PM) (Source: WMPNetworkSvc) (User: ) Microsoft Office Sessions: ========================= Error: (04/09/2014 05:44:22 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/07/2014 05:19:22 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/06/2014 07:01:43 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater18.0.5 since QueryServiceConfig API failed System Error: The system cannot find the file specified. Error: (04/06/2014 07:01:43 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service ShopOn Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. Error: (04/06/2014 05:38:53 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater18.0.5 since QueryServiceConfig API failed System Error: The system cannot find the file specified. Error: (04/06/2014 05:38:53 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service ShopOn Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. Error: (04/06/2014 00:24:49 PM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (04/05/2014 02:40:49 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/29/2014 00:22:40 PM) (Source: Application Hang)(User: ) Description: BF2.exe0.0.0.01a6c01cf4b6ab5764aac56C:\Program Files (x86)\Origin Games\Battlefield 2 Complete Collection\BF2.exe Error: (03/28/2014 08:05:37 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall =========================== Installed Programs ============================ Adobe Flash Player 12 ActiveX (Version: 12.0.0.77) Adobe Flash Player 12 Plugin (Version: 12.0.0.77) Adobe Reader X (10.1.3) (Version: 10.1.3) AlienAutopsy (Version: 3.1.5907.16) Alienware Command Center (Version: 2.7.25.0) Allied Intent .2 client Allied Intent Xtended 2.0 (Version: 2.0) Battlecraft 1942 Battlefield 1942 Windows Vista/7 Compatibility Fix Battlefield 1942: Secret Weapons of WWII Battlefield 1942: The Road To Rome Battlefield 1942ô (Version: 1.6.20.0) Battlefield 2 (Version: 1.5.0.0) Battlefield 2 Demo Battlefield Mod Development Toolkit 2.0 Beta Command & Conquer Generals (Version: 0.50.0000) Command & Conquerô 3 Tiberium Wars and Kane's Wrath (Version: 1.0.0.0) Command & Conquerô 4 Tiberian Twilight (Version: 1.0.0.0) Command & Conquerô and The Covert Operationsô (Version: 1.0.0.0) Command & Conquerô Red Alert 2 and Yuriís Revenge (Version: 1.0.0.0) Command & Conquerô Red Alert, Counterstrike and The Aftermath (Version: 1.0.0.0) Command & Conquerô Red Alertô 3 and Uprising (Version: 1.0.0.0) Command & Conquerô The Ultimate Collection Additional Content (Version: 1.0.0.0) Command & Conquerô: Generals and Zero Hour (Version: 1.0.0.0) Command and ConquerTM Generals Zero Hour (Version: 1.00.0000) CyberLink PowerDVD 9.6 (Version: 9.6.1.4827) D3DX10 (Version: 15.4.2368.0902) Desura (Version: 100.53) FFOLKES Unlocks123 mod v1.4.1 Forgoten Hope 2 (2 of 2) (dummy) Forgotten Hope 0.70 (Version: 0.70) Google Chrome (Version: 33.0.1750.154) Google Earth (Version: 7.1.2.2041) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.5111.1712) Google Update Helper (Version: 1.3.23.9) Intel® Management Engine Components (Version: 8.0.4.1441) Intel® OpenCL CPU Runtime Intel® Processor Graphics (Version: 8.15.10.2696) IntelÆ Trusted Connect Service Client (Version: 1.23.605.1) Java 7 Update 51 (Version: 7.0.510) Java Auto Updater (Version: 2.1.9.8) Junk Mail filter update (Version: 15.4.3502.0922) Lock On: Modern Air Combat (Version: 1.00.000) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Max Websearch Media Player Classic - Home Cinema v1.5.2.3456 (Version: 1.5.2.3456) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000) Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000) Microsoft Security Client (Version: 4.5.0216.0) Microsoft Security Essentials (Version: 4.5.216.0) Microsoft Silverlight (Version: 5.1.30214.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1) Mozilla Maintenance Service (Version: 27.0.1) MSI ODD Monitor (Version: 1.0.0.5) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) NVIDIA 3D Vision Driver 296.36 (Version: 296.36) NVIDIA Control Panel 296.36 (Version: 296.36) NVIDIA Graphics Driver 296.36 (Version: 296.36) NVIDIA HD Audio Driver 1.3.14.1 (Version: 1.3.14.1) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA Optimus 1.7.12 (Version: 1.7.12) NVIDIA PhysX (Version: 9.12.0213) NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213) NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9636) NVIDIA Update Components (Version: 1.7.12) Origin (Version: 9.4.6.2792) PasswordBox (Version: 1.27.1.2938) PowerISO (Version: 5.5) Project Reality: BF2 (Version: v1.0) PunkBuster for Battlefield 1942 Ravaged RealDownloader (Version: 1.3.0) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0) RealPlayer (Version: 16.0.0) Realtek High Definition Audio Driver (Version: 6.0.1.6494) RealUpgrade 1.1 (Version: 1.1.0) Saints Row IV Sandbox Savings Explorer (Version: 1.24.151.151) Scholastic's I SPY Fantasy Scholastic's I SPY Spooky Mansion Deluxe Scholastic's I SPY Treasure Hunt (Version: 1.0) ScorpionSaver (Version: 1.0.0.0) Skypeô 6.11 (Version: 6.11.102) Steam (Version: 1.0.0.0) Team Fortress 2 The Elder Scrolls V: Skyrim Virtual Families Packages WebInternetSecurity WestwoodChat (Version: 1.0.0.0) WestwoodOnline (Version: 1.0.0.0) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) WinRAR 5.00 (32-bit) (Version: 5.00.0) WOoKie Sniper Mod 1.3 (Version: 1.3) WordPad+ version 1.01 (Version: 1.01) World of Tanks World of Warplanes Hack Toll 2.8 Xvid Video Codec (Version: 1.3.2) Yahoo! Toolbar Zune (Version: 04.08.2345.00) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 28% Total physical RAM: 8090.38 MB Available physical RAM: 5812.03 MB Total Pagefile: 16178.93 MB Available Pagefile: 13509.26 MB Total Virtual: 4095.88 MB Available Virtual: 3968.62 MB ========================= Partitions: ===================================== 1 Drive c: (Windows) (Fixed) (Total:921.32 GB) (Free:637.78 GB) NTFS 2 Drive d: (DISC_1_BF1942_1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS ========================= Users: ======================================== User accounts for \\L33TMAN-PC Administrator cynical Guest L33tMaN UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log **** -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
I have a question: There are 2 profiles on this computer, one I need a pw to enter, the other I don't. If I run this scan on the latter, does it matter, or does it need to be run on the profile I've run the other programs on? In other words, can you clean the computer from either profile? -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Hopefully this will work. cureit.log -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Yes, I have run the tool, but when I post the results of the log, the page says it's loading, but the page never refreshes and the content remains the same. I've tried this from 2 computers, so maybe the issue is on your end... -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
For some reason, I cannot post the other log; the page never seems to load... -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Max Websearch will not uninstall. Here is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by L33tMaN at 2014-04-06 17:07:36 Run:1 Running from C:\Users\L33tMaN\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start (WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe HKLM\...\Run: [] - [X] HKLM-x32\...\Run: [WebInternetSecurity] - C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity) HKU\.DEFAULT\...\Run: [searchProtect] - \SearchProtect\bin\cltmng.exe HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [ConduitFloatingPlugin_ieiiggnfmhgcolbimglmfjfpkjildjdd] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Temp\CT3287802\plugins\TBVerifier.dll",RunConduitFloatingPlugin ieiiggnfmhgcolbimglmfjfpkjildjdd <===== ATTENTION HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [backgroundContainer] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION Startup: C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk ShortcutTarget: Oxy.lnk -> C:\Users\L33tMaN\AppData\Local\Oxy\Application\bin\start.cmd (No File) BHO: Plus-HD-2.5 - {11111111-1111-1111-1111-110311341138} - C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-bho64.dll No File BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File BHO: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader64.dll () BHO: BobyLyrics-16 - {11111111-1111-1111-1111-110411411160} - C:\Program Files (x86)\BobyLyrics-16\BobyLyrics-16-bho64.dll No File BHO: sueRf and, keep - {3C13B37D-5624-A9B6-9BB2-11F23FF9E648} - C:\Program Files (x86)\sueRf and, keep\5zuH5RP.x64.dll No File BHO-x32: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader.dll () BHO: SearchNewTab - {4B707A9F-4096-E32F-2871-6C4148277737} - C:\Program Files (x86)\SearchNewTab\n.x64.dll No File BHO: YoutubeAdblocker - {4F746501-B018-1546-6341-6EBFD137D3E0} - C:\Program Files (x86)\YoutubeAdblocker\Apb.x64.dll No File BHO: TidyNetwork - {8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File CHR Extension: (SearchNewTab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb [2013-11-22] CHR Extension: (DP1815) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob [2014-01-12]] CHR Extension: (YoutubeAdblocker) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc [2013-11-22] CHR Extension: (Max Websearch) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf [2013-03-22] CHR Extension: (Amazing Coupons) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-01-01] CHR Extension: (ShopOn Coupons, Cash Back, and Deals!) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncipbmpbinomjbkmafolhiegogggndlo [2013-12-29] CHR Extension: (surF and keepe) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe [2013-11-22] CHR HKLM-x32\...\Chrome\Extension: [gkchbifjjnafgoolbibfmgkibbngknkk] - C:\Users\L33tMaN\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx [2013-01-01] CHR HKLM-x32\...\Chrome\Extension: [jcgkbfhhkpooeffgglncbglkpinpbgcf] - C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Chrome.crx [2013-01-13] U2 ShopOn Service; C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe [30320 2013-11-20] (ShopOn Unlimited LLC) S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X] 2014-03-27 16:03 - 2013-11-22 22:48 - 00000452 ____H () C:\windows\Tasks\SK.Enhancer-S-161304646.job C:\ProgramData\pclunst.exe end ***************** [4332] C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe => Process closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WebInternetSecurity => Value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully. HKU\S-1-5-21-383299565-3798718073-3649502856-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully. HKU\S-1-5-21-383299565-3798718073-3649502856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963} => Key deleted successfully. HKCR\CLSID\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963} => Key not found. HKU\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_ieiiggnfmhgcolbimglmfjfpkjildjdd => Value deleted successfully. HKU\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value deleted successfully. C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk => Moved successfully. C:\Users\L33tMaN\AppData\Local\Oxy\Application\bin\start.cmd not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341138} => Key deleted successfully. HKCR\CLSID\{11111111-1111-1111-1111-110311341138} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128} => Key deleted successfully. HKCR\CLSID\{11111111-1111-1111-1111-110411361128} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FD43172-57ED-4973-8168-93E5D977D1F1} => Key deleted successfully. HKCR\CLSID\{3FD43172-57ED-4973-8168-93E5D977D1F1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411160} => Key deleted successfully. HKCR\CLSID\{11111111-1111-1111-1111-110411411160} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C13B37D-5624-A9B6-9BB2-11F23FF9E648} => Key