Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection... Changed user profile and blocking downloads


  • This topic is locked This topic is locked
16 replies to this topic

#1 RicksAsylum

RicksAsylum

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 10 March 2014 - 03:38 PM

My daughter is home from college for spring break. Her laptop was working fine on Fri when she left school but on Sat night she turned it back on and all hell broke loose. The user profile has been changed so that we are forced to use a temp/generic profile that will not access any of her saved programs or documents. I can find them on the c: hard drive so I know the info is still there. I am having a hard time running anti-virus and anti-malware scans as something is blocking downloads on the main user profile. I can download on the guest profile. I have been unable to run DDS. I downloaded as a guest and also tried transfering by zip drive from another computer. I have run Malwarebytes and AVG repeatedly and have removed quite a bit of rubbish but still have major issues.

 

Any help or advice would be greatly appreciated!

 

Thanks,

Rick



BC AdBot (Login to Remove)

 


#2 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 10 March 2014 - 03:49 PM

Here are the logs from the Malwarebytes scans. Currently scanning clean

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Naegele :: BIG-JO-D [administrator]

3/9/2014 1:32:27 PM
mbam-log-2014-03-09 (13-32-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293046
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.644.0\firefox\extensions -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Naegele\Downloads\installer_amnesia_the_dark_descent.exe (PUP.Adbundler) -> Quarantined and deleted successfully.
C:\Users\crusher\Desktop\Antivirus Security Pro support.url (Rogue.AntiVirusSecurity) -> Quarantined and deleted successfully.
C:\Users\Naegele\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Naegele :: BIG-JO-D [administrator]

3/9/2014 2:07:35 PM
mbam-log-2014-03-09 (14-07-35).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 544970
Time elapsed: 1 hour(s), 58 minute(s), 24 second(s)

Memory Processes Detected: 4
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> 3036 -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> 3468 -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> 2044 -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (PUP.Optional.SweetIM) -> 5280 -> Delete on reboot.

Memory Modules Detected: 4
C:\Program Files (x86)\SweetIM\Communicator\mgcommon.dll (PUP.Optional.SweetIM) -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll (PUP.Optional.SweetIM) -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll (PUP.Optional.SweetIM) -> Delete on reboot.

Registry Keys Detected: 26
HKLM\SYSTEM\CurrentControlSet\Services\Web Assistant (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Torntv V7.0 (PUP.Optional.TornTV.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Sweetpacks Communicator (PUP.Optional.SweetIM) -> Data: C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM) -> Data: 1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: MYSTART -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {EF899955-F4B0-11E1-ACBD-002564752F07} -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.

Folders Detected: 50
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\405AD0BFF7BE4E4F8E26EF104CF69B81 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\5DBA95E32066441E87DF9C9B3697F05F (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\6A711C76F7334C1D8AB1D04D553919A1 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\6C7F3CE7A69B46BCBE2632501F6E9AAE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\D2B28D813B6E41A78F5FCEB26BEEAB1A (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\ct3101810 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\Uninstall (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0 (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0 (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\html (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\images (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.

Files Detected: 276
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (PUP.Optional.SweetIM) -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\mgcommon.dll (PUP.Optional.SweetIM) -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll (PUP.Optional.SweetIM) -> Delete on reboot.
C:\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll (PUP.Optional.SweetIM) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390827683298 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391023246838 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391023247015 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391381285004 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391456073339 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391456073604 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll_1390827687776 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll_1393876729166 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Windows Movie Maker\WMM2EXT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\mgHelperGCFB.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04DE2LUW\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDZ2NCQK\Setup[1].exe (PUP.Optional.SecretSauce.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTCFJ93X\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.1.zip (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\HomePageDLL.dll.51395293 (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nsh1CC3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nsm162D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nsm22AD.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nso259C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nsrBDA1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nswB4E8.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nswB97B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\rcpsetup_adppi14_adppi14.exe.51395668 (PUP.Optional.RegCleanPro) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nsjC929.tmp\SPtool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Temp\nsu1912.tmp\SPtool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.2.11.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\6A711C76F7334C1D8AB1D04D553919A1\sp-downloader.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\Downloads\71A7.tmp (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.
C:\Users\Naegele\Downloads\Heroes-Chronicles-All-Chapters (1).exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\Downloads\Heroes-Chronicles-All-Chapters.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Naegele\Downloads\SoftonicDownloader_for_age-of-mythology.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\Downloads\SoftonicDownloader_for_mario-paint-composer.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\Downloads\SoftonicDownloader_for_picpick.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\1ff8a.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\1ff9d.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsc5592.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsfF922.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsg4767.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsh9B29.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsiCA65.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsj78B9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsj79A3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsjDA98.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nslB7F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nslBCD.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsoDC2D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsp1355.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nss212B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nssB021.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nstAC4A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsu1374.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsu86A1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsw7615.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsx560F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsy67DA.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\405AD0BFF7BE4E4F8E26EF104CF69B81\saSetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\5DBA95E32066441E87DF9C9B3697F05F\SendoriSetupx11915.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\6C7F3CE7A69B46BCBE2632501F6E9AAE\PureLeadsSetupx21701.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\OpenCandy\D2B28D813B6E41A78F5FCEB26BEEAB1A\TuneUpUtilities2012_en-US.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\HSChromeRegSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\Uninstall\msvcp100.dll (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\Uninstall\msvcr100.dll (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\Uninstall\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\Uninstall\UninstallerLauncher.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcp100.dll (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcr100.dll (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\UninstallerLauncher.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\128.png (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\19.png (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\48.png (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\background.html (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\flavour.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\logger.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\main.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\manifest.json (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\newtab.html (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\newtab.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\popup.html (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\popup.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\simapp.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\toolbar.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\manifest.json (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\html\background.html (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\images\icon.16.png (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\images\icon.48.png (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js\background.js (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js\dt.txt (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js\ex.js (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js\jquery.js (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.

