Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FLiNG@3DMGAME Trojan


  • This topic is locked This topic is locked
29 replies to this topic

#1 Cipra

Cipra

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 14 October 2012 - 01:04 PM

I was looking for a trainer for Borderlands 2 and when I found one made by FLiNG@3DMGAME I downloaded it but 30 minutes after I started using it my steam account was hacked, When my friend was on his steam account on my computer though his didn't get hacked. I've tried deleting the trainer and using Macfee's shredding feature but every time I restart my computer the Trainer is back saying it was made the moment i tured on my computer and I'm worried about using my steam account because the Trainer isn't gone yet. I was hoping someone could help me get rid of it.

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 PM

Posted 15 October 2012 - 09:26 AM

Greetings Cipra and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.com
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


Create GMER log

I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • GMER log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 PM

Posted 18 October 2012 - 09:03 AM

Hi Cipra,


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Cipra

Cipra
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 18 October 2012 - 08:32 PM

DDS
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Tyler at 15:33:25 on 2012-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6131 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Users\Tyler\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Tyler\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Tyler\AppData\Roaming\Appleservice.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe
C:\Windows\system32\conhost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Users\Tyler\AppData\Local\Temp\AppLaunch\AppleService.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.97\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.217\deploy\LolClient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465
uProxyOverride = <local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
mWinlogon: Userinit = userinit.exe
BHO: I Want This: {11111111-1111-1111-1111-110011221158} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623192343.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} -
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} -
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: D-Link Toolbar: {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} -
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: {BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} - <orphaned>
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [NCsoft] <no file>
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [FILE NAME] C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ClickPotatoLiteSA] "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.668.0\ClickPotatoLiteSA.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} -
IE: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} - <orphaned>
IE: {EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} - <orphaned>
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3634BB24-1500-4E38-986D-ACF92F801FCD} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623192343.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tyler\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\Tyler\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109794
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 52d950e10000000000001cbdb9d9fac7
FF - user.js: extensions.BabylonToolbar_i.hardId - 52d950e10000000000001cbdb9d9fac7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15367
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:24:09
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465&q=
FF - user.js: extensions.funmoods.id - 1CBDB9D9FAC750E1
FF - user.js: extensions.funmoods.instlDay - 15551
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:34:20
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-1-28 289664]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-12-11 21544]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-1-28 75936]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2010-5-10 573952]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-3-9 14952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-28 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-28 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-28 162192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-9 369256]
R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [2010-12-25 167936]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2010-5-10 30824]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2010-5-10 152680]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-1-28 65264]
R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2010-11-29 1266688]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-28 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-1-28 487296]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-12-11 155752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-11 346144]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2010-12-25 664576]
R3 VJoystick;Virtual JoyStick KMDF HID Minidriver;C:\Windows\System32\drivers\VJoystick.sys [2011-1-1 13312]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 250808]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-28 100912]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 115168]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-8-17 110592]
S3 T2Fltr;Razer Nostromo;C:\Windows\System32\drivers\T2Fltr.sys [2011-1-1 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-6-14 109064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]
.
=============== Created Last 30 ================
.
