Jump to content

Recommended Posts

Hi,

 

I found an old laptop hidden away in storage, and thought I would try to get it running smoothly again.. I'm trying to do it on my own without bothering the forums too much  ;) 

 

I've ran MBAM, FRST, and AdwCleaner. As well as uninstalling a load of programs with Revo Uninstaller. 

 

My son used this laptop a lot, so I have no idea what's on here. Trying to go through all of these files is a nightmare. I tried to remove whatever 'Piracy' related programs I could find. I apologize if there is any left. 

 

I was wondering if someone would be willing to make me a Fixlist for FRST.. 

 

Here's the log: (I will attach the Additional.txt)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by MoM25 (administrator) on LOUISEATWORK on 20-03-2014 20:54:02
Running from C:\Users\MoM25\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Google Inc.) C:\Users\MoM25\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MoM25\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MoM25\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\MoM25\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2009-10-13] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-19\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-4085380671-887356356-3133374699-1008\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-10-16] (Hewlett-Packard Company)
HKU\S-1-5-21-4085380671-887356356-3133374699-1008\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {57FDFE53-2FD5-4C40-B855-DAE9B7391BA0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {57FDFE53-2FD5-4C40-B855-DAE9B7391BA0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: GamesManager - {562E9E46-6E06-41DA-9EC1-1103F7BAD19A} - C:\Program Files (x86)\Games Manager\GamesManager.dll ()
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} -  No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - !{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} -  No File
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 www.virustotal.com
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{4E989AF8-1F05-4206-B294-84BA2345486E}: [NameServer]208.67.222.222,208.67.220.220
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\MoM25\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\MoM25\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (YouTube) - C:\Users\MoM25\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Google Search) - C:\Users\MoM25\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (Google Wallet) - C:\Users\MoM25\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Gmail) - C:\Users\MoM25\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]
CHR StartMenuInternet: Google Chrome - C:\Users\justin.LOUISEATWORK\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S4 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-19] (AVG Technologies)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-20 19:47 - 2014-03-20 20:06 - 00000000 ____D () C:\AdwCleaner
2014-03-20 19:47 - 2014-03-20 19:47 - 01950720 _____ () C:\Users\MoM25\Desktop\AdwCleaner.exe
2014-03-20 19:29 - 2014-03-20 19:29 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-20 15:53 - 2014-03-20 15:53 - 00000000 ____D () C:\Users\MoM25\AppData\Roaming\DAEMON Tools Lite
2014-03-20 14:47 - 2014-03-20 20:54 - 00012273 _____ () C:\Users\MoM25\Desktop\FRST.txt
2014-03-20 14:47 - 2014-03-20 20:54 - 00000000 ____D () C:\FRST
2014-03-20 14:46 - 2014-03-20 14:47 - 02157056 _____ (Farbar) C:\Users\MoM25\Desktop\FRST64.exe
2014-03-20 03:58 - 2014-03-20 03:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-19 23:07 - 2014-03-19 23:07 - 00000000 ____D () C:\Windows\pss
2014-03-19 22:59 - 2014-03-19 22:59 - 00000000 ____D () C:\Users\MoM25\AppData\Roaming\InstallShield
 