deleted successfully. HKCR\CLSID\{3C13B37D-5624-A9B6-9BB2-11F23FF9E648} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FD43172-57ED-4973-8168-93E5D977D1F1} => Key not found. HKCR\Wow6432Node\CLSID\{3FD43172-57ED-4973-8168-93E5D977D1F1} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B707A9F-4096-E32F-2871-6C4148277737} => Key deleted successfully. HKCR\CLSID\{4B707A9F-4096-E32F-2871-6C4148277737} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F746501-B018-1546-6341-6EBFD137D3E0} => Key deleted successfully. HKCR\CLSID\{4F746501-B018-1546-6341-6EBFD137D3E0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} => Key deleted successfully. HKCR\CLSID\{8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} => Key deleted successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb => Moved successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob => Moved successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc => Moved successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf => Moved successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl => Moved successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncipbmpbinomjbkmafolhiegogggndlo => Moved successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gkchbifjjnafgoolbibfmgkibbngknkk => Key deleted successfully. "C:\Users\L33tMaN\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf => Key deleted successfully. C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Chrome.crx => Moved successfully. ShopOn Service => Service deleted successfully. vToolbarUpdater18.0.5 => Service deleted successfully. C:\windows\Tasks\SK.Enhancer-S-161304646.job => Moved successfully. C:\ProgramData\pclunst.exe => Moved successfully. ==== End of Fixlog ==== I still cannot connect to the internet; it says: 'remote server refused connection.' How can I update Java if I cannot connect! -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
If the computer is able to connect to the net, do I need to do the subsequent steps? -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
What is FRST? -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by L33tMaN (administrator) on L33TMAN-PC on 27-03-2014 19:18:42 Running from C:\Users\L33tMaN\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Micro-Star Int'l Co., Ltd.) c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe () C:\windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ShopOn Unlimited LLC) C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor) HKLM\...\Run: [] - [X] HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2012-01-10] (Alienware) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [RemoteControl9] - c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] - c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] - c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-12-16] (cyberlink) HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2013-01-01] (RealNetworks, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [WebInternetSecurity] - C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [searchProtect] - \SearchProtect\bin\cltmng.exe HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [GoogleChromeAutoLaunch_EE989A737300E8461C401789B9903612] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.) HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [ConduitFloatingPlugin_ieiiggnfmhgcolbimglmfjfpkjildjdd] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Temp\CT3287802\plugins\TBVerifier.dll",RunConduitFloatingPlugin ieiiggnfmhgcolbimglmfjfpkjildjdd <===== ATTENTION HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [backgroundContainer] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [GoogleChromeAutoLaunch_3CB500CD2A273B9B24564AAAE3629254] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-23] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [215360 2012-03-23] (NVIDIA Corporation) Startup: C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk ShortcutTarget: Oxy.lnk -> C:\Users\L33tMaN\AppData\Local\Oxy\Application\bin\start.cmd (No File) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49250;https=127.0.0.1:49250 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) BHO: Plus-HD-2.5 - {11111111-1111-1111-1111-110311341138} - C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-bho64.dll No File BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File BHO: BobyLyrics-16 - {11111111-1111-1111-1111-110411411160} - C:\Program Files (x86)\BobyLyrics-16\BobyLyrics-16-bho64.dll No File BHO: sueRf and, keep - {3C13B37D-5624-A9B6-9BB2-11F23FF9E648} - C:\Program Files (x86)\sueRf and, keep\5zuH5RP.x64.dll No File BHO: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader64.dll () BHO: SearchNewTab - {4B707A9F-4096-E32F-2871-6C4148277737} - C:\Program Files (x86)\SearchNewTab\n.x64.dll No File BHO: YoutubeAdblocker - {4F746501-B018-1546-6341-6EBFD137D3E0} - C:\Program Files (x86)\YoutubeAdblocker\Apb.x64.dll No File BHO: TidyNetwork - {8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader.dll () BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-01] Chrome: ======= CHR DefaultSearchProvider: AVG Secure Search CHR DefaultSearchURL: http://www.google.com CHR DefaultNewTabURL: https://isearch.avg.com/chroment?espv=2&cid={FB437AC5-A04C-44A0-9A95-78A444223A7A}&mid=47ad457d35f547d18d0c3120d333f7f2-d26972f2474d96f629251e8ef57ec76cce5ba971〈=en&ds=gh011&coid=avgtbdisgh&pr=sa&d=2013-10-28 11:49:58&v=17.1.2.0&pid=avg&sg= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-01] CHR Extension: (Google Search) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-01] CHR Extension: (SearchNewTab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb [2013-11-22] CHR Extension: (DP1815) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob [2014-01-12] CHR Extension: (YoutubeAdblocker) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc [2013-11-22] CHR Extension: (RealDownloader) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-01] CHR Extension: (Max Websearch) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf [2013-03-22] CHR Extension: (Amazing Coupons) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-01-01] CHR Extension: (ShopOn Coupons, Cash Back, and Deals!) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncipbmpbinomjbkmafolhiegogggndlo [2013-12-29] CHR Extension: (Google Wallet) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR Extension: (surF and keepe) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe [2013-11-22] CHR Extension: (Gmail) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-01] CHR HKLM-x32\...\Chrome\Extension: [gkchbifjjnafgoolbibfmgkibbngknkk] - C:\Users\L33tMaN\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx [2013-01-01] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-30] CHR HKLM-x32\...\Chrome\Extension: [jcgkbfhhkpooeffgglncbglkpinpbgcf] - C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Chrome.crx [2013-01-13] ==================== Services (Whitelisted) ================= S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-12-16] (CyberLink) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-10-16] (PasswordBox, Inc.) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-10-12] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-30] () U2 ShopOn Service; C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe [30320 2013-11-20] (ShopOn Unlimited LLC) S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI) R3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-27 19:18 - 2014-03-27 19:18 - 00027059 _____ () C:\Users\L33tMaN\Desktop\FRST.txt 2014-03-27 19:17 - 2014-03-27 19:18 - 00000000 ____D () C:\FRST 2014-03-27 19:16 - 2014-03-27 19:16 - 00000000 ____D () C:\Users\L33tMaN\Desktop\FFF 2014-03-27 19:16 - 2014-03-24 19:34 - 02157056 _____ (Farbar) C:\Users\L33tMaN\Desktop\FRST64.exe 2014-03-27 16:04 - 2014-03-27 16:04 - 00077709 _____ () C:\Users\L33tMaN\Desktop\AdwCleaner[s0].txt 2014-03-25 20:21 - 2014-03-25 20:25 - 00000000 ____D () C:\AdwCleaner 2014-03-15 14:34 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-15 14:34 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-03-15 14:34 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-03-15 14:34 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-15 14:34 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-03-15 14:34 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-03-15 14:34 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-03-15 14:34 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-03-15 14:34 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-03-15 14:34 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-03-15 14:34 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-03-15 14:34 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-03-15 14:34 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-15 14:34 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-03-15 14:34 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-15 14:34 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-03-15 14:34 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-03-15 14:34 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-15 14:34 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-03-15 14:34 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-03-15 14:34 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-15 14:34 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-03-15 14:34 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-03-15 14:34 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-15 14:34 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-03-15 14:34 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-03-15 14:34 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-03-15 14:34 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-03-15 14:34 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-15 14:34 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-03-15 14:34 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-15 14:34 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-15 14:34 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-15 14:34 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-03-15 14:34 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-15 14:34 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-15 14:34 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-15 14:34 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-15 14:34 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-15 14:34 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-03-15 14:34 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-03-15 14:34 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2014-03-15 14:34 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll 2014-03-15 14:34 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2014-03-15 14:33 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-03-15 14:33 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-03-15 14:33 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-03-15 14:33 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-03-07 21:13 - 2014-03-07 21:15 - 00000000 ____D () C:\Users\L33tMaN\Desktop\sprays 2014-03-04 20:02 - 2014-03-04 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype ==================== One Month Modified Files and Folders ======= 2014-03-27 19:18 - 2014-03-27 19:18 - 00027059 _____ () C:\Users\L33tMaN\Desktop\FRST.txt 2014-03-27 19:18 - 2014-03-27 19:17 - 00000000 ____D () C:\FRST 2014-03-27 19:16 - 2014-03-27 19:16 - 00000000 ____D () C:\Users\L33tMaN\Desktop\FFF 2014-03-27 19:10 - 2013-01-01 17:32 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-27 19:07 - 2012-06-07 23:58 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-03-27 17:57 - 2012-08-24 13:41 - 01443669 _____ () C:\windows\WindowsUpdate.log 2014-03-27 16:10 - 2009-07-14 00:45 - 00021296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-27 16:10 - 2009-07-14 00:45 - 00021296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-27 16:05 - 2012-12-31 22:36 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-27 16:04 - 2014-03-27 16:04 - 00077709 _____ () C:\Users\L33tMaN\Desktop\AdwCleaner[s0].txt 2014-03-27 16:03 - 2013-11-22 22:48 - 00000452 ____H () C:\windows\Tasks\SK.Enhancer-S-161304646.job 2014-03-27 16:03 - 2013-10-19 22:50 - 00000000 ____D () C:\Program Files (x86)\PasswordBox 2014-03-27 16:03 - 2013-06-14 15:49 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-03-27 16:03 - 2013-01-01 17:32 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-27 16:02 - 2012-08-24 12:36 - 00031914 _____ () C:\windows\setupact.log 2014-03-27 16:02 - 2012-06-08 01:49 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-27 16:02 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-03-25 20:27 - 2013-01-01 18:01 - 01314476 _____ () C:\windows\PFRO.log 2014-03-25 20:25 - 2014-03-25 20:21 - 00000000 ____D () C:\AdwCleaner 2014-03-25 20:20 - 2009-07-14 01:13 - 00800328 _____ () C:\windows\system32\PerfStringBackup.INI 2014-03-24 19:34 - 2014-03-27 19:16 - 02157056 _____ (Farbar) C:\Users\L33tMaN\Desktop\FRST64.exe 2014-03-21 23:01 - 2013-11-10 19:59 - 00003702 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2014-03-21 22:59 - 2013-01-01 17:19 - 00049952 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys 2014-03-18 20:01 - 2013-08-15 19:45 - 00000000 ____D () C:\windows\system32\MRT 2014-03-18 20:00 - 2012-07-10 17:42 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-03-16 10:33 - 2012-12-31 22:06 - 00000000 ____D () C:\Users\cynical 2014-03-16 03:18 - 2012-07-10 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 03:18 - 2012-07-10 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-16 03:18 - 2009-07-14 00:45 - 00279424 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-11 19:07 - 2012-06-07 23:58 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 19:07 - 2012-06-07 23:58 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 19:07 - 2012-06-07 23:58 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-03-07 21:15 - 2014-03-07 21:13 - 00000000 ____D () C:\Users\L33tMaN\Desktop\sprays 2014-03-04 20:02 - 2014-03-04 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-04 20:02 - 2012-08-24 12:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Skype 2014-03-04 20:02 - 2012-08-24 12:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Skype 2014-03-04 20:02 - 2012-07-10 13:21 - 00000000 ____D () C:\ProgramData\Skype 2014-03-01 02:05 - 2014-03-15 14:34 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-01 01:17 - 2014-03-15 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-03-01 01:16 - 2014-03-15 14:34 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-03-01 00:58 - 2014-03-15 14:34 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-01 00:52 - 2014-03-15 14:34 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-03-01 00:51 - 2014-03-15 14:34 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-03-01 00:42 - 2014-03-15 14:34 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-03-01 00:40 - 2014-03-15 14:34 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-03-01 00:37 - 2014-03-15 14:34 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-03-01 00:33 - 2014-03-15 14:34 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-03-01 00:33 - 2014-03-15 14:34 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-03-01 00:32 - 2014-03-15 14:34 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-03-01 00:30 - 2014-03-15 14:34 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-01 00:23 - 2014-03-15 14:34 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 00:17 - 2014-03-15 14:34 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-01 00:11 - 2014-03-15 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-03-01 00:02 - 2014-03-15 14:34 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-28 23:54 - 2014-03-15 14:34 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-28 23:52 - 2014-03-15 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-02-28 23:51 - 2014-03-15 14:34 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-02-28 23:47 - 2014-03-15 14:34 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-02-28 23:43 - 2014-03-15 14:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-02-28 23:43 - 2014-03-15 14:34 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-02-28 23:42 - 2014-03-15 14:34 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-28 23:40 - 2014-03-15 14:34 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-02-28 23:38 - 2014-03-15 14:34 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-02-28 23:37 - 2014-03-15 14:34 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-02-28 23:35 - 2014-03-15 14:34 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-28 23:18 - 2014-03-15 14:34 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-28 23:16 - 2014-03-15 14:34 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-02-28 23:14 - 2014-03-15 14:34 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-02-28 23:10 - 2014-03-15 14:34 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-28 23:03 - 2014-03-15 14:34 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-02-28 23:00 - 2014-03-15 14:34 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-02-28 22:57 - 2014-03-15 14:34 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-02-28 22:38 - 2014-03-15 14:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-28 22:32 - 2014-03-15 14:34 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-02-28 22:27 - 2014-03-15 14:34 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-02-28 22:25 - 2014-03-15 14:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-28 22:25 - 2014-03-15 14:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-02-26 20:45 - 2011-02-10 12:10 - 00792450 _____ () C:\windows\SysWOW64\PerfStringBackup.INI Files to move or delete: ==================== C:\ProgramData\pclunst.exe C:\Users\Public\AlexaNSISPlugin.3888.dll Some content of TEMP: ==================== C:\Users\cynical\AppData\Local\Temp\21802_updater.exe C:\Users\cynical\AppData\Local\Temp\23jbuvo5.dll C:\Users\cynical\AppData\Local\Temp\APNSetup.exe C:\Users\cynical\AppData\Local\Temp\BackupSetup.exe C:\Users\cynical\AppData\Local\Temp\CNC4LauncherUpdate.exe C:\Users\cynical\AppData\Local\Temp\dotnetfx35setup.exe C:\Users\cynical\AppData\Local\Temp\EnableExtDll.dll C:\Users\cynical\AppData\Local\Temp\htmlayout.dll C:\Users\cynical\AppData\Local\Temp\ICReinstall_super-mario-cross.exe C:\Users\cynical\AppData\Local\Temp\install_helper.exe C:\Users\cynical\AppData\Local\Temp\instmsia.exe C:\Users\cynical\AppData\Local\Temp\instmsiw.exe C:\Users\cynical\AppData\Local\Temp\plus-hd-2-5.exe C:\Users\cynical\AppData\Local\Temp\SendMsg.dll C:\Users\cynical\AppData\Local\Temp\SpOrder.dll C:\Users\cynical\AppData\Local\Temp\sSetup-se.exe C:\Users\cynical\AppData\Local\Temp\TidyNetwork.exe C:\Users\cynical\AppData\Local\Temp\tmp13BA.exe C:\Users\cynical\AppData\Local\Temp\tmpA02C.exe C:\Users\cynical\AppData\Local\Temp\toolbar15971881.exe C:\Users\cynical\AppData\Local\Temp\toolbar15972240.exe C:\Users\cynical\AppData\Local\Temp\toolbar15972864.exe C:\Users\cynical\AppData\Local\Temp\uninst1.exe C:\Users\cynical\AppData\Local\Temp\{248F3297-AA28-4492-A61E-F3D514A176F1}-30.0.1599.101_30.0.1599.69_chrome_updater.exe C:\Users\cynical\AppData\Local\Temp\{3FE2BF0B-147D-48AC-8819-0D43C601F23D}-31.0.1650.57_30.0.1599.101_chrome_updater.exe C:\Users\L33tMaN\AppData\Local\Temp\AVG.exe C:\Users\L33tMaN\AppData\Local\Temp\BackupSetup.exe C:\Users\L33tMaN\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\L33tMaN\AppData\Local\Temp\lowproc.exe C:\Users\L33tMaN\AppData\Local\Temp\pctdb01.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup10487.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup11122.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup12006.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup14310.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup1544.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup16244.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup17124.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup19245.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup20064.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup23065.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup23256.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup25189.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup25370.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup27300.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup28184.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup28595.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup31134.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup32014.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup4769.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup7305.exe C:\Users\L33tMaN\AppData\Local\Temp\pcup8182.exe C:\Users\L33tMaN\AppData\Local\Temp\Quarantine.exe C:\Users\L33tMaN\AppData\Local\Temp\stubhelper.dll C:\Users\L33tMaN\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\L33tMaN\AppData\Local\Temp\~extncp01.exe C:\Users\L33tMaN\AppData\Local\Temp\~extncp02.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-22 05:39 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by L33tMaN at 2014-03-27 19:19:07 Running from C:\Users\L33tMaN\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.) AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden Alienware Command Center (HKLM-x32\...\InstallShield_{6A7D1CAC-6267-4C71-A759-CB5D9E9FAFAA}) (Version: 2.7.25.0 - Alienware Corp.) Alienware Command Center (Version: 2.7.25.0 - Alienware Corp.) Hidden Allied Intent .2 client (HKLM-x32\...\Allied Intent .2 client) (Version: - ) Allied Intent Xtended 2.0 (HKLM-x32\...\Allied Intent Xtended) (Version: 2.0 - AIX Community) Battlecraft 1942 (HKLM-x32\...\Battlecraft 19422.1) (Version: - ) Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - ) Battlefield 1942 Windows Vista/7 Compatibility Fix (HKLM\...\{99720953-c1d6-4b90-8012-b7c3337f4efe}.sdb) (Version: - ) Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version: - ) Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version: - ) Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts) Battlefield 2 Demo (HKLM-x32\...\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}) (Version: - ) Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version: - ) Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts) Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts) Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts) Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden couponamazing (HKLM-x32\...\couponamazing) (Version: 1.1357065019 - couponamazing.com) <==== ATTENTION CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4827 - CyberLink Corp.) CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4827 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura) FFOLKES Unlocks123 mod v1.4.1 (HKLM-x32\...\FFOLKES Unlocks123 mod v1.4.1) (Version: - ) Forgoten Hope 2 (2 of 2) (dummy) (HKLM-x32\...\Forgotten Hope 2) (Version: - ) Forgotten Hope 0.70 (HKLM-x32\...\Forgotten Hope) (Version: 0.70 - Forgotten Hope Mod Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lock On: Modern Air Combat (HKLM-x32\...\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}) (Version: 1.00.000 - ) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Max Websearch (HKLM-x32\...