Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GameHarbor Virus Help


  • This topic is locked This topic is locked
7 replies to this topic

#1 misterprog

misterprog

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 15 September 2014 - 08:05 PM

Hello. I'm here for the same reason as everyone else. Downloaded Sims 4 and got this annoying startup adware junk. I deeply regret my decisions and now request help from you talented people. I have scanned and have included the files in this topic. Hopefully I can get some help with this rather annoying problem. Thank you in advance! 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 16 September 2014 - 10:10 AM

Hello misterprog and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 misterprog

misterprog
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 16 September 2014 - 02:49 PM

Yep! Thanks for your time :)



#4 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 16 September 2014 - 05:24 PM

Hi misterprog,
 

Microsoft Security Essentials (Enabled - Up to date)
S0 Avgmfx64;

 
Microsoft Security Essentials and AVG2013  enabled
 
Please uninstall MSE , you have AVG2013 running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

http://www.bleepingc...s-removal-tool/ <---MSE removal tool
or
Uninstall AVG2013 ---> Avgremover here
 
-----------------------------------------------------------------------------------------------------------------------------------------
Please
Uninstall : Free YouTube to MP3 Converter
Uninstall : Pando Media Booster
--------------------------------------------
Step 1:

 

Ensure your external and/or USB drives are inserted during the scan
 
Run FRST fixlist
 
Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {12eb0929-34c9-11e2-bf44-8c89a5de8354} - F:\SETUP.EXE
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {249a684e-7a44-11e2-a7b0-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {4a526499-f936-11e2-86bd-d43d7e00e3c1} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {52d09745-ddd5-11e1-80da-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {5358501e-01f1-11e4-8e26-d43d7e00e3c1} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {6d823bca-52a1-11e2-a5f2-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {917db071-3993-11e3-9480-d43d7e00e3c1} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {9df70fbd-e1e7-11e3-9312-d43d7e00e3c1} - G:\MotorolaDeviceManagerSetup.exe -a
ShortcutTarget: GameStop Now.lnk -> D:\Programs\GameStop App\Now\GameStopNow.exe (No File)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\02la5kkx.default
FF NetworkProxy: "backup.ftp", "68.113.83.11"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "68.113.83.11"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "68.113.83.11"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "204.84.216.200"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "204.84.216.200"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "204.84.216.200"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "204.84.216.200"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR DefaultSearchKeyword: Default -> F20F8435EBC900696F103677E808A53E26013AB8E0AAD06A919AF265A5B2D9B7
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Robert\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx
S3 MSICDSetup; \??\D:\CDriver64.sys
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys
C:\ProgramData\hash.dat
C:\Users\Robert\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegln4o.dll
C:\Users\Robert\AppData\Local\Temp\Uninstaller-3864.exe
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{05368015-56b0-408b-8de6-7096913b961d}\InprocServer32 -> dfshim.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {E421C87D-AE36-4A06-8106-E6153C2A1063} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113239542-2341569308-1830245231-1000Core.job => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113239542-2341569308-1830245231-1000UA.job => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
2014-09-15 20:56 - 2014-09-15 20:56 - 00098816 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32api.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00110080 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\pywintypes27.dll
2014-09-15 20:56 - 2014-09-15 20:56 - 00364544 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\pythoncom27.dll
2014-09-15 20:56 - 2014-09-15 20:56 - 00045568 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_socket.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 01160704 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_ssl.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00320512 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32com.shell.shell.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00713216 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_hashlib.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 01175040 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._core_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00805888 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._gdi_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00811008 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._windows_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 01062400 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._controls_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00735232 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._misc_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00128512 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_elementtree.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00127488 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\pyexpat.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00557056 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\pysqlite2._sqlite.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00007168 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\hashobjs_ext.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00087552 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_ctypes.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00119808 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32file.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00108544 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32security.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00018432 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32event.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00038912 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32inet.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00070656 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._html2.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00167936 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32gui.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00011264 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32crypt.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00027136 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_multiprocessing.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00686080 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\unicodedata.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00122368 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._wizard.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00010240 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\select.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00024064 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32pipe.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00025600 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32pdh.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00525640 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\windows._lib_cacheinvalidation.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00035840 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32process.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00017408 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32profile.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00022528 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32ts.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00078336 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._animate.pyd
AlternateDataStreams: C:\Program Files\Common Files\System:VITjh5AHqWh13DIPX5YLqlgF0
AlternateDataStreams: C:\Program Files\Common Files\System:weVHSsfSpAGphiMISjWX
AlternateDataStreams: C:\ProgramData\Microsoft:d9ihWQ99xjiG4fC0iOlTeu
AlternateDataStreams: C:\ProgramData\Microsoft:efh3UJk4YABWenaNBXUBREc2
AlternateDataStreams: C:\ProgramData\Microsoft:v7QgonSIRkpnFxkNVtpiJW6
AlternateDataStreams: C:\ProgramData\Microsoft:WcjzRb6oMkNLDu9STJcW
AlternateDataStreams: C:\Users\Robert\Cookies:LaQRIruEs0EYqFKJW9THLrzPG
AlternateDataStreams: C:\Users\Robert\AppData\Local\oq3IwN0B7:gZMtjvhEjM1AS9a6cyGkdkoZP
AlternateDataStreams: C:\Users\Robert\AppData\Local\T3tlJT94asxa0X:ux8ILFIgNhrpqxPPbn1ITT3Jp
Folder: C:\Users\Robert\AppData\Local\Super_Demo_
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End



NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.
 
Step2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step3:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 misterprog

misterprog
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 16 September 2014 - 06:43 PM

Thanks for the help! It doesn't come up anymore on startup but my chrome settings were reset but it was worth it. Here's the log if you needed it:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Robert at 2014-09-16 18:37:17 Run:2
Running from C:\Users\Robert\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {12eb0929-34c9-11e2-bf44-8c89a5de8354} - F:\SETUP.EXE
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {249a684e-7a44-11e2-a7b0-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {4a526499-f936-11e2-86bd-d43d7e00e3c1} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {52d09745-ddd5-11e1-80da-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {5358501e-01f1-11e4-8e26-d43d7e00e3c1} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {6d823bca-52a1-11e2-a5f2-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {917db071-3993-11e3-9480-d43d7e00e3c1} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\...\MountPoints2: {9df70fbd-e1e7-11e3-9312-d43d7e00e3c1} - G:\MotorolaDeviceManagerSetup.exe -a
ShortcutTarget: GameStop Now.lnk -> D:\Programs\GameStop App\Now\GameStopNow.exe (No File)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\02la5kkx.default
FF NetworkProxy: "backup.ftp", "68.113.83.11"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "68.113.83.11"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "68.113.83.11"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "204.84.216.200"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "204.84.216.200"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "204.84.216.200"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "204.84.216.200"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR DefaultSearchKeyword: Default -> F20F8435EBC900696F103677E808A53E26013AB8E0AAD06A919AF265A5B2D9B7
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Robert\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx
S3 MSICDSetup; \??\D:\CDriver64.sys
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys
C:\ProgramData\hash.dat
C:\Users\Robert\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegln4o.dll
C:\Users\Robert\AppData\Local\Temp\Uninstaller-3864.exe
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{05368015-56b0-408b-8de6-7096913b961d}\InprocServer32 -> dfshim.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {E421C87D-AE36-4A06-8106-E6153C2A1063} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113239542-2341569308-1830245231-1000Core.job => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113239542-2341569308-1830245231-1000UA.job => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
2014-09-15 20:56 - 2014-09-15 20:56 - 00098816 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32api.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00110080 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\pywintypes27.dll
2014-09-15 20:56 - 2014-09-15 20:56 - 00364544 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\pythoncom27.dll
2014-09-15 20:56 - 2014-09-15 20:56 - 00045568 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_socket.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 01160704 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_ssl.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00320512 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32com.shell.shell.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00713216 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_hashlib.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 01175040 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._core_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00805888 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._gdi_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00811008 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._windows_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 01062400 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._controls_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00735232 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._misc_.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00128512 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_elementtree.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00127488 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\pyexpat.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00557056 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\pysqlite2._sqlite.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00007168 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\hashobjs_ext.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00087552 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_ctypes.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00119808 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32file.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00108544 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32security.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00018432 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32event.