2012-10-13 22:45:04 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 22:45:04 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-13 04:23:26 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2012-10-13 04:23:26 266720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2012-10-13 04:23:26 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-10-10 21:12:01 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 21:10:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 21:10:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 21:10:37 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 21:10:37 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 21:10:32 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 21:10:31 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 21:10:31 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 21:10:31 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 21:10:30 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 21:10:30 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-08 05:01:24 -------- d-----w- C:\Users\Tyler\AppData\Roaming\fltk.org
2012-10-08 05:01:24 -------- d-----w- C:\ProgramData\fltk.org
2012-10-07 18:35:35 -------- d-----w- C:\Users\Tyler\AppData\Local\Razer
2012-10-06 20:57:14 -------- d-sh--w- C:\Users\Tyler\AppData\Roaming\msnmsg
2012-10-06 20:35:34 -------- d-----w- C:\Users\Tyler\AppData\Roaming\dclogs
2012-10-06 20:35:33 3446784 --sh--w- C:\Users\Tyler\AppData\Roaming\Appleservice.exe
2012-09-25 23:01:34 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-22 18:04:04 -------- d-----w- C:\Users\Tyler\AppData\Local\Origin
.
==================== Find3M ====================
.
2012-10-09 19:31:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 19:31:30 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-09 19:31:26 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-09-22 21:47:24 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-09-22 21:47:24 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-09-22 21:27:14 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-24 04:10:01 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-08-24 02:05:00 143360 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2012-08-24 02:04:58 592384 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2012-08-24 02:04:56 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-17 07:01:22 110592 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 15:35:18.11 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2010 10:52:43 AM
System Uptime: 10/18/2012 3:15:15 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz | Socket 1366 | 2784/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 100.499 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP202: 10/7/2012 11:34:59 AM - Installed Razer Synapse 2.0.
RP203: 10/7/2012 12:03:11 PM - Installed DirectX
RP204: 10/10/2012 10:39:27 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adlsoft Uncompressor
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Akamai NetSession Interface
Akamai NetSession Interface Service
All Points Bulletin
Alpha Protocol
Amnesia: The Dark Descent
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed Brotherhood
ASUS Xonar DS Audio Driver
Babylon toolbar on IE
Batman: Arkham City™
Battlefield: Bad Company 2
Bigfoot Networks Killer Network Manager
Blacklight: Retribution
blinkx beat
Bonjour
Borderlands
Borderlands 2
Brink
Browser Configuration Utility
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: World at War
Champions Online
Champions Online: Free For All
City of Heroes
ClickPotato
D-Link DWA-130 Wireless N USB Adapter
D-Link Toolbar
DarkCrusade
Darksiders
DarksidersInstaller
DC Universe Online
Dead Island
DealPly
Deus Ex: Human Revolution
doubleTwist
Download Updater (AOL LLC)
Dragon Age II
Dual-Core Optimizer
Fable - The Lost Chapters
Fable III
Fallout 3 - Game of the Year Edition
Fallout: New Vegas
ffdshow [rev 2527] [2008-12-19]
File Type Assistant
GamersFirst LIVE!
Global Agenda
Google Toolbar for Internet Explorer
Google Update Helper
Guild Wars 2
HOMEFRONT
I Want This
iCloud
Internet TV for Windows Media Center
iPod To Computer Transfer 6.2
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Just Cause 2
Kingdoms of Amalur: Reckoning™
League of Legends
Left 4 Dead 2
Magic: The Gathering — Duels of the Planeswalkers 2012
Mass Effect
Mass Effect 2
Mass Effect™ 3
Mass Effect™ 3 Demo
McAfee Security Scan Plus
McAfee SecurityCenter
Metro 2033
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mirror's Edge
Mobile Mouse Server
MotioninJoy ds3 driver version 0.5.0002
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Naval War: Arctic Circle Demo
NCsoft Launcher
NEC Electronics USB 3.0 Host Controller Driver
Netflix in Windows Media Center
NVIDIA 3D Vision Driver 263.09
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B10.0422.2
OpenAL
Origin
Pando Media Booster
PAYDAY: The Heist
PCSX2 - Playstation 2 Emulator
PDFCreator
Phoenix Viewer 1.5.2.818
PlanetSide 2 Beta
PunkBuster Services
Purgation of Kaurava
QuickTime
Razer Nostromo
Razer Synapse 2.0
Realtek Ethernet Controller Driver For Windows 7
Resident Evil Operation Raccoon City Preorder
Resident Evil™: Operation Raccoon City
RingtoneJunkiez Desktop
S4 League_EU
Saints Row: The Third
Sanctum
Search Toolbar
Searchqu Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Serious Sam HD: The First Encounter
Serious Sam HD: The Second Encounter
ShopperReports
Skype Click to Call
Skype™ 5.10
Sonic Generations
Spiral Knights
Star Wars: The Old Republic
Steam
Supreme Commander 2
System Requirements Lab
Team Fortress 2
The Elder Scrolls V: Skyrim
The Sims™ 3
Tom Clancy's EndWar
Transformers: War for Cybertron
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Wajam
War Inc. Battlezone
Warhammer 40,000: Dawn Of War - Platinum Edition
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Soulstorm
Warhammer 40,000: Space Marine Demo
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.10 (32-bit)
World of Warcraft
Xvid Video Codec
Yontoo Layers 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
10/12/2012 3:35:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
10/12/2012 3:35:28 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2012 3:34:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Stereoscopic 3D Driver Service service to connect.
10/12/2012 3:34:25 PM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
GMER isn't working right. It isn't letting me check the boxes I need too. It just lets checks the bottom ones