\Maxwebsearch) (Version: - Maxwebsearch) Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.36 - NVIDIA Corporation) NVIDIA Control Panel 296.36 (Version: 296.36 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.36 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9636 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.26.3.2879 - PasswordBox, Inc.) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd) Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.0 - Project Reality) PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version: - ) QuickShare (HKLM-x32\...\{232F1B14-7126-491F-AC8C-6123BA58FDE2}) (Version: 1.135.60.12323 - Linkury Inc.) <==== ATTENTION Ravaged (HKLM-x32\...\Steam App 96300) (Version: - ) RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition) Sandbox (HKLM-x32\...\Sandbox) (Version: - ) Savings Explorer (HKLM-x32\...\Savings Explorer) (Version: 1.24.151.151 - 215 Apps) Scholastic's I SPY Fantasy (HKLM-x32\...\Scholastic's I SPY Fantasy) (Version: - ) Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version: - ) Scholastic's I SPY Treasure Hunt (HKLM-x32\...\Scholastic's I SPY Treasure Hunt) (Version: 1.0 - Scholastic Inc.) ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION ShopOn Coupon Extension Helper (HKLM\...\ShopOn) (Version: 1.6.49 - ShopOn Unlimited LLC) <==== ATTENTION Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) Virtual Families Packages (HKCU\...\Virtual Families Packages) (Version: - ) <==== ATTENTION WebInternetSecurity (HKLM-x32\...\Webinternetsecurity) (Version: - Webinternetsecurity) WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat) WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WOoKie Sniper Mod 1.3 (HKLM-x32\...\WOoKie Sniper Mod) (Version: 1.3 - Scouty) WordPad+ version 1.01 (HKLM-x32\...\WordPad+_is1) (Version: 1.01 - ) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net) World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version: - Wargaming.net) World of Warplanes Hack Toll 2.8 (HKLM-x32\...\World of Warplanes Hack Toll 2.8) (Version: - ) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 16-03-2014 07:45:21 Scheduled Checkpoint 19-03-2014 00:00:24 Windows Update 22-03-2014 03:11:43 Windows Update 25-03-2014 21:37:54 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {011370A5-018E-4AA2-A481-1523E7A23A58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.) Task: {023CD68F-48C5-4C40-A563-162B425C1BB9} - System32\Tasks\Updater21802.exe => C:\Users\cynical\AppData\Local\Updater21802\Updater21802.exe <==== ATTENTION Task: {0374F184-232F-4118-8419-55F5688FAD94} - \GoforFilesUpdate No Task File Task: {13054A1C-87B3-40D9-811C-13B64AEBA521} - System32\Tasks\{A4C966BB-E0F7-4EA0-BAFF-378BD1F89D43} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {1444863C-CEFA-413B-8CF8-CACB600F485B} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {1720B02C-915C-49D2-9F77-41C9414781FD} - System32\Tasks\{E80F6B32-5D3A-42B6-AD92-BB4419995F64} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {18A5DCA4-5ACA-4341-A32D-880E91F08B3F} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe [2013-01-01] (PC Cleaners Inc.) <==== ATTENTION Task: {19472C8B-735D-4912-9716-B385C44BA07A} - System32\Tasks\TidyNetwork Update => C:\Users\cynical\AppData\Local\TidyNetwork\petnupdate.exe Task: {2D7C059A-1C14-4D22-9089-50AE99B508E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {310B9523-078B-410A-BFA5-2A8D9F04142C} - System32\Tasks\{407E4C35-61C1-4ED6-9FF4-526E5B00DE1F} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {33B0FF98-90B9-4742-BE46-43BE2D294852} - System32\Tasks\{341E9A2A-7320-4E28-A66E-D615E3701034} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {3C8C2035-B41A-4487-9BD7-16CECADA3107} - \Dealply No Task File Task: {3F91A3D8-C549-402F-B916-E5FD071269B0} - System32\Tasks\Oxy => C:\Users\cynical\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION Task: {458EC67D-CDD7-45D8-A283-943A5D498EDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {4B0D1B46-6C73-499D-9567-9E407789909A} - System32\Tasks\{773B3E96-62DA-4A63-9D8D-066DDCBF4F0E} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8} - System32\Tasks\RunAsStdUser Task => C:\Users\cynical\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION Task: {69F31346-B202-4B52-83C8-38A13151F95B} - \BackgroundContainer Startup Task No Task File Task: {7AF87EB6-A50C-42AB-BAC5-ED331B75213F} - System32\Tasks\{B143C027-5E0A-4953-A279-00F911072A82} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {825F3FA3-0D8D-4A97-BED1-ED92E699BE05} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {8B81D2E4-E4CC-4B83-8E86-E0D6AFED81F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.) Task: {982B2063-2ACA-4114-8641-F7F03E4466C7} - System32\Tasks\{1B4171AB-B20F-42D6-90A5-F8B0442B8E9E} => C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe Task: {B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {B3C3C651-4FAA-4BCF-9C5D-35E8745A7124} - System32\Tasks\{2DB518E2-242C-48AE-B842-9B476DC059A7} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {BE244C55-D878-437F-8958-D629A45820B1} - System32\Tasks\VisualBeeRecovery => C:\Users\cynical\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe Task: {D146400E-D601-4848-B232-E55DAD7CEF7D} - System32\Tasks\{DDAE764B-5E62-4542-81A7-9F530B2AFAEA} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {D21A428F-B137-4082-B614-CC2DBDC5027F} - System32\Tasks\{6CD8CB2F-67CF-4051-8371-8C7532DA141C} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {D57B8DD7-8986-47A5-9113-4033E31B09CE} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION Task: {D5E597B0-AEF9-4B45-B1FE-6022BAD894EF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe Task: {E57F0D33-3F19-4198-8CC3-C7EE1BB01B67} - System32\Tasks\{3CA31466-DEDD-4D77-9668-9C817280AAC9} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {E7594EA4-3392-41B3-8CDC-D73F6FB3664E} - System32\Tasks\{7C31E5D9-F65C-493F-AFB8-E1DEAB2E500B} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {F2E7344B-9FA6-44BF-BDC7-FB1E0C2026E5} - System32\Tasks\{D89C3165-63A0-4E42-A9CA-6F65D48D364C} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {F9ED1981-BA10-43D4-95B0-BFCEC7FB3ABD} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-01-20] () Task: {FF87AC17-1E07-4ED4-91C7-7982BDF43741} - System32\Tasks\{5CCB7AEE-C302-44F7-A930-4C42D2825F16} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\pc-dis-upd.job => ? Task: C:\windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-10-12 00:19 - 2013-10-12 00:19 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe 2012-11-30 00:31 - 2012-11-30 00:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2012-06-08 01:36 - 2012-03-19 19:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-10-16 16:00 - 2013-10-16 16:00 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2012-06-08 01:37 - 2012-03-23 00:10 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2014-01-10 22:40 - 2013-12-12 18:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll 2014-01-10 22:40 - 2013-11-04 21:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll 2013-03-25 17:23 - 2014-02-10 22:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2012-12-31 22:37 - 2014-02-25 17:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-12-31 22:37 - 2014-01-10 19:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2012-06-08 00:09 - 2012-03-06 15:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\ProgramData\Temp:D346F792 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/24/2014 07:42:44 PM) (Source: Application Error) (User: ) Description: Faulting application name: AlienwareAlienFXController.exe, version: 2.7.25.0, time stamp: 0x4f0c4453 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x003b6bec Faulting process id: 0x1524 Faulting application start time: 0xAlienwareAlienFXController.exe0 Faulting application path: AlienwareAlienFXController.exe1 Faulting module path: AlienwareAlienFXController.exe2 Report Id: AlienwareAlienFXController.exe3 Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime) (User: ) Description: Application: AlienwareAlienFXController.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>) at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent() at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/22/2014 05:41:26 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/16/2014 03:39:39 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/15/2014 03:22:20 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/07/2014 05:59:31 PM) (Source: Application Hang) (User: ) Description: The program hl2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1394 Start Time: 01cf3a4f826d15ce Termination Time: 402 Application Path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe Report Id: System errors: ============= Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Error: (03/27/2014 04:03:50 PM) (Source: Service Control Manager) (User: ) Description: The ShopOn Service service hung on starting. Error: (03/27/2014 04:02:28 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater18.0.5 service failed to start due to the following error: %%2 Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: ) Description: The Portable Device Enumerator Service service failed to start due to the following error: %%1115 Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: ) Description: The Human Interface Device Access service failed to start due to the following error: %%1115 Microsoft Office Sessions: ========================= Error: (03/24/2014 07:42:44 PM) (Source: Application Error)(User: ) Description: AlienwareAlienFXController.exe2.7.25.04f0c4453unknown0.0.0.000000000c0000005003b6bec152401cf47baaf4e6395C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exeunknownfe7e57c9-b3ad-11e3-b803-848f69f575ee Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime)(User: ) Description: Application: AlienwareAlienFXController.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>) at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent() at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/22/2014 05:41:26 AM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/16/2014 03:39:39 AM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/15/2014 03:22:20 PM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/07/2014 05:59:31 PM) (Source: Application Hang)(User: ) Description: hl2.exe0.0.0.0139401cf3a4f826d15ce402C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 8090.38 MB Available physical RAM: 5520.35 MB Total Pagefile: 16178.93 MB Available Pagefile: 12817.47 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:921.32 GB) (Free:627.09 GB) NTFS Drive d: (DISC_1_BF1942_1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS Drive f: () (Fixed) (Total:29.8 GB) (Free:0.65 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 20F39EF4) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 30 GB) (Disk ID: F174829F) Partition: GPT Partition Type. ==================== End Of Log ============================ -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
