OlpheX Posted July 31, 2013 ID:709328 Share Posted July 31, 2013 Hello , so I tryed to uninstall this malware and it doesn t allow me , it keeps poping up the window saying that its running with a program.So I tryed the manual way by opening the task window and shut down every single program that the poping window sayed.No result.It keep comming back and its slows my laptop very much , and now there are the pop up windows on every single web page I open I hope you can help me , thank you Link to post Share on other sites More sharing options...
MrCharlie Posted July 31, 2013 ID:709336 Share Posted July 31, 2013 Welcome to the forum. See if you can do this. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes) P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
OlpheX Posted July 31, 2013 Author ID:709355 Share Posted July 31, 2013 RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : user [Admin rights]Mode : Scan -- Date : 07/31/2013 22:08:27| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] BrowserDefender.exe -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [7] -> Chiuso [TermProc][sUSP PATH] BrowserDefender.exe -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [7] -> Chiuso [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7][x][x]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : NTRedirect (C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [7][-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2036621001-1671691700-3334771568-1001\[...]\Run : LightShot (C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2036621001-1671691700-3334771568-1001\[...]\Run : NTRedirect (C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [7][-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Magic Desktop for HP notification ("C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" [7]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] EPUpdater : C:\Users\user\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [-] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM641JI +++++--- User ---[MBR] c13ce36f99b8580b8030cec7b1bfea48[bSP] ba3d5b4da47b1f22d322e47175f81786 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593184 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215250432 | Size: 16992 Mo3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07312013_220827.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted July 31, 2013 ID:709368 Share Posted July 31, 2013 Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs. AdwCleaner is a tool that deletes : · Adwares (software ads) · PUP/LPI (Potentially Undesirable Program) · Toolbars · Hijacker (Hijack of the browser's homepage) It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1. Note: Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system. If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it. Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner. You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below: /DisableAskDetection - This option disables Ask Toolbar detection. MrC Link to post Share on other sites More sharing options...
OlpheX Posted July 31, 2013 Author ID:709371 Share Posted July 31, 2013 # AdwCleaner v2.306 - Logfile creato il 31/07/2013 alle 22:38:19# Aggiornamento 19/07/2013 by Xplode# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)# Utente : user - USER-PC# Modalità Avvio : Modalità Normale# Eseguito da : C:\Users\user\Desktop\adwcleaner.exe# Opzioni [Cerca] ***** [servizi] ***** Trovato : BrowserDefendert ***** [File / Cartelle] ***** Cartella Trovato : C:\Program Files (x86)\ChatZum ToolbarCartella Trovato : C:\Program Files (x86)\ConduitCartella Trovato : C:\Program Files (x86)\deltaCartella Trovato : C:\Program Files (x86)\DVDVideoSoftTBCartella Trovato : C:\Program Files (x86)\DVDVideoSoftTBCartella Trovato : C:\Program Files (x86)\WajamCartella Trovato : C:\ProgramData\BabylonCartella Trovato : C:\ProgramData\BrowserDefenderCartella Trovato : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde ***** [Registro] ***** Chiave Trovata : HKCU\Software\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}Chiave Trovata : HKCU\Software\AppDataLow\Software\ConduitChiave Trovata : HKCU\Software\AppDataLow\Software\ConduitSearchScopesChiave Trovata : HKCU\Software\AppDataLow\Software\CrossriderChiave Trovata : HKCU\Software\AppDataLow\Software\DVDVideoSoftTBChiave Trovata : HKCU\Software\AppDataLow\Software\DVDVideoSoftTBChiave Trovata : HKCU\Software\AppDataLow\Software\SmartBarChiave Trovata : HKCU\Software\AppDataLow\ToolbarChiave Trovata : HKCU\Software\BabSolutionChiave Trovata : HKCU\Software\ChatZum ToolbarChiave Trovata : HKCU\Software\ConduitChiave Trovata : HKCU\Software\Cr_InstallerChiave Trovata : HKCU\Software\DataMngrChiave Trovata : HKCU\Software\DataMngr_ToolbarChiave Trovata : HKCU\Software\DeltaChiave Trovata : HKCU\Software\InstallCoreChiave Trovata : HKCU\Software\InstalledBrowserExtensionsChiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsChiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Chiave Trovata : HKCU\Software\SoftonicChiave Trovata : HKCU\Software\StartSearchChiave Trovata : HKCU\Software\5357de8bb73ae544Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Chiave Trovata : HKLM\Software\ChatZum ToolbarChiave Trovata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\escort.DLLChiave Trovata : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLChiave Trovata : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLChiave Trovata : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLChiave Trovata : HKLM\SOFTWARE\Classes\AppID\esrv.EXEChiave Trovata : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLChiave Trovata : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEChiave Trovata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnablerChiave Trovata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1Chiave Trovata : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHOChiave Trovata : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO.1Chiave Trovata : HKLM\SOFTWARE\Classes\CrossriderApp0035382.SandboxChiave Trovata : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1Chiave Trovata : HKLM\SOFTWARE\Classes\delta.deltaappCoreChiave Trovata : HKLM\SOFTWARE\Classes\delta.deltaappCore.1Chiave Trovata : HKLM\SOFTWARE\Classes\delta.deltadskBndChiave Trovata : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1Chiave Trovata : HKLM\SOFTWARE\Classes\delta.deltaHlprChiave Trovata : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1Chiave Trovata : HKLM\SOFTWARE\Classes\escort.escortIEPaneChiave Trovata : HKLM\SOFTWARE\Classes\escort.escortIEPane.1Chiave Trovata : HKLM\SOFTWARE\Classes\esrv.deltaESrvcChiave Trovata : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1Chiave Trovata : HKLM\SOFTWARE\Classes\Prod.capChiave Trovata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsChiave Trovata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Chiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerChiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Chiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerChiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Chiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.TbRequestChiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Chiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.TbTaskChiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Chiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperChiave Trovata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Chiave Trovata : HKLM\SOFTWARE\Classes\TBSB09850.IEToolbarChiave Trovata : HKLM\SOFTWARE\Classes\TBSB09850.IEToolbar.1Chiave Trovata : HKLM\SOFTWARE\Classes\TBSB09850.TBSB09850Chiave Trovata : HKLM\SOFTWARE\Classes\TBSB09850.TBSB09850.3Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2269050Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifierChiave Trovata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImplChiave Trovata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManagerChiave Trovata : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar3.TBSB09850Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar3.TBSB09850.1Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534482}Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Chiave Trovata : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHookChiave Trovata : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1Chiave Trovata : HKLM\Software\ConduitChiave Trovata : HKLM\Software\DataMngrChiave Trovata : HKLM\Software\DeltaChiave Trovata : HKLM\Software\DVDVideoSoftTBChiave Trovata : HKLM\Software\DVDVideoSoftTBChiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCSChiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSChiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531182}Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\5357de8bb73ae544Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311531182}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322532282}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355535582}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366536682}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmdeChiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD091EEA-CF63-4D0F-A567-0A9A409067E1}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD212310-9791-4EF0-9947-A3819D810320}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum ToolbarChiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeltaChiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome ToolbarChiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB ToolbarChiave Trovata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Chiave Trovata : HKU\S-1-5-21-2036621001-1671691700-3334771568-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Chiave Trovata : HKU\S-1-5-21-2036621001-1671691700-3334771568-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}Chiave Trovata : HKU\S-1-5-21-2036621001-1671691700-3334771568-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Dato Trovata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dllValore Trovata : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [browser Internet] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Mozilla Firefox v20.0.1 (en-US) -\\ Google Chrome v28.0.1500.72 ************************* AdwCleaner[R1].txt - [24274 octets] - [31/07/2013 22:38:19] ########## EOF - C:\AdwCleaner[R1].txt - [24335 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted July 31, 2013 ID:709374 Share Posted July 31, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number. Then...... Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.MrC Link to post Share on other sites More sharing options...