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 PM

Posted 18 October 2012 - 10:35 PM

Greetings Cipra,

There are a couple things I would like to accomplish in this first post. Since I am not a gamer I am unfamiliar with trainers. Could you please tell me exactly what is being recreated each time you boot your computer? (program name, file name, etc.) You are not trying to delete Borderlands, correct?

Since you have a 64 bit system GMER will not provide full functionality.


===================================================


P2P Warning

--------------------

Going over your logs it appears you have utilized Peer to Peer downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
Please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.


===================================================


adwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • AdwCleaner log
  • Trainer information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Cipra

Cipra
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 22 October 2012 - 12:31 AM

If I have to delete steam and borderlands 2 I'm fine with doing that.

AdwCleaner log
# AdwCleaner v2.005 - Logfile created 10/21/2012 at 22:24:35
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tyler - TYLER-PC
# Boot Mode : Normal
# Running from : C:\Users\Tyler\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : WajamUpdater

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\user.js
File Found : C:\Users\Tyler\AppData\Local\funmoods.crx
File Found : C:\Users\Tyler\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Tyler\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Tyler\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Tyler\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Found : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\searchplugins\search.xml
File Found : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\searchplugins\Search_Results.xml
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\DealPly
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Searchqu Toolbar
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\clickpotatolitesa
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Tyler\AppData\Local\Babylon
Folder Found : C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Found : C:\Users\Tyler\AppData\Local\I Want This
Folder Found : C:\Users\Tyler\AppData\Local\Ilivid Player
Folder Found : C:\Users\Tyler\AppData\Local\Temp\BabylonToolbar
Folder Found : C:\Users\Tyler\AppData\Local\Wajam
Folder Found : C:\Users\Tyler\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Tyler\AppData\LocalLow\ShoppingReport2
Folder Found : C:\Users\Tyler\AppData\Roaming\Babylon
Folder Found : C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Found : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\extensions\ffxtlbr@funmoods.com
Folder Found : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\FCTB
Folder Found : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\Searchqutoolbar

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
Key Found : HKCU\Software\AppDataLow\Software\CompeteInc
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\clickpotatolitesa
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B278D9F8-0FA9-465E-9938-0C392605D8E3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\ShoppingReport2
Key Found : HKCU\Software\Wajam
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info
Key Found : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1
Key Found : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles
Key Found : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE
Key Found : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\ClickPotatoLite
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DealPly
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : HKLM\Software\ShoppingReport2
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [clickpotatolitesa]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ClickPotatoLite@ClickPotatoLite.com]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465
[HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://www.searchnu.com/406

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\prefs.js

Found : user_pref("backup.old.browser.search.defaultenginename", "Search Results");
Found : user_pref("backup.old.browser.search.selectedEngine", "Search Results");
Found : user_pref("backup.old.browser.startup.homepage", "hxxp://www.searchnu.com/406");
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyE[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109794");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "52d950e10000000000001cbdb9d9fac7");
Found : user_pref("extensions.BabylonToolbar_i.id", "52d950e10000000000001cbdb9d9fac7");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15367");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:24:09");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{88c4479d-3515-4ca3-a805-27b920c3b[...]
Found : user_pref("extensions.funmoods.aflt", "adknlg");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dfltlng", "en");
Found : user_pref("extensions.funmoods.dfltsrch", "false");
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "60307BA4EB3CFC5BBCB2726371526984");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Found : user_pref("extensions.funmoods.hrdid", "1CBDB9D9FAC750E1");
Found : user_pref("extensions.funmoods.id", "1CBDB9D9FAC750E1");
Found : user_pref("extensions.funmoods.instlDay", "15551");
Found : user_pref("extensions.funmoods.instlRef", "adknlg");
Found : user_pref("extensions.funmoods.instlday", "15551");
Found : user_pref("extensions.funmoods.instlref", "adknlg");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.keywordurl", "");
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:34:20");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Found : user_pref("extensions.funmoods.newtab", true);
Found : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.prtnrid", "funmoods");
Found : user_pref("extensions.funmoods.savedVrsnTs", "1");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.similarsitesstorage-pid2", "291c71be631519dc");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.smplgrp", "none");
Found : user_pref("extensions.funmoods.srch", "");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.srchprvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Found : user_pref("extensions.funmoods.tlbrid", "base");
Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:34:20");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.2214:34:20");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:34:20");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.2797317.KeywordHistory", "serious%2520sam%25202[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.ClearCacheDate", 21);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.DisplayEULA", false);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.EnableDCA", true);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.FirstLaunchShown", true);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.LoadLayoutDate.59925", 21);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.ShowRecommendedOptions", false);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.StateReportDate", "1350860270516");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeInstallSaved", true);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeinstall.homepage", "chrome%3A//branding/l[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeinstall.search", "Google");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.customNewTab", true);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.CaptureType", 2);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121021.connection_e[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121021.invalid_cert[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121021.server_error[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121021.success", 21[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.currentOffset", 1);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.dcaConfigInterval", "60");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.enableVoicebox", true);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.epochTimeInterval", "1440");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.eulaVersion", 20110301);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.externalJSInterval", "60");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.externalJSRshInterval", "60");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.externalJSSerpInterval", "60");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.externalJSShoppingcartInterval", "60");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaConfigModification", "Tue, 05 Ju[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaConfigTime", "1350883313939");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaConfigUrl", "hxxps://dcs-config.[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaStatus", 1);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEpochTime", "1350869670068");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEpochTimeUrl", "hxxps://dcs.consume[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEventSendAttemptDate", "20121021");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEventSendSuccessDate", "20121021");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSModification", "Tue, 15 M[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSRshModification", "Tue, 1[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSRshTime", "1350883314246"[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSRshUrl", "hxxps://dcs-fil[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSSerpModification", "Mon, [...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSSerpTime", "1350883313787[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSSerpUrl", "hxxps://dcs-fi[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSShoppingcartModification"[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSShoppingcartTime", "13508[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSShoppingcartUrl", "hxxps:[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSTime", "1350883313505");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSUrl", "hxxps://dcs-files.[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPingTime", "1350869781642");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPrivacyFailureDate", 20121020);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPrivacyRulesModification", "Mon, 17[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPrivacyRulesTime", "1350883313479")[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPrivacyRulesUrl", "hxxps://dcs-file[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastVoiceboxRulesModification", "");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastVoiceboxRulesTime", "1350869673936"[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastVoiceboxRulesUrl", "hxxps://voicebo[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastWhitelistModification", "Wed, 17 Oc[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastWhitelistTime", "1350883314247");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastWhitelistUrl", "hxxps://dcs-files.c[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.panelID", "FCZ3AGLfox");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.pingInterval", "1440");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.privacyFailures", 1);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.privacyFailuresThreshold", 6);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.privacyRulesInterval", "60");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.probationLength", 1440);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.rulesVersion", "2003");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.userID", "FCZ3AGL79497185");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.version", "1.7.0.9411");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.voiceboxRulesInterval", "1440");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.whitelistInterval", "60");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.installDate", "07122012");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.version", "1.300.428");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.helpUsImprove", true);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.hideOthers", false);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.processAddrBar", true);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.restoreSearch", false);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.runcmd.14", "1342657286");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.searchHistory", true);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.session", "A57C72AA47053BB7CF7E45316382A8536B00[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.showFirstLaunchOptions", false);
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.tb_lang", "en");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.tool_id", "59925");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_id", "79497185");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_key", "1d9f5545d252fc376e21f086e08fe2e7d44[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_layouts", "59925");
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_lnames", "AdventureQuest%20Worlds%20Toolba[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Found : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.yahooSearch", true);
Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=");