# AdwCleaner v3.022 - Report created 25/03/2014 at 20:24:17 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : L33tMaN - L33TMAN-PC # Running from : C:\Users\L33tMaN\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\SearchProtect Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Conduit Folder Deleted : C:\ProgramData\QuickSet Folder Deleted : C:\ProgramData\Systweak Folder Deleted : C:\ProgramData\VisualBee Folder Deleted : C:\ProgramData\sueRf and, keep Folder Deleted : C:\Program Files (x86)\AVG Secure Search Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\goforfiles Folder Deleted : C:\Program Files (x86)\iMesh Applications Folder Deleted : C:\Program Files (x86)\InfoAtoms Folder Deleted : C:\Program Files (x86)\Mobogenie Folder Deleted : C:\Program Files (x86)\pc speed up Folder Deleted : C:\Program Files (x86)\savings explorer Folder Deleted : C:\Program Files (x86)\System Speedup Folder Deleted : C:\Program Files (x86)\TidyNetwork Folder Deleted : C:\Program Files (x86)\WebSearch Folder Deleted : C:\Program Files (x86)\sueRf and, keep Folder Deleted : C:\Program Files (x86)\VisualBee_V.3 Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin Folder Deleted : C:\windows\SysWOW64\ARFC Folder Deleted : C:\windows\SysWOW64\jmdp Folder Deleted : C:\windows\SysWOW64\SearchProtect Folder Deleted : C:\windows\SysWOW64\WNLT Folder Deleted : C:\Program Files\Level Quality Watcher Folder Deleted : C:\windows\System32\ljkb Folder Deleted : C:\Users\L33tMaN\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\L33tMaN\AppData\Local\BrowserSafeguard Folder Deleted : C:\Users\L33tMaN\AppData\Local\savings explorer Folder Deleted : C:\Users\L33tMaN\AppData\Local\SearchProtect Folder Deleted : C:\Users\L33tMaN\AppData\Local\Temp\apn Folder Deleted : C:\Users\L33tMaN\AppData\Local\Temp\Smartbar Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\Conduit Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\IminentToolbar Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3 Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\iSafe Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Systweak Folder Deleted : C:\Users\cynical\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\cynical\AppData\Local\Conduit Folder Deleted : C:\Users\cynical\AppData\Local\emaze Folder Deleted : C:\Users\cynical\AppData\Local\genienext Folder Deleted : C:\Users\cynical\AppData\Local\Mobogenie Folder Deleted : C:\Users\cynical\AppData\Local\NativeMessaging Folder Deleted : C:\Users\cynical\AppData\Local\Oxy Folder Deleted : C:\Users\cynical\AppData\Local\SwvUpdater Folder Deleted : C:\Users\cynical\AppData\Local\Temp\apn Folder Deleted : C:\Users\cynical\AppData\Local\Temp\NativeMessaging Folder Deleted : C:\Users\cynical\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\cynical\AppData\LocalLow\Conduit Folder Deleted : C:\Users\cynical\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\cynical\AppData\LocalLow\Smartbar Folder Deleted : C:\Users\cynical\AppData\LocalLow\weDownload Manager Pro Folder Deleted : C:\Users\cynical\AppData\LocalLow\SweetPacks Folder Deleted : C:\Users\cynical\AppData\LocalLow\VisualBee_V.3 Folder Deleted : C:\Users\cynical\AppData\Roaming\goforfiles Folder Deleted : C:\Users\cynical\AppData\Roaming\iSafe Folder Deleted : C:\Users\cynical\AppData\Roaming\Optimizer Pro Folder Deleted : C:\Users\cynical\AppData\Roaming\Oxy Folder Deleted : C:\Users\cynical\AppData\Roaming\PC Health Kit Folder Deleted : C:\Users\cynical\AppData\Roaming\SkypEmoticons Folder Deleted : C:\Users\cynical\AppData\Roaming\strongvault Folder Deleted : C:\Users\cynical\AppData\Roaming\ValueApps Folder Deleted : C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games Folder Deleted : C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie Folder Deleted : C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy Folder Deleted : C:\Users\cynical\Documents\Mobogenie Folder Deleted : C:\Users\cynical\Documents\PC Speed Maximizer Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Smartbar Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\ValueApps Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3310511 Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3287802 Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F} Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{94CD2CC3-083F-49BA-A218-4CDA4B4829FD} Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\infoatoms@infoatoms.com Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\ScorpionSaver@jetpack Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\speedtestanalysis@SpeedAnalysis.com Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\ds_3w@eiaxcdaob-.co.uk Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\sfaeya-oui@iuuuiyqvh.org Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\staged Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\xd1-eooy@zrpztuay.org Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d} Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd [!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd [!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd [!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\pricepeep@getpricepeep.com.xpi File Deleted : C:\END File Deleted : C:\windows\System32\AdpeakProxy.ini File Deleted : C:\windows\System32\AdpeakProxyOff.ini File Deleted : C:\windows\System32\dmwu.exe File Deleted : C:\windows\System32\ImhxxpComm.dll File Deleted : C:\windows\System32\roboot64.exe File Deleted : C:\Users\cynical\AppData\Local\Temp\Uninstall.exe File Deleted : C:\Users\cynical\Desktop\Mobogenie.lnk File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\ask-search.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\babylon1.xml File Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\iminent.xml File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\MyStart Search.xml File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\WebSearch.xml File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\user.js File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task File Deleted : C:\windows\Tasks\Dealply.job File Deleted : C:\windows\System32\Tasks\Dealply File Deleted : C:\windows\System32\Tasks\GoforFilesUpdate ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1 Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_58f14601 Key Deleted : HKCU\Software\530d7dfb268bd10 Key Deleted : HKLM\SOFTWARE\530d7dfb268bd10 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222102258} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182202} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342238} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412260} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422722220} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266106658} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346638} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416660} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E8A1050-CF67-4575-92DF-DCC60E7D952D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041D2F18-03BB-49DF-B14C-EA5B4E94C15C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35430B06-871A-4590-BC61-16FB1DD8D60F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D47C279-EC08-460B-9229-07B348B6FEA8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B95D0C0-8E8B-4B71-BA31-417B00453FBE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F12F2D9-DE65-4A21-8DB7-6008F51AC540} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23D772C4-D198-46BF-86DF-E6EBC2509A18} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CBF63E0-C0C8-42F8-B83E-A3D9B1453495} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DA9C594-FAB5-43FE-8CD2-FDEC0EEF9127} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F11C7CB4-21CD-4F68-94F7-4237B8E9585B} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF9194C2-B86D-4EBC-9B53-1C08B6FF779E}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{310D38FE-EB4C-467C-8781-B7C2AEB7847D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342238} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412260} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266106658} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346638} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416660} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{310D38FE-EB4C-467C-8781-B7C2AEB7847D} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041D2F18-03BB-49DF-B14C-EA5B4E94C15C} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35430B06-871A-4590-BC61-16FB1DD8D60F} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D47C279-EC08-460B-9229-07B348B6FEA8} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B95D0C0-8E8B-4B71-BA31-417B00453FBE} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F12F2D9-DE65-4A21-8DB7-6008F51AC540} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980} Key Deleted : HKCU\Software\AskPartnerNetwork Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKCU\Software\wnlt Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.3 Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\GoforFiles Key Deleted : HKLM\Software\InfoAtoms Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\SweetPacks Key Deleted : HKLM\Software\visualbee Key Deleted : HKLM\Software\Wajam Key Deleted : HKLM\Software\VisualBee_V.3 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SweetPacks Toolbar Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc. Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver Key Deleted : [x64] HKLM\SOFTWARE\wnlt Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\skc4df~1.enh\psupport.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81 Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js ] Line Deleted : user_pref("extensions.crossrider.bic", "143ada97980ddc12acb0d84f0bc5ff4b"); [ File : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\prefs.js ] Line Deleted : user_pref("CT3287802.1000082.isPlayDisplay", "true"); Line Deleted : user_pref("CT3287802.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287802.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287802.FF19Solved", "true"); Line Deleted : user_pref("CT3287802.FirstTime", "true"); Line Deleted : user_pref("CT3287802.FirstTimeFF3", "true"); Line Deleted : user_pref("CT3287802.UserID", "UN42807431672701013"); Line Deleted : user_pref("CT3287802.addressBarTakeOverEnabledInHidden", "true"); Line Deleted : user_pref("CT3287802.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3287802.countryCode", "US"); Line Deleted : user_pref("CT3287802.defaultSearch", "true"); Line Deleted : user_pref("CT3287802.embeddedsData", "[{\"appId\":\"130058504433344387\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...] Line Deleted : user_pref("CT3287802.enableAlerts", "true"); Line Deleted : user_pref("CT3287802.enableSearchFromAddressBar", "true"); Line Deleted : user_pref("CT3287802.firstTimeDialogOpened", "true"); Line Deleted : user_pref("CT3287802.fixPageNotFoundError", "true"); Line Deleted : user_pref("CT3287802.fixPageNotFoundErrorByUser", "true"); Line Deleted : user_pref("CT3287802.fixPageNotFoundErrorInHidden", "true"); Line Deleted : user_pref("CT3287802.fullUserID", "UN42807431672701013.IN.20131129211238"); Line Deleted : user_pref("CT3287802.installDate", "29/11/2013 21:12:40"); Line Deleted : user_pref("CT3287802.installSessionId", "{BBE1D897-9805-4700-BBC3-9478746C15FD}"); Line Deleted : user_pref("CT3287802.installSp", "TRUE"); Line Deleted : user_pref("CT3287802.installType", "conduitnsisintegration"); Line Deleted : user_pref("CT3287802.installUsage", "2013-11-30T05:12:05.8301593+03:00"); Line Deleted : user_pref("CT3287802.installUsageEarly", "2013-11-30T05:12:03.7241458+03:00"); Line Deleted : user_pref("CT3287802.installerVersion", "1.8.1.4"); Line Deleted : user_pref("CT3287802.isCheckedStartAsHidden", true); Line Deleted : user_pref("CT3287802.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287802.isFirstTimeToolbarLoading", "false"); Line Deleted : user_pref("CT3287802.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Line Deleted : user_pref("CT3287802.keyword", "true"); Line Deleted : user_pref("CT3287802.lastVersion", "10.23.0.822"); Line Deleted : user_pref("CT3287802.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Line Deleted : user_pref("CT3287802.openThankYouPage", "false"); Line Deleted : user_pref("CT3287802.openUninstallPage", "true"); Line Deleted : user_pref("CT3287802.originalSearchEngine", "Amazon "); Line Deleted : user_pref("CT3287802.originalSearchEngineName", "Amazon "); Line Deleted : user_pref("CT3287802.revertSettingsEnabled", "false"); Line Deleted : user_pref("CT3287802.search.searchAppId", "130058504433344387"); Line Deleted : user_pref("CT3287802.search.searchCount", "0"); Line Deleted : user_pref("CT3287802.searchFromAddressBarEnabledByUser", "true"); Line Deleted : user_pref("CT3287802.searchInNewTabEnabledByUser", "true"); Line Deleted : user_pref("CT3287802.searchInNewTabEnabledInHidden", "true"); Line Deleted : user_pref("CT3287802.searchRevert", "false"); Line Deleted : user_pref("CT3287802.searchSuggestEnabledByUser", "true"); Line Deleted : user_pref("CT3287802.searchUninstallUserMode", "2"); Line Deleted : user_pref("CT3287802.searchUserMode", "2"); Line Deleted : user_pref("CT3287802.