(end)

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Naegele :: BIG-JO-D [administrator]

3/9/2014 6:04:25 PM
mbam-log-2014-03-09 (18-04-25).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 544670
Time elapsed: 1 hour(s), 58 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#3 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 11 March 2014 - 12:03 PM

update: I added a new user account to the laptop and was able to run DDS from there. Here are the logs:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by Dad at 11:53:13 on 2014-03-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.1635 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mobogenie\MgAssist.exe
C:\Program Files (x86)\PureLeads\plsapp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\SQ931STI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\SQ931STI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\vds.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [PureLeads Tray] "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Dad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: C:\Windows\System32\plsapp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B81BB4C8-F0DE-49C4-8F38-2104BEFC693F} : DHCPNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [SQ931STI] C:\Windows\SQ931STI.EXE
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-11 55280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-11-1 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 50976]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-1-12 70848]
R2 plsapp;plsapp;C:\Program Files (x86)\PureLeads\plsapp.exe [2014-1-23 3690784]
R2 PlsvcV1;PlsvcV1;C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [2014-1-23 91936]
R2 PlsvcV2;PlsvcV2;C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [2014-1-23 24352]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-18 656624]
R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-3 1759768]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-11-18 172704]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-18 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-18 393728]
S?1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-11 111616]
S3 SQ931;USB 2.0 Video Camera;C:\Windows\System32\drivers\Capt931a.sys [2012-2-20 602176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-2 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-6 1255736]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-11 16:36:23 -------- d-----w- C:\Users\Dad\AppData\Local\MFAData
2014-03-11 16:29:44 -------- d-----w- C:\Users\Dad\AppData\Local\Adobe
2014-03-11 16:29:23 -------- d-----w- C:\Users\Dad\AppData\Local\Apple
2014-03-11 16:27:15 -------- d-----w- C:\Users\Dad\AppData\Roaming\Dell
2014-03-11 16:26:50 -------- d-----w- C:\Users\Dad\AppData\Local\AVG Secure Search
2014-03-11 16:26:31 -------- d-----w- C:\Users\Dad\AppData\Local\Stardock_Corporation
2014-03-11 16:26:14 -------- d-----w- C:\Users\Dad\AppData\Roaming\AVG2014
2014-03-11 16:26:11 -------- d-----w- C:\Users\Dad\AppData\Local\Avg2014
2014-03-11 16:26:10 -------- d-----w- C:\Users\Dad\AppData\Local\SupportSoft
2014-03-09 18:31:45 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-09 18:31:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-09 18:31:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 03:53:49 -------- d-----w- C:\Windows\System32\SearchProtect
2014-03-09 03:50:02 -------- d-----w- C:\Windows\SysWow64\cache
2014-03-03 22:53:06 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-03-02 22:59:49 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 22:59:49 -------- d-----w- C:\Program Files\iTunes
2014-03-02 22:59:49 -------- d-----w- C:\Program Files\iPod
2014-03-02 22:59:49 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-24 02:16:05 439296 ----a-w- C:\Windows\System32\plsapp64.dll
2014-02-24 02:16:02 354592 ----a-w- C:\Windows\SysWow64\plsapp.dll
2014-02-24 02:15:58 -------- d-----w- C:\ProgramData\PureLeads
2014-02-24 02:15:55 -------- d-----w- C:\Program Files (x86)\PureLeads
2014-02-14 14:05:52 -------- d-----w- C:\Windows\SysWow64\jmdp
2014-02-14 14:05:52 -------- d-----w- C:\Windows\System32\ljkb
2014-02-12 03:07:20 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 03:07:20 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-11 18:05:47 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-11 18:05:47 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-11 18:05:47 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-11 18:05:47 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-11 18:05:44 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-11 18:05:44 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-11 18:05:43 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-11 18:05:43 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
.
==================== Find3M  ====================
.
2014-03-03 22:52:54 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-04 09:28:20 1859376 ----a-w- C:\Windows\System32\dmwu.exe
2014-02-04 09:23:42 34304 ----a-w- C:\Windows\System32\ImHttpComm.dll
2014-02-04 08:39:36 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2014-02-04 08:39:36 608080 ----a-w- C:\Windows\System32\msvcp100.dll
.
============= FINISH: 11:54:33.80 ===============