==================== One Month Modified Files and Folders =======
 
2014-03-20 20:54 - 2014-03-20 14:47 - 00012273 _____ () C:\Users\MoM25\Desktop\FRST.txt
2014-03-20 20:54 - 2014-03-20 14:47 - 00000000 ____D () C:\FRST
2014-03-20 20:51 - 2010-02-11 04:22 - 01823888 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 20:27 - 2009-07-14 00:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 20:27 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 20:27 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 20:21 - 2012-08-15 16:11 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085380671-887356356-3133374699-1000UA.job
2014-03-20 20:19 - 2012-08-18 09:02 - 00000000 ____D () C:\Users\MoM25\AppData\Local\AVG Secure Search
2014-03-20 20:19 - 2010-05-04 20:41 - 00432726 _____ () C:\Windows\PFRO.log
2014-03-20 20:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 20:19 - 2009-07-13 23:51 - 00007528 _____ () C:\Windows\setupact.log
2014-03-20 20:14 - 2012-07-15 09:04 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085380671-887356356-3133374699-1006UA.job
2014-03-20 20:13 - 2012-08-09 16:58 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085380671-887356356-3133374699-1003UA.job
2014-03-20 20:08 - 2012-08-19 13:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085380671-887356356-3133374699-1008UA.job
2014-03-20 20:06 - 2014-03-20 19:47 - 00000000 ____D () C:\AdwCleaner
2014-03-20 19:47 - 2014-03-20 19:47 - 01950720 _____ () C:\Users\MoM25\Desktop\AdwCleaner.exe
2014-03-20 19:29 - 2014-03-20 19:29 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-20 18:47 - 2011-05-02 11:22 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-20 18:41 - 2011-05-16 09:51 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-03-20 18:39 - 2012-08-19 14:32 - 00000000 ____D () C:\Users\MoM25\AppData\Roaming\NCH Software
2014-03-20 18:35 - 2010-01-20 13:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-20 18:14 - 2012-08-20 19:35 - 00000000 ____D () C:\Users\MoM25\AppData\Local\Oblivion
2014-03-20 17:22 - 2012-08-10 07:36 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085380671-887356356-3133374699-1000Core.job
2014-03-20 17:13 - 2012-08-09 16:58 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085380671-887356356-3133374699-1003Core.job
2014-03-20 16:35 - 2010-01-20 14:50 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-20 16:35 - 2010-01-20 14:50 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-20 15:53 - 2014-03-20 15:53 - 00000000 ____D () C:\Users\MoM25\AppData\Roaming\DAEMON Tools Lite
2014-03-20 15:01 - 2012-08-09 17:44 - 00000296 _____ () C:\Windows\Tasks\Registry Optimizer_DEFAULT.job
2014-03-20 14:47 - 2014-03-20 14:46 - 02157056 _____ (Farbar) C:\Users\MoM25\Desktop\FRST64.exe
2014-03-20 14:20 - 2010-01-20 13:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-20 13:39 - 2012-08-20 18:12 - 00000000 ____D () C:\Users\Justin
2014-03-20 13:35 - 2013-12-30 23:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-20 13:35 - 2013-12-30 23:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-20 08:14 - 2012-07-15 09:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085380671-887356356-3133374699-1006Core.job
2014-03-20 04:08 - 2012-08-19 13:48 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085380671-887356356-3133374699-1008Core.job
2014-03-20 03:58 - 2014-03-20 03:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-20 03:58 - 2012-08-14 13:33 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 03:42 - 2013-12-30 20:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 03:13 - 2010-05-04 12:55 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 23:07 - 2014-03-19 23:07 - 00000000 ____D () C:\Windows\pss
2014-03-19 22:59 - 2014-03-19 22:59 - 00000000 ____D () C:\Users\MoM25\AppData\Roaming\InstallShield
2014-03-19 22:53 - 2012-08-09 16:43 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\Users\MoM25\jagex_cl_runescape_LIVE.dat
 
 
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\aacenc3.exe
C:\Users\Guest\AppData\Local\Temp\Babylon8_setup_16510_US.exe
C:\Users\Guest\AppData\Local\Temp\TwcTbsetup.exe
C:\Users\Guest\AppData\Local\Temp\YontooSetup-DropDownDeals-SilentInstaller.exe
C:\Users\Guest\AppData\Local\Temp\_is67A7.exe
C:\Users\Justin\AppData\Local\Temp\i4jdel0.exe
C:\Users\MoM25\AppData\Local\Temp\eauninstall.exe
C:\Users\MoM25\AppData\Local\Temp\guninst.exe
C:\Users\MoM25\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
C:\Users\MoM25\AppData\Local\Temp\Quarantine.exe
C:\Users\MoM25\AppData\Local\Temp\tbNCH.dll
C:\Users\MoM25\AppData\Local\Temp\ubi3821.tmp.exe
C:\Users\MoM25\AppData\Local\Temp\uninst.exe
C:\Users\MoM25\AppData\Local\Temp\_isE629.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 06:03
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from the following link and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

 

Double Click mbam-setup.exe to install the application.

 

  •  

     

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

     

     

  • If an update is found, it will download and install the latest version.

     

     

  • Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.

     

     

  • The scan may take some time to finish,so please be patient.

     

     

  • When the scan is complete, click OK, then Show Results to view the results.

     

     

  • Make sure that everything is checked, and click Remove Selected.

     

     

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

     

     

  • Please save the log to a location you will remember.

     

     

  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

     

     

  • Copy and paste the entire report in your next reply.

     

     

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

 

  •  

     

  • Double click on AdwCleaner.exe to run the tool.

     

     

  • Vista/Windows 7/8 users right-click and select Run As Administrator

     

     

  • Click on the Scan button.

     

     

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

     

     

  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.

     

     

  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

     

     

  • Look over the log especially under Files/Folders for any program you want to save.

     

     

  • If there's a program you want to save, just uncheck it from AdwCleaner.

     

     

  • If you're not sure, post the log for review.

     

     

  • If you're ready to clean it all up.....click the Clean button.

     

     

  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.

     

     

  • Copy and paste the contents of that logfile in your next reply.

     

     

  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

     

     

  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine

     

     

  • To restore an item that has been deleted (if necessary):

     

     

  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

     

     

 

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

 

  •  

     

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

     

     

  • click on the Run ESET Online Scanner button

     

     

  • Tick the box next to YES, I accept the Terms of Use.