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287802.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287802.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); Line Deleted : user_pref("CT3287802.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287802\"}"); Line Deleted : user_pref("CT3287802.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"VisualBee V.3 \"}"); Line Deleted : user_pref("CT3287802.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287802.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); Line Deleted : user_pref("CT3287802.serviceLayer_services_Configuration_lastUpdate", "1388179994659"); Line Deleted : user_pref("CT3287802.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387926441660"); Line Deleted : user_pref("CT3287802.serviceLayer_services_appsMetadata_lastUpdate", "1388179993236"); Line Deleted : user_pref("CT3287802.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387043875754"); Line Deleted : user_pref("CT3287802.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1385777568358"); Line Deleted : user_pref("CT3287802.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1385777570244"); Line Deleted : user_pref("CT3287802.serviceLayer_services_login_10.22.5.10_lastUpdate", "1385777570293"); Line Deleted : user_pref("CT3287802.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387043875940"); Line Deleted : user_pref("CT3287802.serviceLayer_services_login_10.23.0.822_lastUpdate", "1388179992161"); Line Deleted : user_pref("CT3287802.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387043875715"); Line Deleted : user_pref("CT3287802.serviceLayer_services_searchAPI_lastUpdate", "1388179994277"); Line Deleted : user_pref("CT3287802.serviceLayer_services_serviceMap_lastUpdate", "1388179993128"); Line Deleted : user_pref("CT3287802.serviceLayer_services_toolbarContextMenu_lastUpdate", "1388179992791"); Line Deleted : user_pref("CT3287802.serviceLayer_services_toolbarSettings_lastUpdate", "1388179992927"); Line Deleted : user_pref("CT3287802.serviceLayer_services_translation_lastUpdate", "1388179992708"); Line Deleted : user_pref("CT3287802.settingsINI", true); Line Deleted : user_pref("CT3287802.shouldFirstTimeDialog", "false"); Line Deleted : user_pref("CT3287802.showToolbarPermission", "false"); Line Deleted : user_pref("CT3287802.smartbar.CTID", "CT3287802"); Line Deleted : user_pref("CT3287802.smartbar.Uninstall", "0"); Line Deleted : user_pref("CT3287802.smartbar.homepage", "true"); Line Deleted : user_pref("CT3287802.smartbar.toolbarName", "VisualBee V.3 "); Line Deleted : user_pref("CT3287802.startPage", "true"); Line Deleted : user_pref("CT3287802.toolbarBornServerTime", "30-11-2013"); Line Deleted : user_pref("CT3287802.toolbarCurrentServerTime", "28-12-2013"); Line Deleted : user_pref("CT3287802.toolbarInstallDate", "29-11-2013 21:12:38"); Line Deleted : user_pref("CT3287802.toolbarLoginClientTime", "Fri Nov 29 2013 21:12:50 GMT-0500 (Eastern Standard Time)"); Line Deleted : user_pref("CT3287802.versionFromInstaller", "10.22.5.10"); Line Deleted : user_pref("CT3287802.xpeMode", "0"); Line Deleted : user_pref("CT3287802_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388181690858,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("CT3297964_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382285100510,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("CT3310511.FF19Solved", "true"); Line Deleted : user_pref("CT3310511.UserID", "UN11730512504563180"); Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3310511.fullUserID", "UN11730512504563180.IN.20131011191032"); Line Deleted : user_pref("CT3310511.installDate", "11/10/2013 19:10:35"); Line Deleted : user_pref("CT3310511.installSessionId", "{1AC4B522-29D3-447B-8DC4-25A8B3C04656}"); Line Deleted : user_pref("CT3310511.installSp", "TRUE"); Line Deleted : user_pref("CT3310511.installerVersion", "1.7.1.7"); Line Deleted : user_pref("CT3310511.keyword", "true"); Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", ""); Line Deleted : user_pref("CT3310511.originalSearchEngine", "Ask Search"); Line Deleted : user_pref("CT3310511.originalSearchEngineName", "Ask Search"); Line Deleted : user_pref("CT3310511.searchRevert", "false"); Line Deleted : user_pref("CT3310511.searchUserMode", "2"); Line Deleted : user_pref("CT3310511.smartbar.homepage", "true"); Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.3.20"); Line Deleted : user_pref("CT3310511.xpeMode", "0"); Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.3 Customized Web Search"); Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287802"); Line Deleted : user_pref("aol_toolbar.default.homepage.check", false); Line Deleted : user_pref("aol_toolbar.default.search.check", false); Line Deleted : user_pref("browser.search.defaultenginename", "VisualBee V.3 Customized Web Search"); Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Line Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.3 Customized Web Search"); Line Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Line Deleted : user_pref("browser.search.selectedEngine", "VisualBee V.3 Customized Web Search"); Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Line Deleted : user_pref("extensions.BabylonToolbar.admin", false); Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false"); Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "28"); Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US"); Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Line Deleted : user_pref("extensions.BabylonToolbar.dpkLst", ""); Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "B5BF111D29757AD4419483C5B03DCAB5"); Line Deleted : user_pref("extensions.BabylonToolbar.id", "86966daa000000000000083e8e4eeb3f"); Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15734"); Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.217:59:35"); Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"70\",\"lastVrsn\":\"70\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}"); Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false"); Line Deleted : user_pref("extensions.BabylonToolbar.sg", "azb"); Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2"); Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2"); Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110801&tl=280113_9103&tt=280113_9103"); Line Deleted : user_pref("extensions.BabylonToolbar_i.excTlbr", false); Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.217:59:37"); Line Deleted : user_pref("extensions.Xee.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){wind[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standa[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.expiration", "Mon Dec 30 2013 18:22:51 GMT-0500 (Eastern Standard Ti[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Tue Dec 31 2013 18:07:41 GMT-0500 (Eastern Sta[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22"); Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Mon Dec 30 2013 18:22:51 GMT-0500 (Eastern Standa[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...] Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...] Line Deleted : user_pref("extensions.crossrider.bic", "14285d0f87cb6c5fbfa08f6ebb3b3515"); Line Deleted : user_pref("extensions.ihhu7.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\"[...] Line Deleted : user_pref("extensions.kX12w.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.typ[...] Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2); Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287802"); Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287802"); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3287802"); Line Deleted : user_pref("smartbar.machineId", "9HAMF+POWSSHFORLX+DUEYDSHHKJB097GBZSI0P1YEEGQEVHRXUJJO1OLMTHUSJ+ONVFC9DGWD3F82GWN8FOAG"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); Line Deleted : user_pref("valueApps.CT3287802./9B+7E+x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E,x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E-x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E.:2z527", "247E4035422A363879453A7C36412C742E20213128335449563E4A4C2E58583D263F2E324247"); Line Deleted : user_pref("valueApps.CT3287802./9B+7E.:2z527.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B+7E.x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E/x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E06CG5EL8:", "6E6D696A726C75767770"); Line Deleted : user_pref("valueApps.CT3287802./9B+7E06CG5EL8:.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F7078727B7C7D76242F4B49474F42357D5D5C3D"); Line Deleted : user_pref("valueApps.CT3287802./9B+7E06CG5EL;8I:K.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B+7E0x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E1x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E2x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDB@H>COCM?'RGJ", "247E61393F236B256E7876752A212C6E414F444D327A34504E4C544A4F5B4F594B335E5356433A4528655A555D585B554E37507D21534A55387578665A435C4E4A5F56617372[...] Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDB@H>COCM?'RGJ.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDHz K@C", "247E61393F236B25716F72792A212C6E414F444D327A345054272C574C4F3C333E215E534E5651544E473049227C4C434E315D5E67533C5544574E59666A715D466560707E7D644D666[...] Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDHz K@C.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDJIHL@AF%PEH.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJEJ~J?B.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E3x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E4x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E5x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E6x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E7x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E8x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E9x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E:x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E;x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E<x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E=x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E>x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E?x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7E@x305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7EAx305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57"); Line Deleted : user_pref("valueApps.CT3287802./9B+7EBE3G=;D9N9=D.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B+7EBx305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7ECx305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7EDx305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B+7Etx305.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802./9B-0?3G>D", "6B3F6C6A736C416E7A43477673204A4C4D7C254D7B53212A24555823282C2629302F2F5E"); Line Deleted : user_pref("valueApps.CT3287802./9B-0?3G>D.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B-0?3G@6:5;", ""); Line Deleted : user_pref("valueApps.CT3287802./9B-0?3G@6:5;.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B-0?3GFA7EF", "2B2E2C3D"); Line Deleted : user_pref("valueApps.CT3287802./9B-0?3GFA7EF.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861"); Line Deleted : user_pref("valueApps.CT3287802./9B-3=3ECCJA=F>.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576"); Line Deleted : user_pref("valueApps.CT3287802./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F"); Line Deleted : user_pref("valueApps.CT3287802./9B3=>@44I48?.