*************************

AdwCleaner[R1].txt - [47303 octets] - [21/10/2012 22:24:35]

########## EOF - C:\AdwCleaner[R1].txt - [47364 octets] ##########



A trainer is a kind of hack for computer games, like if you open the trainer and then the game and press 1 on the number pad you get infinite health and so on. The trainer info is
Settings:[Trainer]
Language=English
ShowAVHint=True
OnLoadMusic=True
IgnoreGameVersion=False
KeySetup=Desktop
is that all you wanted on it or did you want the properties too?

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 PM

Posted 22 October 2012 - 12:56 PM

Hi Cipra,

We are going to clean out all of the adware located on your computer. I am still not quite sure I fully understand the Trainer enough to address the issue. Is it an identifiable program you have downloaded? Does it show up in add/remove programs? Where did you extract the above information from?

Please do the following and help me understand how the Trainer is installed then we will go from there. I also want to check to see if a particular file is valid or not.


===================================================


AdwCleaner by Xplode - Delete Adware

-------------------

  • Close all open programs and internet browser
  • Double click on adwcleaner.exe
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
  • Check to see if you are still receiving redirects

===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    C:\Users\Tyler\AppData\Roaming\Appleservice.exe
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • AdwCleaner report
  • VitusTotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Cipra

Cipra
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 22 October 2012 - 06:43 PM

The Trainer doesn't show up in the Add/Remove program. Where i got the information is from a little notpad document in the folder that the trainer came in. (link deleted)
AdwCleaner
# AdwCleaner v2.005 - Logfile created 10/22/2012 at 16:16:18
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tyler - TYLER-PC
# Boot Mode : Normal
# Running from : C:\Users\Tyler\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Tyler\AppData\Local\funmoods.crx
File Deleted : C:\Users\Tyler\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Tyler\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Tyler\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Tyler\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\searchplugins\search.xml
File Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\clickpotatolitesa
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Tyler\AppData\Local\Babylon
Folder Deleted : C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Tyler\AppData\Local\I Want This
Folder Deleted : C:\Users\Tyler\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Tyler\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Tyler\AppData\Local\Wajam
Folder Deleted : C:\Users\Tyler\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Tyler\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\FCTB
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\Searchqutoolbar

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\clickpotatolitesa
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B278D9F8-0FA9-465E-9938-0C392605D8E3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\ShoppingReport2
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE
Key Deleted : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\ClickPotatoLite
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\ShoppingReport2
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [clickpotatolitesa]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ClickPotatoLite@ClickPotatoLite.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0C0B0D0Bzy0Dzy0F0A0CyByDtD0EtCtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1006229465 --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\prefs.js

C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4mkyyulp.default\user.js ... Deleted !

Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search Results");
Deleted : user_pref("backup.old.browser.search.selectedEngine", "Search Results");
Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://www.searchnu.com/406");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyE[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109794");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "52d950e10000000000001cbdb9d9fac7");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "52d950e10000000000001cbdb9d9fac7");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15367");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:24:09");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{88c4479d-3515-4ca3-a805-27b920c3b[...]
Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "60307BA4EB3CFC5BBCB2726371526984");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.hrdid", "1CBDB9D9FAC750E1");
Deleted : user_pref("extensions.funmoods.id", "1CBDB9D9FAC750E1");
Deleted : user_pref("extensions.funmoods.instlDay", "15551");
Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Deleted : user_pref("extensions.funmoods.instlday", "15551");
Deleted : user_pref("extensions.funmoods.instlref", "adknlg");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:34:20");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "291c71be631519dc");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:34:20");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2214:34:20");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:34:20");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.2797317.KeywordHistory", "serious%2520sam%25202[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.ClearCacheDate", 22);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.DisplayEULA", false);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.EnableDCA", true);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.FirstLaunchShown", true);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.LoadLayoutDate.59925", 22);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.ShowRecommendedOptions", false);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.StateReportDate", "1350860270516");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeInstallSaved", true);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeinstall.homepage", "chrome%3A//branding/l[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeinstall.search", "Google");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.customNewTab", true);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.CaptureType", 2);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121021.connection_e[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121021.invalid_cert[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121021.server_error[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121021.success", 23[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121022.connection_e[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121022.invalid_cert[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121022.server_error[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20121022.success", 15[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.currentOffset", 1);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.dcaConfigInterval", "60");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.enableVoicebox", true);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.epochTimeInterval", "1440");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.eulaVersion", 20110301);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.externalJSInterval", "60");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.externalJSRshInterval", "60");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.externalJSSerpInterval", "60");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.externalJSShoppingcartInterval", "60");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaConfigModification", "Tue, 05 Ju[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaConfigTime", "1350947147986");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaConfigUrl", "hxxps://dcs-config.[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaStatus", 1);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEpochTime", "1350869670068");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEpochTimeUrl", "hxxps://dcs.consume[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEventSendAttemptDate", "20121021");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEventSendSuccessDate", "20121021");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSModification", "Tue, 15 M[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSRshModification", "Tue, 1[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSRshTime", "1350947148818"[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSRshUrl", "hxxps://dcs-fil[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSSerpModification", "Mon, [...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSSerpTime", "1350947148057[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSSerpUrl", "hxxps://dcs-fi[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSShoppingcartModification"[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSShoppingcartTime", "13509[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSShoppingcartUrl", "hxxps:[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSTime", "1350947147770");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastExternalJSUrl", "hxxps://dcs-files.[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPingTime", "1350869781642");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPrivacyFailureDate", 20121020);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPrivacyRulesModification", "Mon, 17[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPrivacyRulesTime", "1350947147732")[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPrivacyRulesUrl", "hxxps://dcs-file[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastVoiceboxRulesModification", "");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastVoiceboxRulesTime", "1350869673936"[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastVoiceboxRulesUrl", "hxxps://voicebo[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastWhitelistModification", "Wed, 17 Oc[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastWhitelistTime", "1350947148818");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastWhitelistUrl", "hxxps://dcs-files.c[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.panelID", "FCZ3AGLfox");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.pingInterval", "1440");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.privacyFailures", 1);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.privacyFailuresThreshold", 6);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.privacyRulesInterval", "60");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.probationLength", 1440);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.rulesVersion", "2003");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.userID", "FCZ3AGL79497185");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.version", "1.7.0.9411");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.voiceboxRulesInterval", "1440");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.whitelistInterval", "60");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.installDate", "07122012");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.version", "1.300.428");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.helpUsImprove", true);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.hideOthers", false);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.processAddrBar", true);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.restoreSearch", false);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.runcmd.14", "1342657286");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.searchHistory", true);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.session", "A57C72AA47053BB7CF7E45316382A8536B00[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.showFirstLaunchOptions", false);
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.tb_lang", "en");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.tool_id", "59925");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_id", "79497185");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_key", "1d9f5545d252fc376e21f086e08fe2e7d44[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_layouts", "59925");
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_lnames", "AdventureQuest%20Worlds%20Toolba[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Deleted : user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=");

*************************

AdwCleaner[R1].txt - [47318 octets] - [21/10/2012 22:24:35]
AdwCleaner[S1].txt - [48366 octets] - [22/10/2012 16:16:18]

########## EOF - C:\AdwCleaner[S1].txt - [48427 octets] ##########
For the VirusTotal I didn't search for the Appleservice.exe but i did a scan on the Trainer and this is what came up
https://www.virustotal.com/file/0443c9974b70045c4688c7428b20605c3231be4bb0e65e6d88e0625d063d6a2a/analysis/

Edited by Oh My, 22 October 2012 - 07:51 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 PM

Posted 22 October 2012 - 08:02 PM

Hi Cipra,

I deleted the reference to the web site. Since the download is from a questionable source we need to delete all of the contents the folder including the Trainer.exe file.

We still need to upload the Appleservice.exe file to Virustotal to check its validity.

I would also like you to do this for me please after you delete the Trainer folder.