     

    Click Start

     

  • When asked, allow the add/on to be installed

     

    Click Start

     

  • Make sure that the option Remove found threats is unticked

     

     

  • Click on Advanced Settings, ensure the options

     

     

  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

     

    Click Scan

     

  • wait for the virus definitions to be downloaded

     

     

  • Wait for the scan to finish

     

     

 

 

When the scan is complete

 

 

  •  

     

  • If no threats were found

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • close program

     

     

  • report to me that nothing was found

     

     

 

 

If threats were found

 

 

  •  

     

  • click on "list of threats found"

     

     

  • click on "export to text file" and save it as ESET SCAN and save to the desktop

     

     

  • Click on back

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • click on finish

     

     

 

 

close program

 

copy and paste the report in next reply

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns....

 

Kevin

fixlist.txt

Link to post
Share on other sites

Hey Kevin. Thank you for helping.

 

Here is the FixLog from FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by MoM25 at 2014-03-22 15:38:58 Run:1
Running from C:\Users\MoM25\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\.DEFAULT\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-19\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
C:\Program Files (x86)\Free Ride Games
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {57FDFE53-2FD5-4C40-B855-DAE9B7391BA0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {57FDFE53-2FD5-4C40-B855-DAE9B7391BA0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: GamesManager - {562E9E46-6E06-41DA-9EC1-1103F7BAD19A} - C:\Program Files (x86)\Games Manager\GamesManager.dll ()
C:\Program Files (x86)\Games Manager
Toolbar: HKLM - No Name - !{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} -  No File
Toolbar: HKLM-x32 - No Name - !{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} -  No File
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\Users\MoM25\jagex_cl_runescape_LIVE.dat
C:\Users\Guest\AppData\Local\Temp\aacenc3.exe
C:\Users\Guest\AppData\Local\Temp\Babylon8_setup_16510_US.exe
C:\Users\Guest\AppData\Local\Temp\TwcTbsetup.exe
C:\Users\Guest\AppData\Local\Temp\YontooSetup-DropDownDeals-SilentInstaller.exe
C:\Users\Guest\AppData\Local\Temp\_is67A7.exe
C:\Users\Justin\AppData\Local\Temp\i4jdel0.exe
C:\Users\MoM25\AppData\Local\Temp\eauninstall.exe
C:\Users\MoM25\AppData\Local\Temp\guninst.exe
C:\Users\MoM25\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
C:\Users\MoM25\AppData\Local\Temp\Quarantine.exe
C:\Users\MoM25\AppData\Local\Temp\tbNCH.dll
C:\Users\MoM25\AppData\Local\Temp\ubi3821.tmp.exe
C:\Users\MoM25\AppData\Local\Temp\uninst.exe
C:\Users\MoM25\AppData\Local\Temp\_isE629.exe
2009-07-13 21:34 - 2012-08-09 20:36 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
AlternateDataStreams: C:\ProgramData\Temp:01BEC24A
AlternateDataStreams: C:\ProgramData\Temp:067BF339
AlternateDataStreams: C:\ProgramData\Temp:0B352B60
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0E636D62
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:163CAB5A
AlternateDataStreams: C:\ProgramData\Temp:19474103
AlternateDataStreams: C:\ProgramData\Temp:1D6B18F1
AlternateDataStreams: C:\ProgramData\Temp:2AF322BF
AlternateDataStreams: C:\ProgramData\Temp:2B856118
AlternateDataStreams: C:\ProgramData\Temp:2D2461E7
AlternateDataStreams: C:\ProgramData\Temp:329BA65B
AlternateDataStreams: C:\ProgramData\Temp:48866078
AlternateDataStreams: C:\ProgramData\Temp:54380FEC
AlternateDataStreams: C:\ProgramData\Temp:689AB7E9
AlternateDataStreams: C:\ProgramData\Temp:71612023
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:7ADB695A
AlternateDataStreams: C:\ProgramData\Temp:852F2262
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:90EFA562
AlternateDataStreams: C:\ProgramData\Temp:9FD757A9
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:AECF4772
AlternateDataStreams: C:\ProgramData\Temp:B0456F0C
AlternateDataStreams: C:\ProgramData\Temp:B190BE3A
AlternateDataStreams: C:\ProgramData\Temp:B8EB1B99
AlternateDataStreams: C:\ProgramData\Temp:BE6B5FC3
AlternateDataStreams: C:\ProgramData\Temp:DC2D40F0
AlternateDataStreams: C:\ProgramData\Temp:E1EE4372
AlternateDataStreams: C:\ProgramData\Temp:E690114B
AlternateDataStreams: C:\ProgramData\Temp:E8C44CB4
End