OlpheX Posted July 31, 2013 Author ID:709382 Share Posted July 31, 2013 # AdwCleaner v2.306 - Logfile creato il 31/07/2013 alle 22:48:55# Aggiornamento 19/07/2013 by Xplode# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)# Utente : user - USER-PC# Modalità Avvio : Modalità Normale# Eseguito da : C:\Users\user\Desktop\adwcleaner.exe# Opzioni [Elimina] ***** [servizi] ***** Fermato & Eliminato : BrowserDefendert ***** [File / Cartelle] ***** Cartella Eliminato : C:\Program Files (x86)\ChatZum ToolbarCartella Eliminato : C:\Program Files (x86)\ConduitCartella Eliminato : C:\Program Files (x86)\deltaCartella Eliminato : C:\Program Files (x86)\DVDVideoSoftTBCartella Eliminato : C:\Program Files (x86)\WajamCartella Eliminato : C:\ProgramData\BabylonCartella Eliminato : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmdeEliminato al riavvio : C:\ProgramData\BrowserDefender ***** [Registro] ***** Chiave Eliminata : HKCU\Software\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}Chiave Eliminata : HKCU\Software\AppDataLow\Software\ConduitChiave Eliminata : HKCU\Software\AppDataLow\Software\ConduitSearchScopesChiave Eliminata : HKCU\Software\AppDataLow\Software\CrossriderChiave Eliminata : HKCU\Software\AppDataLow\Software\DVDVideoSoftTBChiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBarChiave Eliminata : HKCU\Software\AppDataLow\ToolbarChiave Eliminata : HKCU\Software\BabSolutionChiave Eliminata : HKCU\Software\ChatZum ToolbarChiave Eliminata : HKCU\Software\ConduitChiave Eliminata : HKCU\Software\Cr_InstallerChiave Eliminata : HKCU\Software\DataMngrChiave Eliminata : HKCU\Software\DataMngr_ToolbarChiave Eliminata : HKCU\Software\DeltaChiave Eliminata : HKCU\Software\InstallCoreChiave Eliminata : HKCU\Software\InstalledBrowserExtensionsChiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsChiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Chiave Eliminata : HKCU\Software\SoftonicChiave Eliminata : HKCU\Software\StartSearchChiave Eliminata : HKCU\Software\5357de8bb73ae544Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Chiave Eliminata : HKLM\Software\ChatZum ToolbarChiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLLChiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLChiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLChiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLChiave Eliminata : HKLM\SOFTWARE\Classes\AppID\esrv.EXEChiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLChiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEChiave Eliminata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnablerChiave Eliminata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1Chiave Eliminata : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHOChiave Eliminata : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO.1Chiave Eliminata : HKLM\SOFTWARE\Classes\CrossriderApp0035382.SandboxChiave Eliminata : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaappCoreChiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaappCore.1Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltadskBndChiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaHlprChiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPaneChiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane.1Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.deltaESrvcChiave Eliminata : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.capChiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsChiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerChiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerChiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequestChiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTaskChiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperChiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB09850.IEToolbarChiave Eliminata : HKLM\SOFTWARE\Classes\TBSB09850.IEToolbar.1Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB09850.TBSB09850Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB09850.TBSB09850.3Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2269050Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifierChiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImplChiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManagerChiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.TBSB09850Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.TBSB09850.1Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534482}Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Chiave Eliminata : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHookChiave Eliminata : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1Chiave Eliminata : HKLM\Software\ConduitChiave Eliminata : HKLM\Software\DataMngrChiave Eliminata : HKLM\Software\DeltaChiave Eliminata : HKLM\Software\DVDVideoSoftTBChiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCSChiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSChiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531182}Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\5357de8bb73ae544Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311531182}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322532282}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355535582}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366536682}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmdeChiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD091EEA-CF63-4D0F-A567-0A9A409067E1}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD212310-9791-4EF0-9947-A3819D810320}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum ToolbarChiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeltaChiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome ToolbarChiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB ToolbarChiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Chiave Eliminata : HKU\S-1-5-21-2036621001-1671691700-3334771568-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dllValore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [browser Internet] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Mozilla Firefox v20.0.1 (en-US) -\\ Google Chrome v28.0.1500.72 ************************* AdwCleaner[R1].txt - [24333 octets] - [31/07/2013 22:38:19]AdwCleaner[s1].txt - [23426 octets] - [31/07/2013 22:48:55] ########## EOF - C:\AdwCleaner[s1].txt - [23487 octets] ########## Link to post Share on other sites More sharing options...