 

 

 

 

 

.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 PM

Posted 12 March 2014 - 09:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 12 March 2014 - 04:30 PM

Thanks for the reply! All requested scans run without issue. Here are the logs:

 

# AdwCleaner v3.021 - Report created 12/03/2014 at 15:35:43
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dad - BIG-JO-D
# Running from : C:\Users\Dad\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : MgAssistService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Windows\System32\ARFC
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Windows\System32\SearchProtect
Folder Deleted : C:\Users\TEMP\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\TEMP\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Naegele\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Naegele\AppData\Local\Babylon
Folder Deleted : C:\Users\Naegele\AppData\Local\Conduit
Folder Deleted : C:\Users\Naegele\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Naegele\AppData\Local\genienext
Folder Deleted : C:\Users\Naegele\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Naegele\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Naegele\AppData\Local\PackageAware
Folder Deleted : C:\Users\Naegele\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Naegele\AppData\Local\TempDir
Folder Deleted : C:\Users\Naegele\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Naegele\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Naegele\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Naegele\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Naegele\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Naegele\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Naegele\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Naegele\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Naegele\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Naegele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Naegele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Naegele\Documents\Mobogenie
Folder Deleted : C:\Users\Dad\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Dad\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Dad\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Dad\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Naegele\Desktop\Mobogenie.lnk
File Deleted : C:\Users\Naegele\Desktop\TornTV.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Users\Naegele\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mario-paint-composer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mario-paint-composer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_picpick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_picpick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

