Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBam found rootkits, trojans, etc...Is it clean now?


  • This topic is locked This topic is locked
21 replies to this topic

#1 Big Ern

Big Ern

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:09:10 AM

Posted 21 November 2013 - 11:56 AM

Laptop running Win 7 Has high CPU usage and google home page was blocked with an "access denied; invalid security certificate" message.

I ran MBAM and found a couple of rootkits, several trojans and many files with pup in the name. the MBAM database was 86 days old that found

and supposedly removed those. I do not currently have it connected to the internet so I had to update the definitions manually.

The computer seems to be working better now, but I am not sure if it safe to use...

Any help is greatly appreciated.

Thanks in advance,

Big Ern


Edited by Big Ern, 21 November 2013 - 11:56 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 21 November 2013 - 02:48 PM


Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-yyyy-mm-dd
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log will automatically open in Notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 21 November 2013 - 02:49 PM


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:09:10 AM

Posted 21 November 2013 - 04:04 PM

I copied the log to a thumb drive but for the life of me, I cannot get it to paste to the reply..paste is greyed out when I try... 

I will continue with other instructions



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 21 November 2013 - 04:13 PM

If all the menu and tool functions in the Board Editor are grayed out, try clicking the toggle icon in the upper left hand corner. Doing that will activate all the functions and show the copy/paste options at the top. Otherwise you have to use Cntrl + V on the keyboard or right-click an open space and use the copy/paste options in the context menu.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:09:10 AM

Posted 21 November 2013 - 04:17 PM

The infected laptop will not let me copy and paste?
Any ideas?

Its the infected laptop...not the board editor...


Edited by Big Ern, 21 November 2013 - 04:20 PM.


#7 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:09:10 AM

Posted 21 November 2013 - 04:38 PM

ok, I finally got control c and v to work!

 

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.26.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16721
kayla :: KAYLA-PC [administrator]

11/20/2013 12:35:43 PM
mbam-log-2013-11-20 (12-35-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 489588
Time elapsed: 16 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 28
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCR\BrowserConnection.Loader.1 (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCR\BrowserConnection.Loader (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\etadpug (Trojan.Zaccess) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Trojan.Zaccess) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr) -> Data: C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Files Detected: 21
C:\Users\Andrew.kayla-PC\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Andrew.kayla-PC\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Andrew.kayla-PC\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Andrew.kayla-PC\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Andrew.kayla-PC\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\kayla\Local Settings\Temporary Internet Files\Content.IE5\LM9TEVV6\flashplayer11_6r172548_217_win[1].exe (Malware.Packer.ZPGen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> Quarantined and deleted successfully.
C:\Users\Andrew.kayla-PC\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
c:\program files (x86)\google\desktop\install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\   \...\ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\googleupdate.exe (Trojan.Zaccess) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)

 

 

 

 

 

# AdwCleaner v3.012 - Report created 21/11/2013 at 16:10:52
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kayla - KAYLA-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\iMesh
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smart pc cleaner
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\RewardsArcadeSuite
Folder Deleted : C:\Program Files (x86)\smart pc cleaner
Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
Folder Deleted : C:\Users\kayla\AppData\Local\iMesh
Folder Deleted : C:\Users\kayla\AppData\Local\PackageAware
Folder Deleted : C:\Users\kayla\AppData\Local\RewardsArcadeSuite
Folder Deleted : C:\Users\kayla\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\kayla\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\kayla\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\kayla\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\kayla\AppData\Roaming\iWin
Folder Deleted : C:\Users\lizzy\AppData\Local\iMesh
Folder Deleted : C:\Users\lizzy\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\lizzy\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\lizzy\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\lizzy\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\lizzy\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\KEVIN\AppData\Local\iMesh
Folder Deleted : C:\Users\KEVIN\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\KEVIN\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\KEVIN\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\KEVIN\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\KEVIN\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\jonathan\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\jonathan\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\jonathan\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\jonathan\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\jonathan\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\Home2\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\Home2\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Home2\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Home2\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Home2\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\jonathan.kayla-PC\AppData\Local\PackageAware
Folder Deleted : C:\Users\jonathan.kayla-PC\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\jonathan.kayla-PC\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\jonathan.kayla-PC\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\jonathan.kayla-PC\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\jonathan.kayla-PC\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\Andrew.kayla-PC\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\Andrew.kayla-PC\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Andrew.kayla-PC\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Andrew.kayla-PC\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Andrew.kayla-PC\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\Andrew.kayla-PC\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Andrew.kayla-PC\AppData\Roaming\smart pc cleaner
Folder Deleted : C:\Users\kayla\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\lizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\KEVIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\jonathan.kayla-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\Andrew.kayla-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
File Deleted : C:\Users\Andrew.kayla-PC\Desktop\Smart PC Cleaner.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin
Value Deleted : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp1950@crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [GenieoUpdaterService]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4084D718-3644-4504-B828-BB054729E39C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Imesh
Key Deleted : HKLM\Software\iMeshMediabarTb
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\TelevisionFanaticEI
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Key Deleted : HKLM\Software\Classes\Installer\Features\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Deleted : HKLM\Software\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\kayla\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\lizzy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\KEVIN\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\jonathan.kayla-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Andrew.kayla-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [19999 octets] - [21/11/2013 16:08:29]
AdwCleaner[S0].txt - [19930 octets] - [21/11/2013 16:10:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19991 octets] ##########

 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by kayla on Thu 11/21/2013 at 16:18:29.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\kayla\appdata\locallow\datamngr"

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\kayla\appdata\local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Successfully deleted: [Folder] C:\Users\kayla\appdata\local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ielefkgbofdpglioecfjcbikholflklb

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/21/2013 at 16:25:26.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 21 November 2013 - 06:26 PM

I suspected we were going to find a lot more junkware.