*****************
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.
"C:\Program Files (x86)\Free Ride Games" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57FDFE53-2FD5-4C40-B855-DAE9B7391BA0} => Key deleted successfully.
HKCR\CLSID\{57FDFE53-2FD5-4C40-B855-DAE9B7391BA0} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{57FDFE53-2FD5-4C40-B855-DAE9B7391BA0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{57FDFE53-2FD5-4C40-B855-DAE9B7391BA0} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{562E9E46-6E06-41DA-9EC1-1103F7BAD19A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{562E9E46-6E06-41DA-9EC1-1103F7BAD19A} => Key deleted successfully.
C:\Program Files (x86)\Games Manager => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} => Value deleted successfully.
HKCR\CLSID\!{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\!{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} => Value deleted successfully.
HKCR\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
X5XSEx => Service deleted successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\PKP_DLdw.DAT => Moved successfully.
C:\Users\MoM25\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\aacenc3.exe => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\Babylon8_setup_16510_US.exe => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\TwcTbsetup.exe => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\YontooSetup-DropDownDeals-SilentInstaller.exe => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\_is67A7.exe => Moved successfully.
C:\Users\Justin\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\MoM25\AppData\Local\Temp\eauninstall.exe => Moved successfully.
C:\Users\MoM25\AppData\Local\Temp\guninst.exe => Moved successfully.
C:\Users\MoM25\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe => Moved successfully.
C:\Users\MoM25\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\MoM25\AppData\Local\Temp\tbNCH.dll => Moved successfully.
C:\Users\MoM25\AppData\Local\Temp\ubi3821.tmp.exe => Moved successfully.
C:\Users\MoM25\AppData\Local\Temp\uninst.exe => Moved successfully.
C:\Users\MoM25\AppData\Local\Temp\_isE629.exe => Moved successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
C:\ProgramData\Temp => ":01BEC24A" ADS removed successfully.
C:\ProgramData\Temp => ":067BF339" ADS removed successfully.
C:\ProgramData\Temp => ":0B352B60" ADS removed successfully.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
C:\ProgramData\Temp => ":0E636D62" ADS removed successfully.
C:\ProgramData\Temp => ":14A1BBE3" ADS removed successfully.
C:\ProgramData\Temp => ":163CAB5A" ADS removed successfully.
C:\ProgramData\Temp => ":19474103" ADS removed successfully.
C:\ProgramData\Temp => ":1D6B18F1" ADS removed successfully.
C:\ProgramData\Temp => ":2AF322BF" ADS removed successfully.
C:\ProgramData\Temp => ":2B856118" ADS removed successfully.
C:\ProgramData\Temp => ":2D2461E7" ADS removed successfully.
C:\ProgramData\Temp => ":329BA65B" ADS removed successfully.
C:\ProgramData\Temp => ":48866078" ADS removed successfully.
C:\ProgramData\Temp => ":54380FEC" ADS removed successfully.
C:\ProgramData\Temp => ":689AB7E9" ADS removed successfully.
C:\ProgramData\Temp => ":71612023" ADS removed successfully.
C:\ProgramData\Temp => ":737160C1" ADS removed successfully.
C:\ProgramData\Temp => ":7ADB695A" ADS removed successfully.
C:\ProgramData\Temp => ":852F2262" ADS removed successfully.
C:\ProgramData\Temp => ":8BE7A048" ADS removed successfully.
C:\ProgramData\Temp => ":90EFA562" ADS removed successfully.
C:\ProgramData\Temp => ":9FD757A9" ADS removed successfully.
C:\ProgramData\Temp => ":A4E7D25F" ADS removed successfully.
C:\ProgramData\Temp => ":A88BE334" ADS removed successfully.
C:\ProgramData\Temp => ":AECF4772" ADS removed successfully.
C:\ProgramData\Temp => ":B0456F0C" ADS removed successfully.
C:\ProgramData\Temp => ":B190BE3A" ADS removed successfully.
C:\ProgramData\Temp => ":B8EB1B99" ADS removed successfully.
C:\ProgramData\Temp => ":BE6B5FC3" ADS removed successfully.
C:\ProgramData\Temp => ":DC2D40F0" ADS removed successfully.
C:\ProgramData\Temp => ":E1EE4372" ADS removed successfully.
C:\ProgramData\Temp => ":E690114B" ADS removed successfully.
C:\ProgramData\Temp => ":E8C44CB4" ADS removed successfully.
 
==== End of Fixlog ====
 
I'll add the other logs as they finish.
Link to post
Share on other sites

MalwareBytes didn't find anything on this scan. It found 16 on a previous scan. I don't know if you want the log for that, though.