*************************

AdwCleaner[R0].txt - [30932 octets] - [12/03/2014 15:15:11]
AdwCleaner[R1].txt - [30993 octets] - [12/03/2014 15:33:00]
AdwCleaner[S0].txt - [31310 octets] - [12/03/2014 15:35:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31371 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dad on Wed 03/12/2014 at 15:54:42.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/12/2014 at 16:03:42.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014
Ran by Dad (administrator) on BIG-JO-D on 12-03-2014 16:09:10
Running from C:\Users\Dad\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Windows\SQ931STI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-05-26] (Microsoft Corporation)
HKLM\...\Run: [SQ931STI] - C:\Windows\SQ931STI.EXE [151552 2007-01-24] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PureLeads Tray] - C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-08-17] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\.DEFAULT\...\MountPoints2: {ef947339-a878-11e3-b549-002564752f07} - E:\LaunchU3.exe -a
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE16A2F6A473DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM-x32 - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9-x64 01 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 02 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 03 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 04 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 15 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
S3 SQ931; C:\Windows\System32\Drivers\Capt931a.sys [602176 2007-08-16] ()
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-12 16:09 - 2014-03-12 16:09 - 00010878 _____ () C:\Users\Dad\Desktop\FRST.txt
2014-03-12 16:08 - 2014-03-12 16:09 - 00000000 ____D () C:\FRST
2014-03-12 16:03 - 2014-03-12 16:07 - 00000697 _____ () C:\Users\Dad\Desktop\JRT.txt
2014-03-12 15:54 - 2014-03-12 15:54 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 15:35 - 2014-03-12 15:36 - 00031872 _____ () C:\Users\Dad\Desktop\AdwCleaner[S0].txt
2014-03-12 15:14 - 2014-03-12 15:52 - 00000000 ____D () C:\AdwCleaner
2014-03-12 15:12 - 2014-03-12 15:12 - 02157056 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2014-03-12 15:11 - 2014-03-12 15:11 - 01037734 _____ (Thisisu) C:\Users\Dad\Desktop\JRT.exe
2014-03-12 15:09 - 2014-03-12 15:09 - 01949184 _____ () C:\Users\Dad\Desktop\adwcleaner.exe
2014-03-11 12:36 - 2014-03-11 12:36 - 00000000 ____D () C:\Users\Dad\My Backup Files
2014-03-11 11:54 - 2014-03-11 11:59 - 00010536 _____ () C:\Users\Dad\Desktop\attach.txt
2014-03-11 11:54 - 2014-03-11 11:54 - 00018506 _____ () C:\Users\Dad\Desktop\dds.txt
2014-03-11 11:53 - 2014-03-11 11:53 - 00688992 ____R (Swearware) C:\Users\Dad\Desktop\dds.com
2014-03-11 11:45 - 2014-03-12 15:00 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Users\Dad\AppData\Local\MFAData
2014-03-11 11:29 - 2014-03-11 11:29 - 00000000 ____D () C:\Users\Dad\AppData\Local\Apple
2014-03-11 11:29 - 2014-03-11 11:29 - 00000000 ____D () C:\Users\Dad\AppData\Local\Adobe
2014-03-11 11:27 - 2014-03-11 11:27 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Dell
2014-03-11 11:26 - 2014-03-11 11:47 - 00000000 ____D () C:\Users\Dad\AppData\Local\Avg2014
2014-03-11 11:26 - 2014-03-11 11:26 - 00080504 _____ () C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\AVG2014
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Apple Computer
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Local\SupportSoft
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Local\Stardock_Corporation
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 _____ () C:\Users\Dad\daemonprocess.txt
2014-03-11 11:25 - 2014-03-12 15:50 - 00000000 ____D () C:\Users\Dad\AppData\Local\SoftThinks
2014-03-11 11:25 - 2014-03-11 12:36 - 00000000 ____D () C:\Users\Dad
2014-03-11 11:25 - 2014-03-11 11:29 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Adobe
2014-03-11 11:25 - 2014-03-11 11:26 - 00000000 ___RD () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 11:25 - 2014-03-11 11:26 - 00000000 ___RD () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-11 11:25 - 2014-03-11 11:25 - 00001415 _____ () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-11 11:25 - 2014-03-11 11:25 - 00000020 ___SH () C:\Users\Dad\ntuser.ini
2014-03-11 11:25 - 2014-03-09 18:06 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\FreeFileViewer
2014-03-11 11:25 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Opera Software
2014-03-11 11:25 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Macromedia
2014-03-11 11:25 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Dad\AppData\Local\Opera Software
2014-03-11 11:25 - 2013-10-14 11:58 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\TuneUp Software
2014-03-11 11:25 - 2010-07-12 02:03 - 00000000 ____D () C:\Users\Dad\AppData\Local\Microsoft Help
2014-03-11 11:25 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-11 11:25 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-11 11:18 - 2014-03-11 11:18 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Apple
2014-03-10 14:42 - 2014-03-10 14:42 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\CyberLink
2014-03-10 14:40 - 2014-03-10 14:40 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Guest\Desktop\unhide.exe
2014-03-10 14:01 - 2014-03-10 14:40 - 00000794 _____ () C:\Users\Guest\Desktop\unhide.txt
2014-03-10 14:01 - 2014-03-10 14:01 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Guest\Downloads\unhide.exe
2014-03-09 23:36 - 2014-03-10 12:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\MoboGenie
2014-03-09 23:24 - 2014-03-09 23:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Guest\Desktop\rkill.exe
2014-03-09 23:24 - 2014-03-09 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Malwarebytes
2014-03-09 23:19 - 2014-03-09 23:20 - 00005046 _____ () C:\Users\Guest\Desktop\Rkill.txt
2014-03-09 18:03 - 2014-03-10 12:28 - 00000000 ____D () C:\Users\Default\AppData\Local\FileTypeAssistant
2014-03-09 18:03 - 2014-03-10 12:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\FileTypeAssistant