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00038912 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32inet.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00070656 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._html2.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00167936 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32gui.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00011264 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32crypt.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00027136 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\_multiprocessing.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00686080 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\unicodedata.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00122368 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._wizard.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00010240 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\select.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00024064 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32pipe.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00025600 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32pdh.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00525640 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\windows._lib_cacheinvalidation.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00035840 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32process.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00017408 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32profile.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00022528 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32ts.pyd
2014-09-15 20:56 - 2014-09-15 20:56 - 00078336 _____ () C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._animate.pyd
AlternateDataStreams: C:\Program Files\Common Files\System:VITjh5AHqWh13DIPX5YLqlgF0
AlternateDataStreams: C:\Program Files\Common Files\System:weVHSsfSpAGphiMISjWX
AlternateDataStreams: C:\ProgramData\Microsoft:d9ihWQ99xjiG4fC0iOlTeu
AlternateDataStreams: C:\ProgramData\Microsoft:efh3UJk4YABWenaNBXUBREc2
AlternateDataStreams: C:\ProgramData\Microsoft:v7QgonSIRkpnFxkNVtpiJW6
AlternateDataStreams: C:\ProgramData\Microsoft:WcjzRb6oMkNLDu9STJcW
AlternateDataStreams: C:\Users\Robert\Cookies:LaQRIruEs0EYqFKJW9THLrzPG
AlternateDataStreams: C:\Users\Robert\AppData\Local\oq3IwN0B7:gZMtjvhEjM1AS9a6cyGkdkoZP
AlternateDataStreams: C:\Users\Robert\AppData\Local\T3tlJT94asxa0X:ux8ILFIgNhrpqxPPbn1ITT3Jp
Folder: C:\Users\Robert\AppData\Local\Super_Demo_
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB" => Key deleted successfully.
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4113239542-2341569308-1830245231-1000" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4113239542-2341569308-1830245231-1000" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12eb0929-34c9-11e2-bf44-8c89a5de8354}" => Key deleted successfully.
"HKCR\CLSID\{12eb0929-34c9-11e2-bf44-8c89a5de8354}" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{249a684e-7a44-11e2-a7b0-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{249a684e-7a44-11e2-a7b0-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a526499-f936-11e2-86bd-d43d7e00e3c1}" => Key deleted successfully.
"HKCR\CLSID\{4a526499-f936-11e2-86bd-d43d7e00e3c1}" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52d09745-ddd5-11e1-80da-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{52d09745-ddd5-11e1-80da-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5358501e-01f1-11e4-8e26-d43d7e00e3c1}" => Key deleted successfully.
"HKCR\CLSID\{5358501e-01f1-11e4-8e26-d43d7e00e3c1}" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d823bca-52a1-11e2-a5f2-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{6d823bca-52a1-11e2-a5f2-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{917db071-3993-11e3-9480-d43d7e00e3c1}" => Key deleted successfully.
"HKCR\CLSID\{917db071-3993-11e3-9480-d43d7e00e3c1}" => Key not found.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df70fbd-e1e7-11e3-9312-d43d7e00e3c1}" => Key deleted successfully.
"HKCR\CLSID\{9df70fbd-e1e7-11e3-9312-d43d7e00e3c1}" => Key not found.
D:\Programs\GameStop App\Now\GameStopNow.exe not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner" => Key not found.
"HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\ms-help" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}" => Key deleted successfully.
"HKCR\PROTOCOLS\Filter\application/octet-stream" => Key deleted successfully.
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key Deleted successfully.
"HKCR\PROTOCOLS\Filter\application/x-complus" => Key deleted successfully.
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-msdownload" => Key deleted successfully.
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Filter\application/octet-stream" => Key not found.
"HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key Deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-complus" => Key not found.
"HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-msdownload" => Key not found.
"HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key not found.
D:\Programs\GameStop App\Now\GameStopNow.exe => Should not be moved.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2" => Key deleted successfully.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2" => Key deleted successfully.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
"HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
"CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Robert\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx" => File/Directory not found.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
"C:\Users\Robert\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegln4o.dll" => File/Directory not found.
C:\Users\Robert\AppData\Local\Temp\Uninstaller-3864.exe => Moved successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{05368015-56b0-408b-8de6-7096913b961d}" => Key deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" => Key deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}" => Key deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}" => Key deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}" => Key deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}" => Key deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" => Key deleted successfully.
"HKU\S-1-5-21-4113239542-2341569308-1830245231-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E421C87D-AE36-4A06-8106-E6153C2A1063}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E421C87D-AE36-4A06-8106-E6153C2A1063}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113239542-2341569308-1830245231-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113239542-2341569308-1830245231-1000UA.job => Moved successfully.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32api.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\pywintypes27.dll" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\pythoncom27.dll" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\_socket.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\_ssl.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32com.shell.shell.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\_hashlib.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._core_.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._gdi_.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._windows_.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._controls_.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._misc_.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\_elementtree.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\pyexpat.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\pysqlite2._sqlite.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\hashobjs_ext.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\_ctypes.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32file.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32security.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32event.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32inet.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._html2.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32gui.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32crypt.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\_multiprocessing.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\unicodedata.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._wizard.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\select.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32pipe.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32pdh.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\windows._lib_cacheinvalidation.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32process.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32profile.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\win32ts.pyd" => File/Directory not found.
"C:\Users\Robert\AppData\Local\Temp\_MEI66562\wx._animate.pyd" => File/Directory not found.
C:\Program Files\Common Files\System => ":VITjh5AHqWh13DIPX5YLqlgF0" ADS removed successfully.
C:\Program Files\Common Files\System => ":weVHSsfSpAGphiMISjWX" ADS removed successfully.
C:\ProgramData\Microsoft => ":d9ihWQ99xjiG4fC0iOlTeu" ADS removed successfully.
C:\ProgramData\Microsoft => ":efh3UJk4YABWenaNBXUBREc2" ADS removed successfully.
C:\ProgramData\Microsoft => ":v7QgonSIRkpnFxkNVtpiJW6" ADS removed successfully.
C:\ProgramData\Microsoft => ":WcjzRb6oMkNLDu9STJcW" ADS removed successfully.
"C:\Users\Robert\Cookies" => ":LaQRIruEs0EYqFKJW9THLrzPG" ADS not found.
C:\Users\Robert\AppData\Local\oq3IwN0B7 => ":gZMtjvhEjM1AS9a6cyGkdkoZP" ADS removed successfully.
C:\Users\Robert\AppData\Local\T3tlJT94asxa0X => ":ux8ILFIgNhrpqxPPbn1ITT3Jp" ADS removed successfully.
 
========================= Folder: C:\Users\Robert\AppData\Local\Super_Demo_ ========================
 
2014-09-12 13:45 - 2014-09-12 13:45 - 0000000 _____ () C:\Users\Robert\AppData\Local\Super_Demo_\playerachievementcache.dat
 
====== End of Folder: ======
 
 
=========  netsh advfirewall reset =========
 
'netsh' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
'netsh' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
'ipconfig' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 423.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 17 September 2014 - 03:21 AM

Hi,

 

Please run Adwcleaner and Junkware remowal Tool.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 19 September 2014 - 07:19 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 22 September 2014 - 12:05 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users