OlpheX Posted July 31, 2013 Author ID:709384 Share Posted July 31, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.2.9 (07.30.2013:1)OS: Windows 7 Home Premium x64Ran by user on 31/07/2013 at 23:18:15,37~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLsSuspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== NTRedirect REG_SZ C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettingsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4EFC140-5400-4106-986D-C4B98A247924}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A4EFC140-5400-4106-986D-C4B98A247924} ~~~ Files Successfully deleted: [File] "C:\Users\user\appdata\local\Google\Chrome\User Data\Default\bProtector Web Data"Successfully deleted: [File] "C:\Users\user\appdata\local\Google\Chrome\User Data\Default\bprotectorpreferences"Successfully deleted: [File] C:\eula.1028.txtSuccessfully deleted: [File] C:\eula.1031.txtSuccessfully deleted: [File] C:\eula.1033.txtSuccessfully deleted: [File] C:\eula.1036.txtSuccessfully deleted: [File] C:\eula.1040.txtSuccessfully deleted: [File] C:\eula.1041.txtSuccessfully deleted: [File] C:\eula.1042.txtSuccessfully deleted: [File] C:\eula.2052.txtSuccessfully deleted: [File] C:\install.res.1028.dllSuccessfully deleted: [File] C:\install.res.1031.dllSuccessfully deleted: [File] C:\install.res.1033.dllSuccessfully deleted: [File] C:\install.res.1036.dllSuccessfully deleted: [File] C:\install.res.1040.dllSuccessfully deleted: [File] C:\install.res.1041.dllSuccessfully deleted: [File] C:\install.res.1042.dllSuccessfully deleted: [File] C:\install.res.2052.dllSuccessfully deleted: [File] C:\install.res.3082.dllSuccessfully deleted: [File] "C:\Windows\syswow64\authuitu.dll" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\browserdefender"Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babsolution"Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\delta"Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\dvdvideosofttb"Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\toolbar4" ~~~ FireFox Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\user.jsSuccessfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\bprotector_extensions.sqliteSuccessfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\bprotector_prefs.jsSuccessfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\searchplugins\babylon.xmlSuccessfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\searchplugins\search-safer.xmlSuccessfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\smartbarSuccessfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\extensions\ffxtlbr@babylon.comSuccessfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\extensions\ffxtlbr@delta.comSuccessfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\prefs.js user_pref("browser.search.order.1", "Delta Search");user_pref("browser.search.selectedEngine", "Delta Search");user_pref("CT2269050.1000082.isDisplayHidden", "true");user_pref("CT2269050.1000082.isPlayDisplay", "true");user_pref("CT2269050.1000234.TWC_location", "Lissone, Italy");user_pref("CT2269050.1000234.TWC_locId", "ITLM2158");user_pref("CT2269050.1000234.TWC_region", "OT");user_pref("CT2269050.1000234.TWC_temp_dis", "c");user_pref("CT2269050.1000234.TWC_TMP_city", "LISSONE");user_pref("CT2269050.1000234.TWC_TMP_country", "IT");user_pref("CT2269050.1000234.TWC_wind_dis", "kmh");user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"04.png\",\"temperature\":\"13°C\",\"temperatureClear\":\"13°C\",\"highTemperature\":\"13°C\",\"lowTemperature\":\"9Âuser_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");user_pref("CT2269050.autoDisableScopes", 0);user_pref("CT2269050.browser.search.defaultthis.engineName", true);user_pref("CT2269050.cb_experience_000.enc", "MzQ=");user_pref("CT2269050.cb_firstuse0100.enc", "MQ==");user_pref("CT2269050.cb_user_id_000.enc", "Q0I5MDg4MjQzNTA4NDdfMTM1NzczNTI1NDkwNl9GaXJlZm94");user_pref("CT2269050.cbcountry_001.enc", "SVQ=");user_pref("CT2269050.cbfirsttime.enc", "VHVlIEphbiAwOCAyMDEzIDEyOjI3OjAzIEdNVCswMTAwIChvcmEgc29sYXJlIEV1cm9wYSBvY2NpZGVudGFsZSk=");user_pref("CT2269050.CBOpenMAMSettings.enc", "MA==");user_pref("CT2269050.defaultSearch", "true");user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getuser_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT2269050.enableAlerts", "false");user_pref("CT2269050.enableFix404ByUser", "TRUE");user_pref("CT2269050.enableSearchFromAddressBar", "true");user_pref("CT2269050.FirstTime", "true");user_pref("CT2269050.firstTimeDialogOpened", "true");user_pref("CT2269050.FirstTimeFF3", "true");user_pref("CT2269050.fixPageNotFoundError", "true");user_pref("CT2269050.fixPageNotFoundErrorByUser", "true");user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");user_pref("CT2269050.fixUrls", true);user_pref("CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "QzU5NDAyOTEtNEQyMy00QTE2LUIyQTQtRUFDNjFBNDYyMzVuser_pref("CT2269050.