2014-03-09 18:03 - 2014-03-09 18:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\FreeFileViewer
2014-03-09 18:03 - 2014-03-09 18:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\FreeFileViewer
2014-03-09 14:54 - 2014-03-10 12:41 - 00000000 ____D () C:\Users\Default\AppData\Local\MoboGenie
2014-03-09 14:54 - 2014-03-10 12:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\MoboGenie
2014-03-09 14:05 - 2014-03-09 14:08 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\FreeFileViewer
2014-03-09 13:31 - 2014-03-10 12:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-09 13:31 - 2014-03-09 13:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 13:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-09 13:16 - 2014-03-09 13:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-09 13:14 - 2014-03-09 13:14 - 00080504 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-09 13:14 - 2014-03-09 13:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Dell
2014-03-09 13:14 - 2014-03-09 13:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Stardock_Corporation
2014-03-09 13:14 - 2014-03-09 13:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\AVG Secure Search
2014-03-09 13:13 - 2014-03-09 13:14 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-09 13:13 - 2014-03-09 13:13 - 00001411 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-09 13:13 - 2014-03-09 13:13 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG2014
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\SupportSoft
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\SearchProtect
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2014
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 _____ () C:\Users\Guest\daemonprocess.txt
2014-03-09 13:13 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Opera Software
2014-03-09 13:13 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-03-09 13:13 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-09 13:13 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Opera Software
2014-03-09 13:13 - 2013-10-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-03-09 13:13 - 2010-07-12 02:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-09 13:13 - 2009-11-18 17:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\SoftThinks
2014-03-09 13:13 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-09 13:13 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Opera Software
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default\AppData\Local\Opera Software
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Opera Software
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\Opera Software
2014-03-08 23:22 - 2014-03-08 23:22 - 00000000 ____D () C:\Users\systemprofile\My Backup Files
2014-03-08 23:22 - 2014-03-08 23:22 - 00000000 ____D () C:\Users\systemprofile
2014-03-08 22:50 - 2014-03-10 12:27 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-03-08 22:50 - 2014-03-08 22:50 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\AVG2014
2014-03-08 22:49 - 2014-03-08 23:12 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Avg2014
2014-03-08 22:48 - 2014-03-08 22:48 - 00000000 _____ () C:\Users\TEMP\daemonprocess.txt
2014-03-08 22:48 - 2013-10-14 11:58 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
2014-03-08 22:48 - 2010-07-12 02:03 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-03-08 22:48 - 2009-11-18 17:40 - 00000000 ____D () C:\Users\TEMP\AppData\Local\SoftThinks
2014-03-08 22:48 - 2009-11-18 17:28 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-08 22:48 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-08 22:48 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-05 14:41 - 2014-03-05 14:42 - 47412392 _____ () C:\Users\Naegele\Desktop\their photos up close and far away.pptx
2014-03-02 17:59 - 2014-03-02 18:01 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 17:59 - 2014-03-02 18:01 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 17:59 - 2014-03-02 18:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 17:59 - 2014-03-02 17:59 - 00000000 ____D () C:\Program Files\iPod
2014-02-23 21:16 - 2014-01-23 18:12 - 00354592 _____ (Sendori) C:\Windows\SysWOW64\plsapp.dll
2014-02-23 21:16 - 2013-11-13 22:41 - 00439296 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-02-23 21:15 - 2014-02-23 21:16 - 00000000 ____D () C:\ProgramData\PureLeads
2014-02-23 21:15 - 2014-02-23 21:16 - 00000000 ____D () C:\Program Files (x86)\PureLeads
2014-02-23 21:06 - 2014-02-23 21:07 - 91191776 _____ (DVDVideoSoft Ltd. ) C:\Users\Naegele\Downloads\FreeStudio (1).exe
2014-02-23 21:00 - 2014-02-23 21:01 - 34601656 _____ (DVDVideoSoft Ltd. ) C:\Users\Naegele\Downloads\FreeYouTubeToMP3Converter.exe
2014-02-11 22:07 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 22:07 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 22:06 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 22:06 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 22:06 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-11 22:06 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 22:06 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-11 22:06 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 22:06 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 22:06 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 22:06 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 22:06 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-11 22:06 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-11 22:06 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 22:06 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 22:06 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-11 22:06 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-11 22:06 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-11 22:06 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 22:06 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 22:06 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-11 22:06 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-11 22:06 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-11 22:06 