 

Here is an AdwCleaner Log from two days ago:

 

# AdwCleaner v3.022 - Report created 20/03/2014 at 20:05:19

# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : MoM25 - LOUISEATWORK
# Running from : C:\Users\MoM25\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\MyWebSearch
Folder Deleted : C:\Program Files (x86)\Object
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Client
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
Folder Deleted : C:\Program Files\Babylon
[!] Folder Deleted : C:\Users\MoM25\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\MoM25\AppData\Local\PackageAware
Folder Deleted : C:\Users\MoM25\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\MoM25\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MoM25\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Justin\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Justin\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Justin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Justin\AppData\LocalLow\PriceGong
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\MoM25\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856415
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856449
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2857573
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2866295
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_battlefield-2_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_battlefield-2_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_call-of-duty-4_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_call-of-duty-4_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-realms[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-realms[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gta-iv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gta-iv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_need-for-speed-most-wanted_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_need-for-speed-most-wanted_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-weather-channel-desktop[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-weather-channel-desktop[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
*************************
 
AdwCleaner[R0].txt - [20122 octets] - [20/03/2014 19:48:15]
AdwCleaner[s0].txt - [20279 octets] - [20/03/2014 20:05:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [20340 octets] ##########
 
 
And here is a log from a few minutes ago:
 
# AdwCleaner v3.022 - Report created 22/03/2014 at 16:43:23
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : MoM25 - LOUISEATWORK
# Running from : C:\Users\MoM25\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Users\MoM25\AppData\Local\AVG Secure Search
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
*************************
 
AdwCleaner[R0].txt - [20122 octets] - [20/03/2014 19:48:15]
AdwCleaner[R1].txt - [808 octets] - [22/03/2014 16:38:01]
AdwCleaner[s0].txt - [20529 octets] - [20/03/2014 20:05:19]
AdwCleaner[s1].txt - [738 octets] - [22/03/2014 16:43:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [797 octets] ##########
 
I'm about to run ESET..
Link to post
Share on other sites

ESET scan is finally done. I noticed a file in the results named NFS GameHack.. I removed as much as I could prior to the scan, but I don't have access to my son's account. He 'forgot' his password..

 

I left it on the list because I want all of the piracy-related files off of my computer. I hope this doesn't interfere with anything.

 

Here is the log:

 

C:\autorun.inf INF/Autorun worm

C:\$Recycle.Bin\S-1-5-21-4085380671-887356356-3133374699-1000\$R846PGI\CheatEngine60.exe Win32/OpenCandy potentially unsafe application
C:\$Recycle.Bin\S-1-5-21-4085380671-887356356-3133374699-1000\$R846PGI\Facemoods.exe a variant of Win32/SweetIM.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo potentially unwanted application
C:\Downloads\Software\Elf_1.13.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Downloads\Software\Game_Master_1.1.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Downloads\Software\iBario_Free_Apps.exe probably a variant of Win32/SweetIM.A potentially unwanted application
C:\Downloads\Software\SoftonicDownloader_for_call-of-duty-4.exe Win32/SoftonicDownloader.A potentially unwanted application
C:\Downloads\Software\SoftonicDownloader_for_gta-iv.exe Win32/SoftonicDownloader.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\Babylon8_setup_16510_US.exe.xBAD a variant of Win32/Toolbar.Babylon.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\YontooSetup-DropDownDeals-SilentInstaller.exe.xBAD Win32/Adware.Yontoo.A application
C:\FRST\Quarantine\C\Users\MoM25\AppData\Local\Temp\tbNCH.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\C\Users\MoM25\AppData\Local\Temp\uninst.exe.xBAD a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\PhotoStage\pstagesetup_v2.13.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\PhotoStage\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[3].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6DWL26A\Z29vZ2xlLmNvbXx8OTQ1RC03Njk4fHxnYW1lc3VzbGl8fDEuMg==[1].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[3].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\c2hvcDYtMS5mb3JsZXNzLmNvbXx8OTQ1RC03Njk4fHxnYW1lc3VzbGl8fDEuMg==[1].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htm JS/Agent.NJV trojan
C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htm JS/Agent.NJV trojan
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PU0S7XV\iBarioGames[1].exe a variant of Win32/Obfuscated.NEX trojan
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3MY8NT4\iBarioGames[1].exe a variant of Win32/Obfuscated.NEX trojan
C:\Users\Guest\AppData\LocalLow\Elf_1\tbElf_.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Elf_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Elf_1.13\tbElf_.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Elf_1.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Elf_1.15\tbElf_.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Elf_1.15\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Game_Master_1.1\tbGame.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Game_Master_1.1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Guest\AppData\LocalLow\NCH\ldrtbNCH.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Guest\AppData\LocalLow\NCH\tbNCH.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Softonic-Eng7\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Guest\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\4gapwnmc.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application
C:\Users\Justin\AppData\LocalLow\NCH\ldrtbNCH.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Justin\AppData\LocalLow\NCH\tbNCH.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Justin246\Documents\Trainer_by_eXtalia_(for_NFSU_1.1001)[1]\shaikh_nfs_underground.exe a variant of Win32/GameHack.HH potentially unsafe application
C:\Users\Justin246\Documents\Trainer_by_gghz_(for_NFSU_1.0)[1]\gghz-NFSU_tr.exe Win32/GameHack.AD potentially unsafe application
C:\Users\Justin246\Downloads\debutsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\Users\MoM25\AppData\Local\Temp\nchuninst\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Public\Downloads\PedalToTheMetalSetup-dm[1].exe a variant of Win32/Adware.Trymedia.A potentially unwanted application
D:\autorun.inf INF/Autorun worm
E:\autorun.inf INF/Autorun worm
Link to post
Share on other sites