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B5BA==9CJAG", "673F3B706A6E72407A7848757B494A784E7B4F4E50"); Line Deleted : user_pref("valueApps.CT3287802./9B5BA==9CJAG.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B6B11G4C56B>F;P;ANR@P", "6E6D696A726C75767772717879"); Line Deleted : user_pref("valueApps.CT3287802./9B6B11G4C56B>F;P;ANR@P.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E"); Line Deleted : user_pref("valueApps.CT3287802./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B9643G3/9E", "6A"); Line Deleted : user_pref("valueApps.CT3287802./9B9643G3/9E.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B;45>:BI9I7IE", "2B2E2C3D"); Line Deleted : user_pref("valueApps.CT3287802./9B;45>:BI9I7IE.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B<:222H64<", "393F352F3E"); Line Deleted : user_pref("valueApps.CT3287802./9B<:222H64<.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B<:222H64<L8DAJ", "6D70706F7673747974782A7974727876757E79"); Line Deleted : user_pref("valueApps.CT3287802./9B<:222H64<L8DAJ.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B=+03EH8H8J?:", "4443"); Line Deleted : user_pref("valueApps.CT3287802./9B=+03EH8H8J?:.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52"); Line Deleted : user_pref("valueApps.CT3287802./9B?+E2A52D8.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9B?B0D:8AJ62<H", "6D"); Line Deleted : user_pref("valueApps.CT3287802./9B?B0D:8AJ62<H.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802./9BA@0<0BI6A7GN:6@L?", "6C"); Line Deleted : user_pref("valueApps.CT3287802./9BA@0<0BI6A7GN:6@L?.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.PG_ENABLE", "74727565"); Line Deleted : user_pref("valueApps.CT3287802.PG_ENABLE.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.SF_JUST_INSTALLED", "46414C5345"); Line Deleted : user_pref("valueApps.CT3287802.SF_JUST_INSTALLED.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.SF_STATUS", "454E41424C4544"); Line Deleted : user_pref("valueApps.CT3287802.SF_STATUS.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.SF_USER_ID", "6369645F333031313230313331323538353238323735323237"); Line Deleted : user_pref("valueApps.CT3287802.SF_USER_ID.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802._key_cl_active", "63666261383138322D326134372D343939642D613966322D613061656334363338373866"); Line Deleted : user_pref("valueApps.CT3287802._key_cl_active.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.cb_experience_000", "32"); Line Deleted : user_pref("valueApps.CT3287802.cb_experience_000.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.cb_firstuse0100", "31"); Line Deleted : user_pref("valueApps.CT3287802.cb_firstuse0100.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.cb_user_id_000", "43423437373432333133313535395F313338353836373937343235315F46697265666F78"); Line Deleted : user_pref("valueApps.CT3287802.cb_user_id_000.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.cbfirsttime", "536174204E6F7620333020323031332031323A35383A323920474D542D3035303020284561737465726E205374616E646172642054696D6529"); Line Deleted : user_pref("valueApps.CT3287802.cbfirsttime.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F705F6E61222C2276657273696F6E223A31307D"); Line Deleted : user_pref("valueApps.CT3287802.discover-experiments-photopop.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.discover-periodic-reports", "7B2270696E675F30223A5B313338373932363538383439322C31343430303030305D7D"); Line Deleted : user_pref("valueApps.CT3287802.discover-periodic-reports.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.discover-user-id", "2264343637333764372D363032632D343431342D626562332D63643632663065616530663022"); Line Deleted : user_pref("valueApps.CT3287802.discover-user-id.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.ground-country-code", "22555322"); Line Deleted : user_pref("valueApps.CT3287802.ground-country-code.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.hover_counter", "36"); Line Deleted : user_pref("valueApps.CT3287802.hover_counter.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.impression_counter", "3137"); Line Deleted : user_pref("valueApps.CT3287802.impression_counter.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.impression_session_counter", "36"); Line Deleted : user_pref("valueApps.CT3287802.impression_session_counter.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.impression_session_id", "2231306135316233642D373530382D346633302D393632632D63636131333934386162626522"); Line Deleted : user_pref("valueApps.CT3287802.impression_session_id.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.impression_session_last_active", "31333837303632383537343737"); Line Deleted : user_pref("valueApps.CT3287802.impression_session_last_active.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appStateReportTime", "31333838313739393937333631"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appStateReportTime.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Clarity_Active", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Clarity_Active.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_CouponBuddy", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_CouponBuddy.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Discover", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Discover.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Easytobook", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Easytobook.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Easytobook_targeted", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Easytobook_targeted.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Find-a-Pro", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Find-a-Pro.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_JobsMiner", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_JobsMiner.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_PriceGong", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_PriceGong.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_WindowShopper", "6F6E"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_WindowShopper.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appsConfig.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appsDefaultEnabled", "6E756C6C"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appsDefaultEnabled.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_calledSetupService", "31"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_calledSetupService.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_currentVersion", "312E31322E302E35"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_currentVersion.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_existingUsersRecoveryDone", "31"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_existingUsersRecoveryDone.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_first_time", "31"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_first_time.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_globalKeysMigratedToLocalStorage", "31"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_lastLoginTime", "31333838313739393938343135"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_lastLoginTime.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_localization.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_mamEnabled", "74727565"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_mamEnabled.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_migrated_from_ls", "31"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_migrated_from_ls.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_new_welcome_experience", "31"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_new_welcome_experience.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_settings1.11.5.1.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_settings1.12.0.5.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_showWelcomeGadget", "66616C7365"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_showWelcomeGadget.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_stamp", "313034335F30"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_stamp.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_userId", "30386635303437342D306165632D343064632D613534312D346365343734363361383162"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_userId.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_user_approval_interacted", "31"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_user_approval_interacted.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_welcomeDialogMode", "31"); Line Deleted : user_pref("valueApps.CT3287802.mam_gk_welcomeDialogMode.storedInFile", false); Line Deleted : user_pref("valueApps.CT3287802.response_cache.storedInFile", true); Line Deleted : user_pref("valueApps.CT3287802.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313338353833393730373837372C2C2C68747470733A2F2F7777772E676F6F676C652E[...] Line Deleted : user_pref("valueApps.CT3287802.url_history0001.storedInFile", true); -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : icon_url Deleted : search_url Deleted : keyword [ File : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url Deleted : search_url Deleted : suggest_url Deleted : keyword ************************* AdwCleaner[R0].txt - [78496 octets] - [25/03/2014 20:21:35] AdwCleaner[s0].txt - [77243 octets] - [25/03/2014 20:24:17] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [77304 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Home Premium x64 Ran by L33tMaN on Thu 03/27/2014 at 19:22:15.67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{232f1b14-7126-491f-ac8c-6123ba58fde2} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_50001_0101_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_50001_0101_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_50001_0101_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_50001_0101_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FD43172-57ED-4973-8168-93E5D977D1F1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3FD43172-57ED-4973-8168-93E5D977D1F1} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FD43172-57ED-4973-8168-93E5D977D1F1} ~~~ Files Successfully deleted: [File] C:\windows\Tasks\pc-dis-upd.job Successfully deleted: [File] "C:\Users\L33tMaN\appdata\locallow\SkwConfig.bin" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pc1data" Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup" Successfully deleted: [Folder] "C:\Users\L33tMaN\AppData\Roaming\pc cleaners" Successfully deleted: [Folder] "C:\Users\L33tMaN\AppData\Roaming\pcpro" Successfully deleted: [Folder] "C:\Users\L33tMaN\appdata\local\couponamazing" Successfully deleted: [Folder] "C:\Program Files (x86)\pc cleaners" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc cleaners" Successfully deleted: [Empty Folder] C:\Users\L33tMaN\appdata\local\{C25A8265-A82A-42A7-8D1F-B9321717DF51} ~~~ FireFox Emptied folder: C:\Users\L33tMaN\AppData\Roaming\mozilla\firefox\profiles\vdq54lkb.default\minidumps [5 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 03/27/2014 at 19:26:55.03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
First A Redirct Virus, Now Unable To Connect At All To Internet
bmg replied to bmg's topic in Resolved Malware Removal Logs
Disable auto-play on all drives, or just removable ones? Also: >Double-click to run it. When the tool opens click Yes to disclaimer. What is 'it'? Farbar? Your post is unclear... -