===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *Trainer*
    
    :folderfind
    *Trainer*
    
    :regfind
    Trainer
    
  • Click the Look button to start the scan. Please note this process might take several minutes
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • SystemLook.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Cipra

Cipra
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 22 October 2012 - 08:41 PM

What i did send was the trainer link for the Virustotal was the Appleservice.exe

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 18:09 on 22/10/2012 by Tyler
Administrator - Elevation successful

========== filefind ==========

Searching for "*Trainer*"
C:\$Recycle.Bin\S-1-5-21-496784593-2619002927-1007136998-1001\$R3KQ02D\TrainerBGM.mid --a---- 32445 bytes [20:55 10/10/2012] [01:06 23/10/2012] 2381A85F665F3320E6A0722D6D706ADC
C:\$Recycle.Bin\S-1-5-21-496784593-2619002927-1007136998-1001\$R3KQ02D\TrainerSettings.ini --a---- 107 bytes [20:55 10/10/2012] [01:06 23/10/2012] 9C0D848F5E35470022FD62DB47B7F733
C:\Program Files (x86)\GamersFirst\APB Reloaded\APBGame\Content\ItemAssets\Presets\Symbols\S_GKing_Logo_NewCross_GraffTrainer_L60.bin ------- 1002 bytes [22:41 01/09/2011] [20:38 04/04/2011] CB7F3A7EC108087E266C9BA14C932AF9
C:\Program Files (x86)\GamersFirst\APB Reloaded\APBGame\Content\ItemAssets\Presets\Symbols\S_GKing_Logo_NewCross_TrainerMasked_L30.bin ------- 479 bytes [22:41 01/09/2011] [20:38 04/04/2011] 4E35B22B565912225A00DDD0A9096C81
C:\Program Files (x86)\GamersFirst\APB Reloaded\APBGame\Content\ItemAssets\Presets\Symbols\S_GKing_Logo_NewCross_TrainerTile1_L42.bin ------- 673 bytes [22:41 01/09/2011] [20:38 04/04/2011] FD49DA8C9AD67F5032FA0BE64780C414
C:\Program Files (x86)\GamersFirst\APB Reloaded\APBGame\Content\ItemAssets\Presets\Symbols\S_GKing_Logo_NewCross_TrainerTile2_L17.bin ------- 300 bytes [22:41 01/09/2011] [20:38 04/04/2011] 5F5F4227E5644CE65F7A38E67094ABFE
C:\Program Files (x86)\GamersFirst\APB Reloaded\APBGame\Content\Release\Packages\APB_CharacterTool\Female\F_Footwear_Trainers_Urban_Plain.upk --a---- 164952 bytes [22:45 01/09/2011] [01:10 19/11/2011] 7275A443A056D4CD34059B494BD6B56F
C:\Program Files (x86)\GamersFirst\APB Reloaded\APBGame\Content\Release\Packages\APB_CharacterTool\Female\F_Footwear_Trainers_Urban_Plain_BRDF_Mappings.upk ------- 19943 bytes [22:45 01/09/2011] [16:43 20/04/2011] 61B180D2BF5FE7DC4FFFE8A7EEC3D7DD
C:\Program Files (x86)\GamersFirst\APB Reloaded\APBGame\Content\Release\Packages\APB_CharacterTool\Male\M_Footwear_Trainers_Urban_HipHopYoDawg.upk --a---- 208967 bytes [22:45 01/09/2011] [01:10 19/11/2011] CF0A02A3D53DCD11AE850FEDA7D71A79
C:\Program Files (x86)\GamersFirst\APB Reloaded\APBGame\Content\Release\Packages\APB_CharacterTool\Male\M_Footwear_Trainers_Urban_HipHopYoDawg_BRDF_Mappings.upk ------- 23622 bytes [22:45 01/09/2011] [16:43 20/04/2011] 86FE69D44BEBB3D7ABBC1C2A55E1B607
C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\APBGame\Content\ItemAssets\Presets\Symbols\S_GKing_Logo_NewCross_GraffTrainer_L60.bin --a---- 1002 bytes [02:12 25/06/2012] [02:12 25/06/2012] CB7F3A7EC108087E266C9BA14C932AF9
C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\APBGame\Content\ItemAssets\Presets\Symbols\S_GKing_Logo_NewCross_TrainerMasked_L30.bin --a---- 479 bytes [01:40 25/06/2012] [01:40 25/06/2012] 4E35B22B565912225A00DDD0A9096C81