Thanks for the log, ok we continue:

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\autorun.infC:\$Recycle.Bin\S-1-5-21-4085380671-887356356-3133374699-1000\$R846PGI\CheatEngine60.exeC:\$Recycle.Bin\S-1-5-21-4085380671-887356356-3133374699-1000\$R846PGI\Facemoods.exeC:\Downloads\Software\Elf_1.13.exeC:\Downloads\Software\Game_Master_1.1.exeC:\Downloads\Software\iBario_Free_Apps.exeC:\Downloads\Software\SoftonicDownloader_for_call-of-duty-4.exeC:\Downloads\Software\SoftonicDownloader_for_gta-iv.exeC:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\Babylon8_setup_16510_US.exe.xBADC:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\YontooSetup-DropDownDeals-SilentInstaller.exe.xBADC:\FRST\Quarantine\C\Users\MoM25\AppData\Local\Temp\tbNCH.dll.xBADC:\FRST\Quarantine\C\Users\MoM25\AppData\Local\Temp\uninst.exe.xBADC:\Program Files (x86)\NCH Software\PhotoStage\photostage.exeC:\Program Files (x86)\NCH Software\PhotoStage\pstagesetup_v2.13.exeC:\Program Files (x86)\NCH Software\PhotoStage\uninst.exeC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[3].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6DWL26A\Z29vZ2xlLmNvbXx8OTQ1RC03Njk4fHxnYW1lc3VzbGl8fDEuMg==[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[3].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\c2hvcDYtMS5mb3JsZXNzLmNvbXx8OTQ1RC03Njk4fHxnYW1lc3VzbGl8fDEuMg==[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htmC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PU0S7XV\iBarioGames[1].exeC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3MY8NT4\iBarioGames[1].exeC:\Users\Guest\AppData\LocalLow\Elf_1\tbElf_.dllC:\Users\Guest\AppData\LocalLow\Elf_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\Elf_1.13\tbElf_.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\Users\Guest\AppData\LocalLow\Elf_1.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\Elf_1.15\tbElf_.dllC:\Users\Guest\AppData\LocalLow\Elf_1.15\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\Game_Master_1.1\tbGame.dllC:\Users\Guest\AppData\LocalLow\Game_Master_1.1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\NCH\ldrtbNCH.dllC:\Users\Guest\AppData\LocalLow\NCH\tbNCH.dllC:\Users\Guest\AppData\LocalLow\Softonic-Eng7\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\4gapwnmc.default\extensions\plugin@yontoo.com\content\overlay.jsC:\Users\Justin\AppData\LocalLow\NCH\ldrtbNCH.dllC:\Users\Justin\AppData\LocalLow\NCH\tbNCH.dllC:\Users\Justin246\Documents\Trainer_by_eXtalia_(for_NFSU_1.1001)[1]\shaikh_nfs_underground.exeC:\Users\Justin246\Documents\Trainer_by_gghz_(for_NFSU_1.0)[1]\gghz-NFSU_tr.exeC:\Users\Justin246\Downloads\debutsetup.exeC:\Users\MoM25\AppData\Local\Temp\nchuninst\uninst.exeC:\Users\Public\Downloads\PedalToTheMetalSetup-dm[1].exeD:\autorun.infE:\autorun.inf:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Run a quick scan with Malwarebytes, post that log.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, let me know if there are any remaining issues or concerns...

 

Thanks,

 

Kevin

 

Link to post
Share on other sites

I'm not sure what happened.. I copied it (starting with colon), pasted in the 'Items to be Moved' section, then clicked moveit!

 

It started moving the files, but it stopped and said something about a file needing to be a numerical value (can't remember exact words).

 

I clicked moveit again, and it had a bunch of errors. It ended up freezing and closing.

Link to post
Share on other sites

Same issue.