My son't Alienware computer has been having trouble with a redirct virus, now it's unable to connect to the internet. A scan says 'no infections', how can that be, even with the Pro Version? Here are the logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.45.2 Run by L33tMaN at 19:39:37 on 2014-03-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8090.5788 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe C:\Program Files (x86)\PasswordBox\pbbtnService.exe C:\windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\Program Files\Microsoft Security Client\NisSrv.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\taskeng.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\LogonUI.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe \\?\C:\windows\system32\wbem\WMIADAP.EXE C:\windows\system32\wbem\wmiprvse.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyServer = hxxp=127.0.0.1:49195;https=127.0.0.1:49195 uProxyOverride = <-loopback> uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll mURLSearchHooks: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: ShopOn Coupon Helper Extension: {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader.dll BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - TB: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [GoogleChromeAutoLaunch_EE989A737300E8461C401789B9903612] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [WebInternetSecurity] "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe" dRun: [searchProtect] \SearchProtect\bin\cltmng.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.1.1 TCP: Interfaces\{922150AE-B813-4626-ADB1-614C8D542DC6} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DB92CCAA-2693-4972-AF5C-898C27153110} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DB92CCAA-2693-4972-AF5C-898C27153110}\45753475966496 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{DB92CCAA-2693-4972-AF5C-898C27153110}\876696E696479777966696 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{DB92CCAA-2693-4972-AF5C-898C27153110}\F6074796D657D677966696 : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\windows\syswow64\nvinit.dll c:\progra~2\skc4df~1.enh\psupport.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Plus-HD-2.5: {11111111-1111-1111-1111-110311341138} - x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - x64-BHO: BobyLyrics-16: {11111111-1111-1111-1111-110411411160} - x64-BHO: Speed Test Analysis: {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - x64-BHO: sueRf and, keep: {3C13B37D-5624-A9B6-9BB2-11F23FF9E648} - x64-BHO: ShopOn Coupon Helper Extension: {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader64.dll x64-BHO: SearchNewTab: {4B707A9F-4096-E32F-2871-6C4148277737} - x64-BHO: YoutubeAdblocker: {4F746501-B018-1546-6341-6EBFD137D3E0} - x64-BHO: TidyNetwork: {8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll FF - ExtSQL: 2014-01-18 19:21; 858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com; C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com FF - ExtSQL: 2014-02-08 02:59; {8b337819-d1e8-48d3-8178-168ae8c99c36}; C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} . ============= SERVICES / DRIVERS =============== . R?2 ShopOn Service;ShopOn Service;C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe [2013-11-20 30320] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240] R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-1-1 50976] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-6-8 98208] R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-1-10 14664] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-8 163608] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-28 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-28 701512] R2 MSI_ODD_Service;MSI_ODD_Service;C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-4 76800] R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944] R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-10-16 67584] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-3-22 382272] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-8 363800] R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-2 1759768] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-8 331264] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-28 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 NTIOLib_X64;NTIOLib_X64;C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-1-18 14136] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-8 539240] R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\windows\System32\drivers\rusb3hub.sys [2012-6-8 100352] R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\windows\System32\drivers\rusb3xhc.sys [2012-6-8 216064] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/06/07 23:20:01;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-12-16 248304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-10-10 131912] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-10 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-15 111616] S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\drivers\nvstusb.sys [2012-6-8 398656] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-10 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-03-16 23:13:20 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{940C5CE4-2DBB-4269-A63C-AC544C4E7AD8}\offreg.dll 2014-03-15 18:40:02 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A07C9AAF-2EAF-4515-AF16-1A322CD6F128}\gapaengine.dll 2014-03-15 18:39:07 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{940C5CE4-2DBB-4269-A63C-AC544C4E7AD8}\mpengine.dll 2014-03-15 18:33:59 624128 ----a-w- C:\windows\System32\qedit.dll 2014-03-15 18:33:59 509440 ----a-w- C:\windows\SysWow64\qedit.dll 2014-03-15 18:33:59 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2014-03-15 18:33:58 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2014-03-11 21:28:46 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-05 00:02:25 -------- d-----r- C:\Program Files (x86)\Skype 2014-03-02 23:00:02 -------- d-----w- C:\ProgramData\AVG Secure Search 2014-02-25 20:39:05 -------- d-----w- C:\windows\Migration 2014-02-15 08:01:34 548864 ----a-w- C:\windows\System32\vbscript.dll 2014-02-15 08:01:34 454656 ----a-w- C:\windows\SysWow64\vbscript.dll . ==================== Find3M ==================== . 2014-03-11 23:07:12 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-11 23:07:12 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2014-03-02 22:59:43 50976 ----a-w- C:\windows\System32\drivers\avgtpx64.sys 2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb 2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll 2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll 2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll 2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe 2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe 2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll 2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe 2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb 2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll 2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll 2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll 2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl 2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll 2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll 2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll 2014-02-22 20:16:08 6261968 ----a-w- C:\ProgramData\pclunst.exe 2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys 2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll 2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll 2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll 2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe 2014-01-11 21:11:17 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr 2014-01-11 21:11:17 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.exe 2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll 2013-12-24 21:43:51 737280 ----a-w- C:\windows\iun6002.exe 2013-12-17 00:40:41 1409 ----a-w- C:\windows\SysWow64\tmpDE3C7.FOT . ============= FINISH: 19:40:06.93 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2012 1:33:18 PM System Uptime: 3/16/2014 3:18:12 AM (16 hours ago) . Motherboard: Alienware | | 0KM92T Processor: Intel® Core i7-3770 CPU @ 3.40GHz | CPU 1 | 1598/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 921 GiB total, 629.178 GiB free. D: is CDROM (CDFS) E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP167: 3/16/2014 3:45:21 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Reader X (10.1.3) AlienAutopsy Alienware Command Center Allied Intent .2 client Allied Intent Xtended 2.0 Amazon Browser Bar AVG Security Toolbar Battlecraft 1942 Battlefield 1942 Battlefield 1942 Windows Vista/7 Compatibility Fix Battlefield 1942: Secret Weapons of WWII Battlefield 1942: The Road To Rome Battlefield 2 Battlefield 2 Demo Battlefield Mod Development Toolkit 2.0 Beta Command & Conquer Generals Command & Conquerô 3 Tiberium Wars and Kane's Wrath Command & Conquerô 4 Tiberian Twilight Command & Conquerô and The Covert Operationsô Command & Conquerô Red Alert 2 and Yuriís Revenge Command & Conquerô Red Alert, Counterstrike and The Aftermath Command & Conquerô Red Alertô 3 and Uprising Command & Conquerô The Ultimate Collection Additional Content Command & Conquerô: Generals and Zero Hour Command and ConquerTM Generals Zero Hour couponamazing CyberLink PowerDVD 9.6 D3DX10 Desura FFOLKES Unlocks123 mod v1.4.1 Forgoten Hope 2 (2 of 2) (dummy) Forgotten Hope 0.70 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper InfoAtoms [uninstall] Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics IntelÆ Trusted Connect Service Client Java 7 Update 45 Java Auto Updater Junk Mail filter update Lock On: Modern Air Combat Malwarebytes Anti-Malware version 1.75.0.1300 Max Websearch Media Player Classic - Home Cinema v1.5.2.3456 Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Mobogenie Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service MSI ODD Monitor MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Driver 296.36 NVIDIA Control Panel 296.36 NVIDIA Graphics Driver 296.36 NVIDIA HD Audio Driver 1.3.14.1 NVIDIA Install Application NVIDIA Optimus 1.7.12 NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update Components PasswordBox PowerISO Project Reality: BF2 PunkBuster for Battlefield 1942 QuickShare Ravaged RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Saints Row IV Sandbox Savings Explorer Scholastic's I SPY Fantasy Scholastic's I SPY Spooky Mansion Deluxe Scholastic's I SPY Treasure Hunt ScorpionSaver ScorpionSaver Services Search Assistant WebSearch 1.74 Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) ShopOn Coupon Extension Helper SK.Helper 1.74 Skypeô 6.11 Steam Swift Browse 1.0.0 Team Fortress 2 The Elder Scrolls V: Skyrim Virtual Families Packages WebInternetSecurity WestwoodChat WestwoodOnline Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 5.00 (32-bit) WOoKie Sniper Mod 1.3 WordPad+ version 1.01 World of Tanks World of Warplanes World of Warplanes Hack Toll 2.8 Xvid Video Codec Yahoo! Toolbar Zune . ==== Event Viewer Messages From Past Week ======== . 3/16/2014 5:21:02 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 3/16/2014 3:38:18 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 3/16/2014 3:37:25 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1. 3/16/2014 3:22:41 AM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible. 3/16/2014 3:22:36 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/16/2014 3:22:36 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 3/16/2014 3:20:32 AM, Error: Service Control Manager [7022] - The ShopOn Service service hung on starting. 3/15/2014 6:02:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 3/15/2014 6:02:38 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
-
The quick test is OK, but the long test just seems to hang; also not sure which ones to run...
-
No need to; computer locking up with no updates...
-
I notice windows updater is always saying 53% and never getting any bigger. I think this is the problem and have turned off updates...