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-11 22:06 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-11 22:06 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 22:06 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-11 22:06 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-11 22:05 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 22:05 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 22:05 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 22:05 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-11 22:05 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 22:05 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 22:05 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 22:05 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 22:05 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-11 22:05 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 22:05 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 22:05 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 22:05 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 13:05 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 13:05 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 13:05 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 13:05 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 13:05 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 13:05 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 13:05 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 13:05 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-12 16:09 - 2014-03-12 16:09 - 00010878 _____ () C:\Users\Dad\Desktop\FRST.txt
2014-03-12 16:09 - 2014-03-12 16:08 - 00000000 ____D () C:\FRST
2014-03-12 16:07 - 2014-03-12 16:03 - 00000697 _____ () C:\Users\Dad\Desktop\JRT.txt
2014-03-12 15:54 - 2014-03-12 15:54 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 15:52 - 2014-03-12 15:14 - 00000000 ____D () C:\AdwCleaner
2014-03-12 15:51 - 2009-07-14 00:10 - 01065691 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 15:50 - 2014-03-11 11:25 - 00000000 ____D () C:\Users\Dad\AppData\Local\SoftThinks
2014-03-12 15:50 - 2014-01-16 23:16 - 00000406 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-03-12 15:46 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 15:46 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 15:44 - 2012-02-19 00:04 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1455957145-126318344-961165010-1001UA.job
2014-03-12 15:43 - 2009-07-14 00:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-12 15:39 - 2010-04-03 21:40 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-12 15:38 - 2009-11-18 18:58 - 01917706 _____ () C:\Windows\PFRO.log
2014-03-12 15:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 15:38 - 2009-07-13 23:51 - 00114866 _____ () C:\Windows\setupact.log
2014-03-12 15:36 - 2014-03-12 15:35 - 00031872 _____ () C:\Users\Dad\Desktop\AdwCleaner[S0].txt
2014-03-12 15:36 - 2011-08-28 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-12 15:12 - 2014-03-12 15:12 - 02157056 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2014-03-12 15:11 - 2014-03-12 15:11 - 01037734 _____ (Thisisu) C:\Users\Dad\Desktop\JRT.exe
2014-03-12 15:09 - 2014-03-12 15:09 - 01949184 _____ () C:\Users\Dad\Desktop\adwcleaner.exe
2014-03-12 15:01 - 2013-09-30 13:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-12 15:00 - 2014-03-11 11:45 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-12 14:53 - 2012-02-19 00:04 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1455957145-126318344-961165010-1001Core.job
2014-03-11 12:36 - 2014-03-11 12:36 - 00000000 ____D () C:\Users\Dad\My Backup Files
2014-03-11 12:36 - 2014-03-11 11:25 - 00000000 ____D () C:\Users\Dad
2014-03-11 12:35 - 2009-11-18 17:15 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-11 11:59 - 2014-03-11 11:54 - 00010536 _____ () C:\Users\Dad\Desktop\attach.txt
2014-03-11 11:54 - 2014-03-11 11:54 - 00018506 _____ () C:\Users\Dad\Desktop\dds.txt
2014-03-11 11:53 - 2014-03-11 11:53 - 00688992 ____R (Swearware) C:\Users\Dad\Desktop\dds.com
2014-03-11 11:47 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Local\Avg2014
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Users\Dad\AppData\Local\MFAData
2014-03-11 11:29 - 2014-03-11 11:29 - 00000000 ____D () C:\Users\Dad\AppData\Local\Apple
2014-03-11 11:29 - 2014-03-11 11:29 - 00000000 ____D () C:\Users\Dad\AppData\Local\Adobe
2014-03-11 11:29 - 2014-03-11 11:25 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Adobe
2014-03-11 11:27 - 2014-03-11 11:27 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Dell
2014-03-11 11:26 - 2014-03-11 11:26 - 00080504 _____ () C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\AVG2014
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Apple Computer
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Local\SupportSoft
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Users\Dad\AppData\Local\Stardock_Corporation
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 _____ () C:\Users\Dad\daemonprocess.txt
2014-03-11 11:26 - 2014-03-11 11:25 - 00000000 ___RD () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 11:26 - 2014-03-11 11:25 - 00000000 ___RD () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-11 11:25 - 2014-03-11 11:25 - 00001415 _____ () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-11 11:25 - 2014-03-11 11:25 - 00000020 ___SH () C:\Users\Dad\ntuser.ini
2014-03-11 11:18 - 2014-03-11 11:18 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Apple
2014-03-10 14:42 - 2014-03-10 14:42 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\CyberLink
2014-03-10 14:40 - 2014-03-10 14:40 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Guest\Desktop\unhide.exe
2014-03-10 14:40 - 2014-03-10 14:01 - 00000794 _____ () C:\Users\Guest\Desktop\unhide.txt
2014-03-10 14:01 - 2014-03-10 14:01 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Guest\Downloads\unhide.exe
2014-03-10 12:41 - 2014-03-09 14:54 - 00000000 ____D () C:\Users\Default\AppData\Local\MoboGenie
2014-03-10 12:41 - 2014-03-09 14:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\MoboGenie