 

This is what it gets done before the error shows up:

 

All processes killed

========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\MoM25\Downloads\cmd.bat deleted successfully.
C:\Users\MoM25\Downloads\cmd.txt deleted successfully.
File/Folder C:\autorun.inf not found.
File/Folder C:\$Recycle.Bin\S-1-5-21-4085380671-887356356-3133374699-1000\$R846PGI\CheatEngine60.exe not found.
File/Folder C:\$Recycle.Bin\S-1-5-21-4085380671-887356356-3133374699-1000\$R846PGI\Facemoods.exe not found.
File/Folder C:\Downloads\Software\Elf_1.13.exe not found.
File/Folder C:\Downloads\Software\Game_Master_1.1.exe not found.
File/Folder C:\Downloads\Software\iBario_Free_Apps.exe not found.
File/Folder C:\Downloads\Software\SoftonicDownloader_for_call-of-duty-4.exe not found.
File/Folder C:\Downloads\Software\SoftonicDownloader_for_gta-iv.exe not found.
File/Folder C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\Babylon8_setup_16510_US.exe.xBAD not found.
File/Folder C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\YontooSetup-DropDownDeals-SilentInstaller.exe.xBAD not found.
File/Folder C:\FRST\Quarantine\C\Users\MoM25\AppData\Local\Temp\tbNCH.dll.xBAD not found.
File/Folder C:\FRST\Quarantine\C\Users\MoM25\AppData\Local\Temp\uninst.exe.xBAD not found.
File/Folder C:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe not found.
File/Folder C:\Program Files (x86)\NCH Software\PhotoStage\pstagesetup_v2.13.exe not found.
File/Folder C:\Program Files (x86)\NCH Software\PhotoStage\uninst.exe not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[3].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6DWL26A\Z29vZ2xlLmNvbXx8OTQ1RC03Njk4fHxnYW1lc3VzbGl8fDEuMg==[1].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[3].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\c2hvcDYtMS5mb3JsZXNzLmNvbXx8OTQ1RC03Njk4fHxnYW1lc3VzbGl8fDEuMg==[1].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htm not found.
File/Folder C:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htm not found.
File/Folder C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PU0S7XV\iBarioGames[1].exe not found.
File/Folder C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3MY8NT4\iBarioGames[1].exe not found.
File/Folder C:\Users\Guest\AppData\LocalLow\Elf_1\tbElf_.dll not found.
File/Folder C:\Users\Guest\AppData\LocalLow\Elf_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll not found.
 
 
A window will show up that says: "Invalid time flag! [ Toolbar.Conduit.8 potentially unwanted application ] Must be numerical."
Link to post
Share on other sites

Yep I see the mistake, When ESET produces the bad entries it also gives a reason. The problem appears to be for this entry:

 

C:\Users\Guest\AppData\LocalLow\Elf_1.13\tbElf_.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

 

All entres I gave in the OTM script had the reason removed except for the one above, as marked in red

 

Run OTM again with the script as follows, many of the entries will probably show as not found as they will have been removed previously....

:Filesipconfig /flushdns /cC:\autorun.infC:\$Recycle.Bin\S-1-5-21-4085380671-887356356-3133374699-1000\$R846PGI\CheatEngine60.exeC:\$Recycle.Bin\S-1-5-21-4085380671-887356356-3133374699-1000\$R846PGI\Facemoods.exeC:\Downloads\Software\Elf_1.13.exeC:\Downloads\Software\Game_Master_1.1.exeC:\Downloads\Software\iBario_Free_Apps.exeC:\Downloads\Software\SoftonicDownloader_for_call-of-duty-4.exeC:\Downloads\Software\SoftonicDownloader_for_gta-iv.exeC:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\Babylon8_setup_16510_US.exe.xBADC:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\YontooSetup-DropDownDeals-SilentInstaller.exe.xBADC:\FRST\Quarantine\C\Users\MoM25\AppData\Local\Temp\tbNCH.dll.xBADC:\FRST\Quarantine\C\Users\MoM25\AppData\Local\Temp\uninst.exe.xBADC:\Program Files (x86)\NCH Software\PhotoStage\photostage.exeC:\Program Files (x86)\NCH Software\PhotoStage\pstagesetup_v2.13.exeC:\Program Files (x86)\NCH Software\PhotoStage\uninst.exeC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXGQ3KOQ\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[3].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6DWL26A\Z29vZ2xlLmNvbXx8OTQ1RC03Njk4fHxnYW1lc3VzbGl8fDEuMg==[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QBX2CA\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[3].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\c2hvcDYtMS5mb3JsZXNzLmNvbXx8OTQ1RC03Njk4fHxnYW1lc3VzbGl8fDEuMg==[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[1].htmC:\Users\Account For Everyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHPMZJUV\eW91dHViZS5jb218fDk0NUQtNzY5OHx8Z2FtZXN1c2xpfHwxLjI=[2].htmC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PU0S7XV\iBarioGames[1].exeC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3MY8NT4\iBarioGames[1].exeC:\Users\Guest\AppData\LocalLow\Elf_1\tbElf_.dllC:\Users\Guest\AppData\LocalLow\Elf_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\Elf_1.13\tbElf_.dll C:\Users\Guest\AppData\LocalLow\Elf_1.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\Elf_1.15\tbElf_.dllC:\Users\Guest\AppData\LocalLow\Elf_1.15\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\Game_Master_1.1\tbGame.dllC:\Users\Guest\AppData\LocalLow\Game_Master_1.1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\NCH\ldrtbNCH.dllC:\Users\Guest\AppData\LocalLow\NCH\tbNCH.dllC:\Users\Guest\AppData\LocalLow\Softonic-Eng7\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dllC:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\4gapwnmc.default\extensions\plugin@yontoo.com\content\overlay.jsC:\Users\Justin\AppData\LocalLow\NCH\ldrtbNCH.dllC:\Users\Justin\AppData\LocalLow\NCH\tbNCH.dllC:\Users\Justin246\Documents\Trainer_by_eXtalia_(for_NFSU_1.1001)[1]\shaikh_nfs_underground.exeC:\Users\Justin246\Documents\Trainer_by_gghz_(for_NFSU_1.0)[1]\gghz-NFSU_tr.exeC:\Users\Justin246\Downloads\debutsetup.exeC:\Users\MoM25\AppData\Local\Temp\nchuninst\uninst.exeC:\Users\Public\Downloads\PedalToTheMetalSetup-dm[1].exeD:\autorun.infE:\autorun.inf:Commands[EmptyTemp]