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8scuser_pref("CT2269050.InstallDate", "8/1/2013 12:26:47");user_pref("CT2269050.installId", "conduitnsisintegration");user_pref("CT2269050.installType", "conduitnsisintegration");user_pref("CT2269050.isCheckedStartAsHidden", true);user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT2269050.isFirstTimeToolbarLoading", "false");user_pref("CT2269050.isNewTabEnabled", true);user_pref("CT2269050.isPerformedSmartBarTransition", "true");user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");user_pref("CT2269050.keyword", true);user_pref("CT2269050.lastVersion", "10.15.2.523");user_pref("CT2269050.LoginRevertSettingsEnabled", true);user_pref("CT2269050.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNuser_pref("CT2269050.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");user_pref("CT2269050.mam_gk_appState_CouponBuddy.enc", "b24=");user_pref("CT2269050.mam_gk_appState_Easytobook.enc", "b24=");user_pref("CT2269050.mam_gk_appState_Easytobook_targeted.enc", "b24=");user_pref("CT2269050.mam_gk_appState_PriceGong.enc", "b24=");user_pref("CT2269050.mam_gk_appStateReportTime.enc", "MTM2OTM0OTMyMDg3Mw==");user_pref("CT2269050.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImY0YTVmZTBkLTI2MzQtNDQ4Mi05OGNmLTBiZGQ1Zmuser_pref("CT2269050.mam_gk_currentVersion.enc", "MS42LjAuMQ==");user_pref("CT2269050.mam_gk_first_time.enc", "MQ==");user_pref("CT2269050.mam_gk_lastLoginTime.enc", "MTM2OTM0OTMxNzM1Mg==");user_pref("CT2269050.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMuser_pref("CT2269050.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");user_pref("CT2269050.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmlluser_pref("CT2269050.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmlluser_pref("CT2269050.mam_gk_showCloseButton.enc", "dHJ1ZQ==");user_pref("CT2269050.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");user_pref("CT2269050.mam_gk_userId.enc", "NzRlNzVhMDYtMjIwNS00NTkyLWI4ODUtZGQ5NWZmYzJhMzFk");user_pref("CT2269050.migrateAppsAndComponents", true);user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.amateurs-gone-wild.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Free%20Amateur%20Homemade%20Porn%user_pref("CT2269050.openThankYouPage", "false");user_pref("CT2269050.openUninstallPage", "true");user_pref("CT2269050.PG_ENABLE", "dHJ1ZQ==");user_pref("CT2269050.PG_ENABLE.enc", "dHJ1ZQ==");user_pref("CT2269050.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"01\\\\/08\\\\/2013 14\\\"}\"}");user_pref("CT2269050.price-gong.isManagedApp", "true");user_pref("CT2269050.revertSettingsEnabled", "true");user_pref("CT2269050.search.searchAppId", "128834881989343895");user_pref("CT2269050.search.searchCount", "0");user_pref("CT2269050.SearchAppState.enc", "Mw==");user_pref("CT2269050.SearchAppTracking.enc", "c2VudA==");user_pref("CT2269050.searchInNewTabEnabledByUser", "true");user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1367315565417");user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1366840635706");user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1366399665210");user_pref("CT2269050.serviceLayer_services_location_lastUpdate", "1367257488750");user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359305242956");user_pref("CT2269050.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360966287339");user_pref("CT2269050.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363910892796");user_pref("CT2269050.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365851881704");user_pref("CT2269050.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367315683128");user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1366399665326");user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1367257488884");user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1367257488657");user_pref("CT2269050.serviceLayer_services_setupAPI_lastUpdate", "1363910892936");user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1366399665086");user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1367315565265");user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1367257489445");user_pref("CT2269050.serviceLayer_services_userApps_lastUpdate", "1366137516068");user_pref("CT2269050.settingsINI", true);user_pref("CT2269050.shouldFirstTimeDialog", "false");user_pref("CT2269050.showToolbarPermission", "false");user_pref("CT2269050.smartbar.CTID", "CT2269050");user_pref("CT2269050.smartbar.homepage", true);user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");user_pref("CT2269050.smartbar.Uninstall", "0");user_pref("CT2269050.toolbarBornServerTime", "8-1-2013");user_pref("CT2269050.toolbarCurrentServerTime", "30-4-2013");user_pref("CT2269050.toolbarLoginClientTime", "Fri Mar 22 2013 02:12:23 GMT+0100 (ora solare Europa occidentale)");user_pref("CT2269050.url_history0001.enc", "aHR0cDovL3d3dy54eHhnZnBvcm4uY29tL29uZS1zd2VldC1zZXgtcGFydHktZ29pbmctb24taW4taGVyZS00NzM4Mi5odG1sOjo6Y2xpY2toYW5kbGVyOjo6MTM2OTM0OTUuser_pref("CT2269050.UserID", "UN96560805423962678");user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1369349479932,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}user_pref("Smartbar.ConduitSearchEngineList", "");user_pref("Smartbar.ConduitSearchUrlList", "");user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");user_pref("smartbar.machineId", "PEIWAEEN/6UFFLWTBLO9MBBDUQOPPEAREHJ10/CKPTIOKILFD/E2HNWH6OC+XZR1VV41NWS8GEAC/ABDTJPN3W");user_pref("smartbar.originalSearchEngine", "Search Safer");user_pref("smartBar.searchInNewTabOwner", "CT2269050");Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v7ggnbev.default\minidumps [186 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 31/07/2013 at 23:29:52,34End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