2014-03-10 12:33 - 2014-03-09 13:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 12:28 - 2014-03-09 18:03 - 00000000 ____D () C:\Users\Default\AppData\Local\FileTypeAssistant
2014-03-10 12:28 - 2014-03-09 18:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\FileTypeAssistant
2014-03-10 12:27 - 2014-03-08 22:50 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-03-10 12:13 - 2014-03-09 23:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\MoboGenie
2014-03-09 23:24 - 2014-03-09 23:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Guest\Desktop\rkill.exe
2014-03-09 23:24 - 2014-03-09 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Malwarebytes
2014-03-09 23:20 - 2014-03-09 23:19 - 00005046 _____ () C:\Users\Guest\Desktop\Rkill.txt
2014-03-09 18:06 - 2014-03-11 11:25 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\FreeFileViewer
2014-03-09 18:06 - 2014-03-09 18:03 - 00000000 ____D () C:\Users\Default\AppData\Roaming\FreeFileViewer
2014-03-09 18:06 - 2014-03-09 18:03 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\FreeFileViewer
2014-03-09 18:01 - 2012-04-01 19:30 - 00000000 ____D () C:\Program Files (x86)\Windows Movie Maker
2014-03-09 14:08 - 2014-03-09 14:05 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\FreeFileViewer
2014-03-09 13:31 - 2014-03-09 13:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 13:16 - 2014-03-09 13:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-09 13:14 - 2014-03-09 13:14 - 00080504 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-09 13:14 - 2014-03-09 13:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Dell
2014-03-09 13:14 - 2014-03-09 13:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Stardock_Corporation
2014-03-09 13:14 - 2014-03-09 13:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\AVG Secure Search
2014-03-09 13:14 - 2014-03-09 13:13 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-09 13:13 - 2014-03-09 13:13 - 00001411 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-09 13:13 - 2014-03-09 13:13 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG2014
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\SupportSoft
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\SearchProtect
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2014
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest
2014-03-09 13:13 - 2014-03-09 13:13 - 00000000 _____ () C:\Users\Guest\daemonprocess.txt
2014-03-09 12:59 - 2012-03-19 20:16 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-09 12:58 - 2014-03-11 11:25 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Opera Software
2014-03-09 12:58 - 2014-03-11 11:25 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Macromedia
2014-03-09 12:58 - 2014-03-11 11:25 - 00000000 ____D () C:\Users\Dad\AppData\Local\Opera Software
2014-03-09 12:58 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Opera Software
2014-03-09 12:58 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-03-09 12:58 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-09 12:58 - 2014-03-09 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\Opera Software
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Opera Software
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default\AppData\Local\Opera Software
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Opera Software
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\Opera Software
2014-03-08 23:38 - 2013-06-02 22:23 - 00000000 ____D () C:\Users\Naegele\Documents\UNT
2014-03-08 23:22 - 2014-03-08 23:22 - 00000000 ____D () C:\Users\systemprofile\My Backup Files
2014-03-08 23:22 - 2014-03-08 23:22 - 00000000 ____D () C:\Users\systemprofile
2014-03-08 23:12 - 2014-03-08 22:49 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Avg2014
2014-03-08 22:50 - 2014-03-08 22:50 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\AVG2014
2014-03-08 22:49 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-08 22:48 - 2014-03-08 22:48 - 00000000 _____ () C:\Users\TEMP\daemonprocess.txt
2014-03-06 17:52 - 2012-04-01 19:47 - 00014848 _____ () C:\Users\Naegele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-05 14:42 - 2014-03-05 14:41 - 47412392 _____ () C:\Users\Naegele\Desktop\their photos up close and far away.pptx
2014-03-03 17:52 - 2012-09-04 08:50 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-03 14:54 - 2012-03-12 15:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-03 14:52 - 2009-12-25 11:11 - 00000000 ____D () C:\Users\Naegele\AppData\Local\SoftThinks
2014-03-02 18:01 - 2014-03-02 17:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 18:01 - 2014-03-02 17:59 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 18:01 - 2014-03-02 17:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 17:59 - 2014-03-02 17:59 - 00000000 ____D () C:\Program Files\iPod
2014-02-23 22:54 - 2010-07-11 23:46 - 00000000 ____D () C:\Users\Naegele\AppData\Local\CrashDumps
2014-02-23 21:24 - 2012-07-25 01:44 - 00000000 ____D () C:\Users\Naegele\AppData\Roaming\DVDVideoSoft
2014-02-23 21:21 - 2012-07-25 01:44 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-02-23 21:16 - 2014-02-23 21:15 - 00000000 ____D () C:\ProgramData\PureLeads
2014-02-23 21:16 - 2014-02-23 21:15 - 00000000 ____D () C:\Program Files (x86)\PureLeads
2014-02-23 21:07 - 2014-02-23 21:06 - 91191776 _____ (DVDVideoSoft Ltd. ) C:\Users\Naegele\Downloads\FreeStudio (1).exe
2014-02-23 21:01 - 2014-02-23 21:00 - 34601656 _____ (DVDVideoSoft Ltd. ) C:\Users\Naegele\Downloads\FreeYouTubeToMP3Converter.exe
2014-02-22 03:33 - 2010-05-10 15:01 - 00000000 ____D () C:\ProgramData\Apple
2014-02-16 04:04 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 04:01 - 2009-12-27 13:22 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 13:39 - 2012-02-19 00:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1455957145-126318344-961165010-1001UA
2014-02-12 13:39 - 2012-02-19 00:04 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1455957145-126318344-961165010-1001Core
2014-02-11 22:20 - 2013-09-01 16:45 - 00773482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.1872.dll

Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\Quarantine.exe
C:\Users\Naegele\AppData\Local\Temp\SoftwareUpdateSetup.exe
C:\Users\Naegele\AppData\Local\Temp\SpOrder.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 01:15

==================== End Of Log ============================

 

 

Attached File  Addition.txt   24.25KB   1 downloads



#6 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 12 March 2014 - 04:41 PM

When I try to log in to the primary user account I get the following message in the task bar:

 

USER PROFILE SERVICE

You have been logged on with default profile for the system. Please see the evcent log for details or contact your administrator.

 

 

Then a pop-up that says: Microsoft IntelliPoint has stopped working

 

 

The icon and password are both correct but no access to saved files or programs.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 PM

Posted 13 March 2014 - 09:40 AM


PureLeads is ads supported software utility. I suggest you remove it using the Add/Remove Programs.
http://www.anvisoft.com/resources/how-to-remove-pureleads-deals-and-ads/

PureLeads (HKLM-x32\...\PureLeads) (Version: 2.0.17 - PureLeads)
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM-x32 - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.


Restart the computer normally.
===

You have been logged on with default profile for the system

This is not related to malware.

I suggest you start a new topic in the Windows 7 Forum.
http://www.bleepingcomputer.com/forums/forum167.html
Some one with experience in this field will be able to help you better than I can.

#8 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 13 March 2014 - 10:20 AM

fixlist run successfully. log is below.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-03-2014
Ran by Dad at 2014-03-13 10:19:00 Run:1
Running from C:\Users\Dad\Desktop\frst64
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM-x32 - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File

end

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\!{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\!{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.

==== End of Fixlog ====



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 PM

Posted 13 March 2014 - 12:42 PM

We just removed some empty keys from the registry.

Nothing should have changed.

#10 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 13 March 2014 - 01:39 PM

Thank You Nasdaq!

 

So... based on what you have seen in the logs can we assume that the system is clean?

 

I can rebuild the user profile manually if necesary but I don't want to start until I'm sure we are bug free.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 PM

Posted 14 March 2014 - 06:42 AM

Give it one last scan before proceeding.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#12 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 14 March 2014 - 07:22 PM

ESET Scan has been completed:

 

 

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1] a variant of Win32/Toolbar.Perion.G potentially unwanted application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\update[1] a variant of Win32/Toolbar.Perion.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\Extension32.dll.vir a variant of Win32/Toolbar.Perion.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\source.crx.vir Win32/Toolbar.Perion.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\Firefox\chrome\content\resources\localscript.js.vir Win32/Toolbar.Perion.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\resources\localscript.js.vir Win32/Toolbar.Perion.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Naegele\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Naegele\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Naegele\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.573_0\main.js.vir Win32/Toolbar.Perion.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Naegele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.573_0\resources\localscript.js.vir Win32/Toolbar.Perion.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Naegele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Naegele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Naegele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\Users\Naegele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04DE2LUW\monetizationLoader[2].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Naegele\AppData\Local\Temp\SoftwareUpdateSetup.exe a variant of Win32/InstallCore.IJ potentially unwanted application deleted - quarantined
C:\Users\Naegele\AppData\Local\Temp\ICReinstall\AOMTrial.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Naegele\AppData\LocalLow\oovootb\oovootb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Users\Naegele\Desktop\AOMTrial.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Naegele\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Naegele\Downloads\FreeStudio (1).exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Naegele\Downloads\FreeStudio.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Naegele\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Naegele\Downloads\windows-movie-maker.exe Win32/DownWare.W potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1] a variant of Win32/Toolbar.Perion.G potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\update[1] a variant of Win32/Toolbar.Perion.A potentially unwanted application deleted - quarantined
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 PM

Posted 15 March 2014 - 07:31 AM

Please run the Malwarebytes Anti-Malware program one more time.

Let me know if the problem persist.

#14 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 15 March 2014 - 10:34 AM

Will do.

 

Thanks for everything! Rick D.



#15 RicksAsylum

RicksAsylum
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 15 March 2014 - 04:05 PM

Malwarebyres scans are clean.

 

Thanks again for all your help! My daughter is thrilled to have her laptop back in service in time for school on Monday.

 

For anyone who may be following this thread:

 I never did find out what caused the problems with the user profile. When trying to log in with the main account the system diverted to a 'Default Profile' with no access to any stored files. Nasdaq helped me clean out the system and make sure it was safe. Then I built a new user profile by transfering all of the stored files manually to the new profile and deleting the old one. So far everything is working fine.

 

I never could have done all this on my own and I am truly thankful for the support and assistance from the volunteers here at Bleeping Computer!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users