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. Be careful what you choose to remove. If in doubt, ask before taking action.

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:09:10 AM

Posted 22 November 2013 - 08:50 AM

I will have to take the laptop home in order to get an internet connection.

Here at work personal computers have to be authorized to access the network, in which case this one is not.

I will complete the steps above tonight and get back with you when they are complete.

Thanks!



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 22 November 2013 - 08:57 AM

Not a problem. I understand.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:09:10 AM

Posted 22 November 2013 - 09:48 PM

I tried to install MBAM but I had a message that said it contained a virus and download was deleted. No antivirus is installed at the moment

I went ahead and started ESET and I will report back when it is finished



#12 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:09:10 AM

Posted 23 November 2013 - 10:42 AM

Eset has been running for about 13 hrs now and has scanned over 900,000 files.

it has been on 99% finished for at leat 5 hrs.

is this normal?



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 23 November 2013 - 02:56 PM

It depends. Eset does take a long time.

Generally, the speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
  • Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS)[/color][/url].
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk size and used capacity (number of files that have to be scanned).
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system/CPU resources by the scanner.
  • Other running processes and programs in the background.
  • Whether the scanning engine stalls, hangs or freezes.
  • Interference from malware.
  • Interference from other security programs attempting to scan at the same time.
  • Interference from other programs attempting to update (download/install) components from the Internet.
  • Interference from the user (whether or not you use the computer during the scan).
However, if the scanner freezes and does not continue any further, you may just have to terminate it and we will try something else.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:09:10 AM

Posted 23 November 2013 - 09:27 PM

Ok. I Finally got it all done. Sorry for the delay...

Thanks for your time!

 

 

.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
kayla :: KAYLA-PC [administrator]

11/23/2013 12:43:04 PM
mbam-log-2013-11-23 (12-43-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1492971
Time elapsed: 8 hour(s), 23 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Rootkit.0Access.ED) -> Data:  -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\GoogleUpdate.exe (Rootkit.0Access.ED) -> Quarantined and deleted successfully.
C:\Users\kayla\AppData\Local\Google\Desktop\Install\{7344f193-4334-372f-9d01-f84f59d8b2d4}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
 

 

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe.vir    probably a variant of Win32/Toolbar.Visicom.C application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimband.dll.vir    a variant of Win32/Toolbar.Visicom.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll.vir    a variant of Win32/Toolbar.Visicom.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SmartPCCleaner.exe.vir    a variant of Win32/SpeedingUpMyPC application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SPCSmartScan.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.C application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll.vir    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll.vir    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll.vir    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew.kayla-PC\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe.vir    a variant of Win32/Toolbar.DefaultTab.B application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\49EIPlug.dll    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\49EZSETP.dll    a variant of Win32/Toolbar.MyWebSearch.Q application    cleaned by deleting - quarantined
C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Users\Andrew.kayla-PC\Downloads\intunemp3_d11309.exe    a variant of Win32/InstallIQ.A application    cleaned by deleting - quarantined
C:\Users\jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ULPLFREW\musicoasis[1].exe    a variant of Win32/InstallIQ.A application    cleaned by deleting - quarantined
C:\Users\jonathan.kayla-PC\AppData\Local\{6F1B3060-90C7-4F21-AFFB-07B6150C73EA}\BRAND_FILES\C54DC6FB\E2C169D5\SetupDataMngr_BearShare.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\kayla\AppData\Local\Temp\jar_cache6119593899615562563.tmp    Java/Exploit.Agent.QEC trojan    cleaned by deleting - quarantined
C:\Users\kayla\AppData\Local\Temp\jar_cache7714011544478893418.tmp    Java/Exploit.Agent.QEJ trojan    cleaned by deleting - quarantined
C:\Users\kayla\AppData\Local\Temp\jar_cache8460818533218433063.tmp    Java/Exploit.Agent.QEK trojan    cleaned by deleting - quarantined
C:\Users\kayla\AppData\Roaming\Genieo\Data\unused_visited\2013-06-26\1372252064246_homesteadingtoday.com.zhtml    HTML/Iframe.B.Gen virus    deleted - quarantined
 

 

 



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 24 November 2013 - 08:00 AM

Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller previously, delete that version and download the most current one before using again.
  • Doubleclick on TDSSKiller.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • Chen click on Change parameters
    tds2.jpg
  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.


    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
  • If threats are detected, ensure Cure (default) is selected...then click Continue -> Reboot computer for cure completion.
  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • Click Continue.


    tds6.jpg
  • Click Reboot computer
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users