MrCharlie Posted July 31, 2013 ID:709397 Share Posted July 31, 2013 Looks Good..... Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
OlpheX Posted August 1, 2013 Author ID:709411 Share Posted August 1, 2013 Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.07.31.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635user :: USER-PC [administrator] Protection: Enabled 01/08/2013 01:46:31MBAM-log-2013-08-01 (02-14-52).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 216112Time elapsed: 22 minute(s), 9 second(s) Memory Processes Detected: 2C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 2248 -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 3196 -> No action taken. Memory Modules Detected: 1C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> No action taken. Registry Keys Detected: 20HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> No action taken.HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> No action taken.HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> No action taken.HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> No action taken.HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta.A) -> No action taken.HKCR\escort.escortIEPane.1 (PUP.Optional.Delta.A) -> No action taken.HKCR\escort.escortIEPane (PUP.Optional.Delta.A) -> No action taken.HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta.A) -> No action taken.HKCR\delta.deltaHlpr (PUP.Optional.Delta.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> No action taken.HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> No action taken.HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> No action taken.HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> No action taken.HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> No action taken.HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> No action taken.HKCR\d (PUP.Optional.Delta.A) -> No action taken.HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> No action taken. Registry Values Detected: 3HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> No action taken.HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.A.BabSolution) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run -> No action taken. Registry Data Items Detected: 2HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bad: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) Good: () -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?babsrc=HP_ss&mntrId=8A0BC417FEAA0A72&affID=119357&tsp=4960) Good: (http://www.google.com) -> No action taken. Folders Detected: 7C:\Users\user\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> No action taken.C:\Program Files (x86)\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> No action taken.C:\Program Files (x86)\Delta\delta\1.8.22.0\bh (PUP.Optional.Delta.A) -> No action taken. Files Detected: 35C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> No action taken.C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (PUP.Optional.Delta.A) -> No action taken.C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (PUP.Optional.Delta.A) -> No action taken.C:\Users\user\AppData\Local\Temp\7644F051-BAB0-7891-9D83-A0D594F8509D\Latest\ccp.exe (PUP.Babylon.A) -> No action taken.C:\Users\user\AppData\Local\Temp\7644F051-BAB0-7891-9D83-A0D594F8509D\Latest\MyDeltaTB.exe (PUP.Delta.A) -> No action taken.C:\Users\user\AppData\Local\Temp\7644F051-BAB0-7891-9D83-A0D594F8509D\Latest\Setup.exe (PUP.Babylon.A) -> No action taken.C:\Users\user\AppData\Local\Temp\9CF44760-BAB0-7891-9210-4E290E6EA393\Latest\ccp.exe (PUP.Babylon.A) -> No action taken.C:\Users\user\AppData\Local\Temp\Delta\delta\1.8.22.0\delta4ie.exe (PUP.Delta.A) -> No action taken.C:\Users\user\AppData\Local\Temp\F497313A-BAB0-7891-89C7-13F9CFBF9AD2\Latest\ccp.exe (PUP.Babylon.A) -> No action taken.C:\Users\user\AppData\Local\Temp\is1326335552\DeltaTB.exe (PUP.Optional.Babylon.A) -> No action taken.C:\Users\user\AppData\Local\Temp\is1326335552\Setup-D502DD2B71B5.exe (PUP.Optional.WebCake.A) -> No action taken.C:\Users\user\Downloads\setup.exe (PUP.Optional.InstallCore) -> No action taken.C:\Users\user\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> No action taken.C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaApp.dll (PUP.Optional.Delta.A) -> No action taken.C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaEng.dll (PUP.Optional.Delta.A) -> No action taken.C:\Program Files (x86)\Delta\delta\1.8.22.0\deltasrv.exe (PUP.Optional.Delta.A) -> No action taken.C:\Program Files (x86)\Delta\delta\1.8.22.0\uninstall.exe (PUP.Optional.Delta.A) -> No action taken. (end) Link to post Share on other sites More sharing options...