C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\APBGame\Content\ItemAssets\Presets\Symbols\S_GKing_Logo_NewCross_TrainerTile1_L42.bin --a---- 673 bytes [01:16 25/06/2012] [01:16 25/06/2012] FD49DA8C9AD67F5032FA0BE64780C414
C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\APBGame\Content\ItemAssets\Presets\Symbols\S_GKing_Logo_NewCross_TrainerTile2_L17.bin --a---- 300 bytes [01:18 25/06/2012] [01:18 25/06/2012] 5F5F4227E5644CE65F7A38E67094ABFE
C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\APBGame\Content\Release\Packages\APB_CharacterTool\Female\F_Footwear_Trainers_Urban_Plain.upk --a---- 164952 bytes [01:49 25/06/2012] [01:49 25/06/2012] 7275A443A056D4CD34059B494BD6B56F
C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\APBGame\Content\Release\Packages\APB_CharacterTool\Female\F_Footwear_Trainers_Urban_Plain_BRDF_Mappings.upk --a---- 19943 bytes [01:28 25/06/2012] [01:28 25/06/2012] 61B180D2BF5FE7DC4FFFE8A7EEC3D7DD
C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\APBGame\Content\Release\Packages\APB_CharacterTool\Male\M_Footwear_Trainers_Urban_HipHopYoDawg.upk --a---- 208967 bytes [01:30 25/06/2012] [01:30 25/06/2012] CF0A02A3D53DCD11AE850FEDA7D71A79
C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\APBGame\Content\Release\Packages\APB_CharacterTool\Male\M_Footwear_Trainers_Urban_HipHopYoDawg_BRDF_Mappings.upk --a---- 23622 bytes [01:30 25/06/2012] [01:30 25/06/2012] 86FE69D44BEBB3D7ABBC1C2A55E1B607
C:\Program Files (x86)\World of Warcraft\Interface\AddOns\Blizzard_TrainerUI\Blizzard_TrainerUI.pub --a---- 257 bytes [22:58 13/09/2012] [22:58 13/09/2012] 06062AEDE3649549292C1677F18158FF
C:\Users\Tyler\AppData\Local\Temp\Borderlands 2 v1.0 Plus 12 Trainer.exe --a---- 1183744 bytes [20:11 13/10/2012] [01:07 23/10/2012] 4845C8C70AD3F5831F0796E0E1FD3117
C:\Users\Tyler\AppData\Local\Temp\Temp1_CG_trainer_mechquest_2167028.zip\PKMQ Trainer XL\PKMQ Trainer XL.exe --a---- 13017088 bytes [00:32 28/07/2009] [00:32 28/07/2009] 8B6DC8C9CDA664E796E1CA38CC085FAF
C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\DragonzRUs DF Trainer-1.lnk --a---- 593 bytes [00:51 12/07/2012] [10:15 14/07/2012] 1239C5FB585BA304943B4942C9CA4CD9
C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\FLiNGTrainer.lnk --a---- 2344 bytes [05:29 22/10/2012] [05:29 22/10/2012] 91A65A12ED1C57C1D556B441D9889761
C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\TrainerSettings.lnk --a---- 3644 bytes [02:40 10/10/2012] [05:29 22/10/2012] 57E749C3D672B9E0EEAF58078E514D7F
C:\Users\Tyler\Desktop\DragonzRUs DF Trainer-1.rar -ra---- 1984639 bytes [00:37 12/07/2012] [00:37 12/07/2012] D3C844754A781415EACBF4F3905C53E1
C:\Users\Tyler\Documents\FLiNGTrainer\TrainerBGM.mid --a---- 32445 bytes [01:07 23/10/2012] [01:07 23/10/2012] 2381A85F665F3320E6A0722D6D706ADC
C:\Users\Tyler\Documents\FLiNGTrainer\TrainerSettings.ini --a---- 107 bytes [01:07 23/10/2012] [01:07 23/10/2012] 9C0D848F5E35470022FD62DB47B7F733
C:\Users\Tyler\Downloads\CG_trainer_mechquest_2167028.zip --a---- 941319 bytes [16:32 17/01/2011] [16:32 17/01/2011] 1D0A70F5D14D1213EBE6F2842F959284
C:\Users\Tyler\Downloads\CG_trainer_mechquest_2167028\PKMQ Trainer XL\PKMQ Trainer XL.exe --a---- 13017088 bytes [00:32 28/07/2009] [16:32 17/01/2011] 8B6DC8C9CDA664E796E1CA38CC085FAF

========== folderfind ==========

Searching for "*Trainer*"
C:\Program Files (x86)\World of Warcraft\Interface\AddOns\Blizzard_TrainerUI d------ [22:58 13/09/2012]
C:\Users\Tyler\AppData\Local\Temp\Temp1_CG_trainer_mechquest_2167028.zip d------ [16:32 17/01/2011]
C:\Users\Tyler\AppData\Local\Temp\Temp1_CG_trainer_mechquest_2167028.zip\PKMQ Trainer XL d------ [16:32 17/01/2011]
C:\Users\Tyler\Documents\FLiNGTrainer d------ [01:07 23/10/2012]
C:\Users\Tyler\Downloads\CG_trainer_mechquest_2167028 d------ [16:32 17/01/2011]
C:\Users\Tyler\Downloads\CG_trainer_mechquest_2167028\PKMQ Trainer XL d------ [16:32 17/01/2011]

========== regfind ==========

Searching for "Trainer"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\15334acc_0]
@="{0.0.0.00000000}.{0570624f-7e30-4e31-ba58-64eb706a835d}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EX77.248\End War Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1f319433_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.420\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\22274a77_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.802\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2fa0069d_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.718\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3b3ac472_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.311\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\41c51078_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.137\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\66d89f7_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.442\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\67816dc1_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.046\Ckmoney Df Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6878ad79_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.741\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7eb9d27f_0]
@="{0.0.0.00000000}.{2cc21cb6-d263-4766-a9c6-1212aea830bf}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Borderlands 2 v1.0 Plus 12 Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\80d7f45_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.842\Ckmoney Df Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9c4f915f_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.639\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9d248696_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.522\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\aa2c719f_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.819\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c4b1c49c_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.565\AQTrainer\AQTrainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c7ec4ab4_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Borderlands 2 v1.0 Plus 12 Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e13c1347_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.943\Ckmoney Df Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e90c8f47_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.862\Ckmoney Df Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tyler\AppData\Local\Temp\Rar$EXa0.565\AQTrainer\AQTrainer.exe"="AQTrainer"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tyler\AppData\Local\Temp\Borderlands 2 v1.0 Plus 12 Trainer.exe"="FLiNG@3DMGAME Presents - Borderlands 2 v1.0 Plus 12 Trainer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E445657-4D68-11da-A2E3-00065B83EE53}]
@="IInkTrainer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AQTrainer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AQTrainer_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Ckmoney Df Trainer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Ckmoney Df Trainer_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DragonFable SWF Trainer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DragonFable SWF Trainer_RASMANCS]
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\15334acc_0]
@="{0.0.0.00000000}.{0570624f-7e30-4e31-ba58-64eb706a835d}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EX77.248\End War Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1f319433_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.420\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\22274a77_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.802\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2fa0069d_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.718\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3b3ac472_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.311\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\41c51078_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.137\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\66d89f7_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.442\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\67816dc1_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.046\Ckmoney Df Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6878ad79_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.741\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7eb9d27f_0]
@="{0.0.0.00000000}.{2cc21cb6-d263-4766-a9c6-1212aea830bf}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Borderlands 2 v1.0 Plus 12 Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\80d7f45_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.842\Ckmoney Df Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9c4f915f_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.639\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9d248696_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.522\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\aa2c719f_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.819\DragonzRUs' DF Trainer\DragonFable SWF Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c4b1c49c_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.565\AQTrainer\AQTrainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c7ec4ab4_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Borderlands 2 v1.0 Plus 12 Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e13c1347_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.943\Ckmoney Df Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e90c8f47_0]
@="{0.0.0.00000000}.{28c477a9-f2bc-46d6-8131-4d6bcbfbbc74}|\Device\HarddiskVolume2\Users\Tyler\AppData\Local\Temp\Rar$EXa0.862\Ckmoney Df Trainer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tyler\AppData\Local\Temp\Rar$EXa0.565\AQTrainer\AQTrainer.exe"="AQTrainer"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tyler\AppData\Local\Temp\Borderlands 2 v1.0 Plus 12 Trainer.exe"="FLiNG@3DMGAME Presents - Borderlands 2 v1.0 Plus 12 Trainer"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tyler\AppData\Local\Temp\Rar$EXa0.565\AQTrainer\AQTrainer.exe"="AQTrainer"
[HKEY_USERS\S-1-5-21-496784593-2619002927-1007136998-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tyler\AppData\Local\Temp\Borderlands 2 v1.0 Plus 12 Trainer.exe"="FLiNG@3DMGAME Presents - Borderlands 2 v1.0 Plus 12 Trainer"

-= EOF =-

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 PM

Posted 22 October 2012 - 11:19 PM

Hi Cipra,

Thank you for the clarification. I now understand.

Can you please describe your current issues. Does trainer continue to launch at start up, even after you try to delete it?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Cipra

Cipra
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2012 - 10:57 PM

I'll delete and use Macfee's "Shredding" feature but the Trainer keeps coming back and saying it was made that day when i turn my computer on.
Like I'll delete it today but tomorrow when I turn on my computer it is remade.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 PM

Posted 24 October 2012 - 09:10 AM

Hi Cipra,

I want to run this by you before we proceed. Because the Trainer program was downloaded from a less than reputable web site I think we need to assume what was downloaded is less than reputable as well. That is not an unreasonable assumption based on what you are experiencing now. Whereas it may be possible, in theory, to isolate the exact entry to delete which may stop the reinstallation of the program, quite honestly that does not provide me much comfort in terms of trusting everything else that remains.

I think what we need to do is a sort of major surgery. Based on the logs you have provided it appears Trainer has infiltrated numerous areas of your computer. What I would like to propose is the deletion of any program associated with or affected by Trainer (I know you previously offered to delete some programs). Then we can search for any remaining entries and delete those as well. If we are then successful in resolving the Trainer issue you can consider reinstalling the legitimate programs again.

At this point I am only seeking your concurrence and do not want you to do anything quite yet. If you agree, I will have you use a more powerful tool to uninstall the programs.

Please let me know your thoughts then we will proceed.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Cipra

Cipra
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 24 October 2012 - 09:21 PM

I'm willing to do anything to get rid of this thing. The programs I said i would delete are steam, the game engine I run Borderlands 2 on, and Borderlands 2 in case it is in the saved file there.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 PM

Posted 24 October 2012 - 09:32 PM

Hi Cipra,

That sounds good. What I am going to do is provide you with the information about Revo Uninstaller then I will leave it up to you to know which programs to uninstall. Please do this.


===================================================


Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

    **You determine the programs**
    
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.

===================================================


Following Revo please rerun SystemLook from Post #9


===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Any problems with Revo?
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users