I`ve removed the trailing reason on the previously missed entry.....See how it runs this time...

Link to post
Share on other sites

I think it finished.. I ran it, but I wasn't able to copy the results. The program stopped responding and closed right after the text appeared in the Results window. I only caught a glimpse of what it said. I think I saw "All files moved successfully"

 

Do I need to try again? Or should I move on to the security check?

Link to post
Share on other sites

OTM will have saved the log if it did complete, the log will be in the following folder:

 

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Yes please continue and run Security Checks, also let me know if there are any remaining issues or concerns...

 

Kevin..

Link to post
Share on other sites

There isn't a log, but it has folders containing files that it moved.

 

Here is the log from Security Check:

 

 Results of screen317's Security Check version 0.99.81  

 Windows 7  x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 AVG PC Tuneup 2011  
 JavaFX 2.1.1    
 Java 6 Update 23  
 Java 7 Update 5  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Those versions of Java are outdated and possibly exploited, it is beneficial to your system to Uninstall them at your earliest convenience. The following should be removed:

 

JavaFX 2.1.1    

 Java™ 6 Update 23  
 Java™ 7 Update 5
 
Try with this tool if you cannot uninstall via Programs and Features:
 

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

 

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

 

Run the tool, the main GUI will populate with installed programs list,

 

Left click on Program name to highlight that entry.

 

Select Action from the Menu bar, then Uninstall from there follow the prompts.

 

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

 

The latest version of Java is available here: https://www.java.com/en/download/

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered...

 

Next,

 

Regarding SP1, a stand alone update is available here: http://www.microsoft.com/en-gb/download/details.aspx?id=5842

 

Let me know how you progress, also if any remaining issues or concerns...

 

Kevin

 

Link to post
Share on other sites

I used the standard uninstaller, rather than Revo, and was able to remove Java. 

 

I updated Adobe Reader. I think I updated Adobe Flash, too. Chrome says it was blocked because it's out of date. When I tested my flash player on the site, it said that I have the most recent version. So I guess that's done..

 

I'm about to install the Service Pack. I'll let you know how it goes.

Link to post
Share on other sites

It's running a little better now. The CPU can go longer without reaching 100%. I decided to test it by loading up a video on YouTube.. It made it about 7 minutes in before it started struggling, and reached 100% shortly after that. The Physical Memory never went over the 50% mark, though.

 

Is there anything that I could do about that?

Link to post
Share on other sites

D (Recovery) is what it says a recovery partition, that will hold the factory release image of the OS, that can be used to reset the laptop to the state it was when bought. Not exactly sure what E is at present. Run the following and post the produced log, do not fix or delete anything initially...

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Kevin
Link to post
Share on other sites

Here is the log:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MoM25 [Admin rights]
Mode : Scan -- Date : 03/27/2014 22:42:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 38740cfe2404d6ea27d2a40f3e108843
[bSP] bea3831875410966cb08314c01f6a5c7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 463773 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 950216704 | Size: 12863 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_03272014_224258.txt >>
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.