MrCharlie Posted August 1, 2013 ID:709413 Share Posted August 1, 2013 Looks like you didn't delete anything????? C:\Program Files (x86)\Delta\delta\1.8.22.0\uninstall.exe (PUP.Optional.Delta.A) -> No action taken. MrC Link to post Share on other sites More sharing options...
OlpheX Posted August 1, 2013 Author ID:709422 Share Posted August 1, 2013 Just finished restarting cause it asked it after all the files were deleted. No sign of *browser defender * anywhere in the system Laptop works very well now and no more pop ups windows on the web pages either Thank you very much for all the help and time you gave me Link to post Share on other sites More sharing options...
MrCharlie Posted August 1, 2013 ID:709425 Share Posted August 1, 2013 Good..... Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get "Unsupported operating system. Aborting now", just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
OlpheX Posted August 1, 2013 Author ID:709555 Share Posted August 1, 2013 Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` hosts Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (it-IT) TuneUp Utilities 2013 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 20.0.1 Firefox out of Date! Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted August 1, 2013 ID:709629 Share Posted August 1, 2013 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:---------------------------------------------Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar). -----------------------------------------Mozilla Firefox 20.0.1 Firefox out of Date! <-----please check for an update if available-------------------------------------Google Chrome 28.0.1500.72 <-----OLDGoogle Chrome 28.0.1500.95 <-----OKYou have old versions of Google Chrome on the system.Please download and run OldChromeRemover.@Windows Vista/Windows 7-8 users must use “Run As Administrator.”------------------------------------------------------A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------If you used DeFogger to disable your CD Emulation drivers, please re-enable them.-------------------------------Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again. (may be down right now)Cached version:http://webcache.googleusercontent.com/search?q=cache:T4_y-D1qZAoJ:maddoktor2.com/forums/index.php%3Ftopic%3D46886.0+&cd=3&hl=en&ct=clnk&gl=usGood Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
OlpheX Posted August 1, 2013 Author ID:709711 Share Posted August 1, 2013 Ok I deleted the programs I don t use and those RogueKiller etc , I updated google chrome to 28.0.1500.95 and from now on I will use only that browser When I was removing the old programs I saw in the control pannel that there is one program that I m not familiar with ( Hosts by Alex )I have no idea what is it . Should I remove it?And another thing when I open the task window to see the processes there is one dllhost.exe*32 - COM Surrogate wich pops from now and then , idk what s that so if you can tell me it would be greatThe laptop its working well now but I see that something its still *eatting* my 4gb ram . Link to post Share on other sites More sharing options...
MrCharlie Posted August 1, 2013 ID:709725 Share Posted August 1, 2013 Hosts by AlexI have no idea what is it . Should I remove it?I don't know what that is, if you didn't install it..then I would uninstall it.Google shows nothing for it.--------------------------------For:dllhost.exe*32 - COM SurrogateLook through this post:http://forum.cakewalk.com/Help-appreciated-Process-dllhostexe-running-constantly-at-about-50-CPU-m2062502.aspxMrC Link to post Share on other sites More sharing options...
LDTate Posted August 4, 2013 ID:710917 Share Posted August 4, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts