Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with removal


  • Please log in to reply
18 replies to this topic

#1 dand999

dand999

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 01 November 2014 - 04:56 PM

I saw some icons for an Amazon and eBay shopping assistant on my Firefox toolbar. I removed them in Firefox extensions but they came back. I searched online for help and came across Spyhunter 4. I downloaded a trial version and ran it. It found 605 items. These are some of them:

conduit search/toolbar 265 infections
adserver 6 infections
adtech 3 infections
advert 28 infections
advertising 19 infections
adware helpers 18 infections
adware.slick savings 88 infections
adware/ytdownloader 8 infections
atlas dmt 7 infections
atwola 27 infections
pup.duckduckgo 52 infections

 

I couldn't remove any of these because it was a trial version.

 

I also ran Malwarebytes 2.0.3.1025 trial version. It only found about 50 things which I removed. Some of them had to do with the conduit search toolbar that Spyhunter found. I ran Spyhunter again and it found even more - about 693 and the conduit entries were still there. I also ran Hitman Pro and it found 92 items most of which look to be the same as Spyhunter found. I'm wondering why Spyhunter found so many more things. Is it looking for different programs than Malwarebytes is? I also ran AdAware and Webroot Antivirus but they didn't find anything. And I already had Norton Security Suite installed but apparently it didn't find all of these things either.

 

I know that didn't programs will find different types of malware but I certainly would have thought that AdAware and Webroot would have found some of these things. I realize that more than one program is needed these days but I was hoping to be able to have only one besides Norton.

 

Can someone tell me why AdAware and Webroot didn't find any of these things and offer a suggestion as to whether Hitman or Spyhunter would be better to purchase?

 

Any help is greatly appreciated. Thanks.



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 01 November 2014 - 06:08 PM

SpyHunter by Enigma Software is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of the company's history of employing aggressive and deceptive advertising. It has since been delisted but AV-Test has not included SpyHunter in their comprehensive testing analysis that would reveal how SpyHunter compares to the best anti-spyware in terms of protection, repair and usability. The reason for this is that the publisher, Enigma Software, has not been cooperative in submitting SpyHunter for testing at AV-Test. In my opinion it is a dubious program which is not very effective compared to others with a proven track record and I would not trust all the detections provided by its scanning engine.

Further, I have read that some newer versions of SpyHunter apparently install it's own "Compact OS" and uses Grub4Dos loader to execute on boot up. The user no longer sees the normal Windows boot menu but instead sees the GRUB menu. For some folks this has resulted in SpyHunter causing a continuous loop when attempting to boot and other issues.

When searching for new malware or malware removal assistance (and removal guides) on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which misclassify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or using a free removal tool. SpyHunter (SpyHunter-Installer.exe) is one of the most common "so-called" removal tools pushed by these sites.

If you have downloaded and scanned with SpyHunter, any detection results should be viewed with suspicion. My personal recommendation would be to remove the program and replace it with a trustworthy alternative.

* How to Uninstall SpyHunter

Note: Some users have reported that you may need to open Windows Explorer, navigate to C:\Documents and Settings\<user name>\Local Settings\Temp, look for and delete a SpyHunter related file named SHSetup.exe before uninstalling from Programs and Features (Add/Remove Programs) in Control Panel.

 

Credits to quietman7



#3 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 01 November 2014 - 06:12 PM

Hi dand999 and :welcome:

 

icon1348768721.jpgDownload Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

icon1337954655.pngPlease download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

icon1337952077.pngPlease download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

 

Thank you!
 


Edited by Alex&Vanko, 01 November 2014 - 06:12 PM.


#4 dand999

dand999
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 01 November 2014 - 08:04 PM

Thanks Alex. I had already uninstalled it. I was able to uninstall it thru programs. I rebooted and didn't have any problem logging back on so hopefully it didn't do any damage. From what you're saying maybe the results it showed weren't valid.



#5 dand999

dand999
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 01 November 2014 - 08:22 PM

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Webroot SecureAnywhere               
Ad-Aware Antivirus                   
Norton Security Suite                
Bitdefender Antivirus Free Edition   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Mozilla Firefox 28.0 Firefox out of Date!  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareService.exe
 Bitdefender Antivirus Free Edition gziface.exe  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareTray.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
 iolo Common Lib ioloServiceManager.exe
 iolo System Mechanic iologovernor64.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Dan (administrator) on 01-11-2014 at 20:18:25
Running from "C:\Users\Dan\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (11/01/2014 07:44:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000304,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000230F1D0.72).  hr = 0x80070005, Access is denied.
.

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000013fc,(null),0,REG_BINARY,000000000C94DD60.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {bbc76cac-e90a-44f6-b70b-b04f6361173c}

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000032c,(null),0,REG_BINARY,000000000B5EE0C0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9d2365de-55ba-4ded-8434-5c056b68c8f1}

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000728,(null),0,REG_BINARY,000000000322DF30.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {bdde6d28-7c55-4a7a-a24b-c6f0c2becd76}

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000214,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000000370EF00.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {81570865-6a63-4cde-85d5-5fad2c3ee66f}

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000021BEB30.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {3468c49f-c9f2-4580-a9a0-50fe57799f90}

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000013fc,(null),0,REG_BINARY,000000000C94DD60.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {bbc76cac-e90a-44f6-b70b-b04f6361173c}

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000001E2EE60.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {a210c586-664b-4296-87cd-7cd2d290b5a5}

Error: (11/01/2014 07:01:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000032c,(null),0,REG_BINARY,000000000B5EE0C0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9d2365de-55ba-4ded-8434-5c056b68c8f1}


System errors:
=============
Error: (11/01/2014 07:40:38 PM) (Source: DCOM) (User: )
Description: {6F722974-5E92-11E1-9F50-001676586DF8}

Error: (11/01/2014 07:37:50 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (11/01/2014 07:37:45 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (11/01/2014 07:34:10 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (11/01/2014 06:47:38 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/01/2014 03:58:39 PM) (Source: Service Control Manager) (User: )
Description: The bdfwfpf service failed to start due to the following error:
%%2

Error: (11/01/2014 01:18:06 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/31/2014 04:24:41 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/30/2014 01:45:31 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/30/2014 06:29:12 AM) (Source: DCOM) (User: )
Description: {6F722974-5E92-11E1-9F50-001676586DF8}


Microsoft Office Sessions:
=========================
Error: (11/01/2014 07:44:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000304,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000230F1D0.72)0x80070005, Access is denied.

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000013fc,(null),0,REG_BINARY,000000000C94DD60.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {bbc76cac-e90a-44f6-b70b-b04f6361173c}

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x0000032c,(null),0,REG_BINARY,000000000B5EE0C0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9d2365de-55ba-4ded-8434-5c056b68c8f1}

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000728,(null),0,REG_BINARY,000000000322DF30.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {bdde6d28-7c55-4a7a-a24b-c6f0c2becd76}

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000214,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000000370EF00.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {81570865-6a63-4cde-85d5-5fad2c3ee66f}

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000001d4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000021BEB30.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {3468c49f-c9f2-4580-a9a0-50fe57799f90}

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000013fc,(null),0,REG_BINARY,000000000C94DD60.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {bbc76cac-e90a-44f6-b70b-b04f6361173c}

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000001e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000001E2EE60.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {a210c586-664b-4296-87cd-7cd2d290b5a5}

Error: (11/01/2014 07:01:16 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x0000032c,(null),0,REG_BINARY,000000000B5EE0C0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9d2365de-55ba-4ded-8434-5c056b68c8f1}



=========================== Installed Programs ============================
Acronis True Image WD Edition (HKLM-x32\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14157 - Acronis)
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BESTDirect 8 (HKLM-x32\...\{F8BD5E4D-7B76-4AED-BE14-0CEBC1E04FF3}) (Version: 1.0.697 - BESTDirect)
Beyond Compare 3.3.12 (HKCU\...\BeyondCompare3_is1) (Version: 3.3.12.18414 - Scooter Software)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{2C5BEB65-2CCC-4A28-99EA-12667FD185BA}) (Version: 1.32.0 - Kovid Goyal)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Compare It! (HKLM-x32\...\Compare It!_is1) (Version: 4.0 - Grig Software)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CycleTimer (HKLM-x32\...\{45B79548-7171-11D5-A1FD-F5EABC70E32B}) (Version: 1.0.4 - Stock Market Geometry)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.64 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.64 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow v1.1.3949 [2011-07-25] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3949.0 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.114 - Foxit Corporation)
FXCM Trading Station (HKCU\...\FXCM Trading Station) (Version: 011212 - )
FXCM Trading Station (x32 Version: 011212 - FXCM) Hidden
Galactic Trader 4 (HKLM-x32\...\Galactic Trader 4) (Version:  - )
Gannalyst Professional 5.0 (HKLM-x32\...\Gannalyst Professional 5.0_is1) (Version:  - Gannalyst.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.11500.4.273 - Nero AG) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
InfinityAT (HKLM-x32\...\BB29F88B-A742-4E2C-B0F3-FFEC11E1BA06) (Version: 5.5.4 - TransAct Futures LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.1 - iolo technologies, LLC)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LifeJournal2 (HKLM-x32\...\LifeJournal2) (Version:  - )
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Player Codec Pack 4.2.4 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Network Recording Player (HKLM-x32\...\{E7E14276-5BF9-4967-934A-445E1AE5ECB6}) (Version: 29.2.0.23 - Cisco WebEx LLC)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 4.5.0.34 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Control Panel 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboForm 7-9-9-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Sentinel Protection Installer 7.4.0 (HKLM-x32\...\{5A180ED5-0AC1-410A-B790-5E0319CD0A93}) (Version: 7.4.0 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.11200.10.102 - Nero AG) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TradeStation 9.0 (HKLM-x32\...\{6EF11260-2361-409D-B91C-373D8732EED8}) (Version: 9.0.0.8997 - TradeStation Technologies)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1723 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0379 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0164 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1755 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0463 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0162 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax 2013 wtniper (x32 Version: 013.000.0927 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wave59 PRO 2.10 (HKLM-x32\...\Wave59_PRO_UNINST) (Version: 2.10 - Wave59 Technologies)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.131 - Webroot)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 12270.45 MB
Available physical RAM: 8873.23 MB
Total Pagefile: 27268.63 MB
Available Pagefile: 23417.69 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.21 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:917.76 GB) (Free:235.28 GB) NTFS
3 Drive e: () (Fixed) (Total:465.76 GB) (Free:238.64 GB) NTFS

========================= Users: ========================================

User accounts for \\DAN-PC

Administrator            Dan                      Guest                    
UpdatusUser              


**** End of log ****
 

Farbar Service Scanner Version: 21-07-2014
Ran by Dan (administrator) on 01-11-2014 at 20:20:29
Running from "C:\Users\Dan\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Thanks Alex



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 02 November 2014 - 03:41 PM

Ok but too many antiviruses you have.Ad Aware by Lavasoft and Webroot uninstall/not so good for antivirus/.Also Bitdefender free.Stay with Norton.

 

icon1349013334.jpgPlease download AdwCleaner by XplodeHERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

icon1351185104.pngPlease download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

icon1356707420.jpgDownload Malwarebytes' Anti-Malware Free HERE to your desktop.Yes you have it.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop

    Be sure to restart the computer if requested.

esetsmartinstaller_enu.pngPlease download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish
The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

Note: Do not forget to re-enable your antivirus application after running the above scan!

 

Thank you!
 



#7 dand999

dand999
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 04 November 2014 - 08:28 AM

I'm sorry it took me so long to get back to you. I didn't receive an email that you had posted again.

 

I had already installed AdwCleaner and run it several times before your email. There is no S1 log. Here are the other logs:

 

R0

# AdwCleaner v3.311 - Report created 01/11/2014 at 13:56:18
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - DAN-PC
# Running from : C:\Users\Dan\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\Program Files (x86)\Tbccint
Folder Found : C:\ProgramData\Tbccint
Folder Found : C:\Users\Dan\AppData\Local\NativeMessaging
Folder Found : C:\Users\Dan\AppData\Local\Tbccint
Folder Found : C:\Users\Dan\AppData\LocalLow\Tbccint
Folder Found : C:\Users\Dan\AppData\Roaming\Browser Extensions
Folder Found : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Users\Dan\AppData\Roaming\Search Protection

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Search Protection
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Tbccint
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKCU\Software\Tbccint
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Tbccint
Key Found : [x64] HKCU\Software\Tbccint_HKLM
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3312269
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3312269
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Search Protection]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\prefs.js ]

Line Found : user_pref("CT3312269.FF19Solved", "true");
Line Found : user_pref("CT3312269.UserID", "UN38647158872050327");
Line Found : user_pref("CT3312269.dum", "2");
Line Found : user_pref("CT3312269.fullUserID", "UN38647158872050327.IN.20140614165303");
Line Found : user_pref("CT3312269.installDate", "14/06/2014 16:53:05");
Line Found : user_pref("CT3312269.installSessionId", "24e78020-df4b-4938-8abc-d49a699e0a36");
Line Found : user_pref("CT3312269.installSp", "false");
Line Found : user_pref("CT3312269.installUsage", "15/06/2014 07:21:55");
Line Found : user_pref("CT3312269.installUsageEarly", "15/06/2014 07:21:55");
Line Found : user_pref("CT3312269.installerVersion", "1.11.0.9");
Line Found : user_pref("CT3312269.searchRevert", "false");
Line Found : user_pref("CT3312269.searchUninstallUserMode", "4");
Line Found : user_pref("CT3312269.searchUserMode", "4");
Line Found : user_pref("CT3312269.toolbarInstallDate", "14-06-2014 16:53:04");
Line Found : user_pref("CT3312269.versionFromInstaller", "10.31.2.1");
Line Found : user_pref("CT3312269.xpeMode", "1");
Line Found : user_pref("smartbar.machineId", "Q/7C25KIXDCFL9CCBQYGPUEPEOYHOQXHTQKHUSVESBLWLA6PQUI1GVVOLY+C2Z6QILX7S/T7RLOS2OMAPKNDBG");
Line Found : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=242154&p={searchTerms}");

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ewo55h6e.default\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN15082825762702217&ctid=CT3289847&UM=2
Found [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
Found [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [5351 octets] - [01/11/2014 13:56:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5411 octets] ##########
 

R1

# AdwCleaner v3.311 - Report created 03/11/2014 at 22:59:51
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - DAN-PC
# Running from : C:\Users\Dan\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\prefs.js ]

Line Found : user_pref("startpage.ntsearch_url", "hxxp://search.yahoo.com/search?ei=utf-8&fr=spigot-nt-ff&type=0&ilc=12&p={searchTerms}");

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ewo55h6e.default\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5515 octets] - [01/11/2014 12:56:18]
AdwCleaner[R1].txt - [1142 octets] - [03/11/2014 22:59:51]
AdwCleaner[S0].txt - [5377 octets] - [01/11/2014 13:37:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1262 octets] ##########
 

S0

# AdwCleaner v3.311 - Report created 01/11/2014 at 14:37:58
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - DAN-PC
# Running from : C:\Users\Dan\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\Users\Dan\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Dan\AppData\Local\Tbccint
Folder Deleted : C:\Users\Dan\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Dan\AppData\Roaming\Browser Extensions
Folder Deleted : C:\Users\Dan\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\Extensions\anttoolbar@ant.com
File Deleted : C:\END

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3312269
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3312269
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\prefs.js ]

Line Deleted : user_pref("CT3312269.FF19Solved", "true");
Line Deleted : user_pref("CT3312269.UserID", "UN38647158872050327");
Line Deleted : user_pref("CT3312269.dum", "2");
Line Deleted : user_pref("CT3312269.fullUserID", "UN38647158872050327.IN.20140614165303");
Line Deleted : user_pref("CT3312269.installDate", "14/06/2014 16:53:05");
Line Deleted : user_pref("CT3312269.installSessionId", "24e78020-df4b-4938-8abc-d49a699e0a36");
Line Deleted : user_pref("CT3312269.installSp", "false");
Line Deleted : user_pref("CT3312269.installUsage", "15/06/2014 07:21:55");
Line Deleted : user_pref("CT3312269.installUsageEarly", "15/06/2014 07:21:55");
Line Deleted : user_pref("CT3312269.installerVersion", "1.11.0.9");
Line Deleted : user_pref("CT3312269.searchRevert", "false");
Line Deleted : user_pref("CT3312269.searchUninstallUserMode", "4");
Line Deleted : user_pref("CT3312269.searchUserMode", "4");
Line Deleted : user_pref("CT3312269.toolbarInstallDate", "14-06-2014 16:53:04");
Line Deleted : user_pref("CT3312269.versionFromInstaller", "10.31.2.1");
Line Deleted : user_pref("CT3312269.xpeMode", "1");
Line Deleted : user_pref("smartbar.machineId", "Q/7C25KIXDCFL9CCBQYGPUEPEOYHOQXHTQKHUSVESBLWLA6PQUI1GVVOLY+C2Z6QILX7S/T7RLOS2OMAPKNDBG");
Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=242154&p={searchTerms}");

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ewo55h6e.default\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN15082825762702217&ctid=CT3289847&UM=2
Deleted [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [5515 octets] - [01/11/2014 13:56:18]
AdwCleaner[S0].txt - [5229 octets] - [01/11/2014 14:37:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5289 octets] ##########

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dan on Tue 11/04/2014 at  6:30:43.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9b27172-7b82-4de1-9249-b93666370498}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b9b27172-7b82-4de1-9249-b93666370498}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9b27172-7b82-4de1-9249-b93666370498}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b9b27172-7b82-4de1-9249-b93666370498}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dan\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Dan\appdata\local\{07D232B3-94DE-4B54-8794-BE62DCCBF336}
Successfully deleted: [Empty Folder] C:\Users\Dan\appdata\local\{2D5B938A-0D8F-40A9-B0E5-4EE3108F2D29}
Successfully deleted: [Empty Folder] C:\Users\Dan\appdata\local\{EFECBF1A-5308-494F-8BD7-45F3A6FD30A8}



~~~ FireFox

Successfully deleted the following from C:\Users\Dan\AppData\Roaming\mozilla\firefox\profiles\0vplr8mk.default\prefs.js

user_pref("extensions.disconnect.whitelist", "{\"latimes.com\":{\"Disconnect\":{\"whitelisted\":false,\"services\":{\"Google\":true}}},\"mediafire.com\":{\"Disconnect\":{\"whi
Emptied folder: C:\Users\Dan\AppData\Roaming\mozilla\firefox\profiles\0vplr8mk.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/04/2014 at  6:34:37.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ESET

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cee485783b8802489d685efc18a28bd7
# engine=20918
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-04 07:37:43
# local_time=2014-11-04 01:37:43 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 87 100 0 165662759 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 166630113 0 0
# compatibility_mode_1='Webroot SecureAnywhere'
# compatibility_mode=16130 16777213 100 100 124197 124211 0 0
# scanned=386668
# found=34
# cleaned=34
# scan_time=7967
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-155409267-1499084985-28579711-1000\$RM8DMT8.exe"
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-155409267-1499084985-28579711-1000\$RR15ZSZ.exe"
sh=650466EB7FDBDBD8E33DC9AFC66F63442E745BE4 ft=1 fh=398f72d8e2df4fd2 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\Multi\CT3312269\UninstallerUI.exe.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\NativeMessaging\CT3312269\1_0_2_0\TBMessagingHost.exe.vir"
sh=567AE4202DCE896B48CDE76F53ED25FCE46D8C79 ft=1 fh=fc69bf772f53d633 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Tbccint\Chrome\CT3312269\CHUninstaller.exe.vir"
sh=600FBBC40ED167BA0F95D8E4C0AE2788D2A968A6 ft=1 fh=fc000b2015489d24 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Tbccint\Chrome\CT3312269\UninstallerUI.exe.vir"
sh=CD33CBDA7D10B82373289FA04D9FAFA9EAC73EB7 ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Roaming\Browser Extensions\coupons_3.2.xpi.vir"
sh=A358970E2D28B923203D0AD0BDA2AD8559925E45 ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Roaming\Browser Extensions\coupons_3.3.xpi.vir"
sh=D36268DFD278AC934E61E86BECFF58D5ED022531 ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Roaming\Browser Extensions\saamazon_1.7.xpi.vir"
sh=A4789C4DF004E3CC3A75322399BEBA9E21BC5980 ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Roaming\Browser Extensions\saamazon_1.8.xpi.vir"
sh=BBA394AF2475124756D1831C2D642380C91C1443 ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Roaming\Browser Extensions\saebay_1.7.xpi.vir"
sh=950C6750EAF8A2FF5755CE5E5DCEA23DFB55B84F ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Roaming\Browser Extensions\saebay_1.8.xpi.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=AA14F1BC268D98D06388BE603C92F601B2F12D27 ft=1 fh=ad5e90697b074394 vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=10EA7B3893F0E9773CDA44926AB414DBFEAE8808 ft=1 fh=a9247b2192b6b140 vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=E5D653BA4D47BFB2E3ECB591D1586857A90E84FD ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\Local\CRE\ldmmfhnlekjcmmmlfkhmbhalnokjannj.crx"
sh=F96DA94717A42485BFA09554472D1669B972A051 ft=1 fh=16edae702d5a3472 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\LocalLow\AccuWeather\hk64tbAccu.dll"
sh=BFFE5205E1E634259011D14420D2A522291DF4EE ft=1 fh=d361417ca891f53c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\LocalLow\AccuWeather\hktbAccu.dll"
sh=C2A322173BFE435CA8D1E821F5A0DCB97A5C7F2D ft=1 fh=a133df1df4cb7951 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\LocalLow\AccuWeather\ldrtbAcc0.dll"
sh=C2A322173BFE435CA8D1E821F5A0DCB97A5C7F2D ft=1 fh=a133df1df4cb7951 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\LocalLow\AccuWeather\ldrtbAccu.dll"
sh=97D24FECAD3F726C56C0303CC66B4576877E9868 ft=1 fh=f7ae4dc8920ef0d0 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\LocalLow\AccuWeather\prxtbAcc0.dll"
sh=97D24FECAD3F726C56C0303CC66B4576877E9868 ft=1 fh=f7ae4dc8920ef0d0 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\LocalLow\AccuWeather\prxtbAccu.dll"
sh=F2D0E0D3645DDD751F293C391C560C4142FCD1D3 ft=1 fh=2fcbc68ed4edd523 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\LocalLow\AccuWeather\tbAccu.dll"
sh=94EE10B52B0D5BEA956D085BC19CE8D50568C41E ft=1 fh=b884faf26b5d7064 vn="a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\AppData\LocalLow\Google\GoogleEarth\webdata\f_0013a6"
sh=CB3802B6435A9F476743476150958C22F56F6F74 ft=1 fh=c8b6d0dc4a70692b vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dan\Documents\Temp\FCTBSetup.exe"
sh=1A43F9C0CF7AA6D4D52C1C6DAB494311246C6F51 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\cf3146.msi"
sh=3ABBD85349AB45CBE87BA78C0EEF1E64887CCC91 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBZ trojan (cleaned by deleting - quarantined)" ac=C fn="E:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\6.0\15\19989bcf-57a076e5"
sh=5C3640349687BBC1E849512C8248CCF2D3A633BD ft=1 fh=2694d8c453c0ca24 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Documents and Settings\Dan\My Documents\Downloads\FoxitReader501.0523_enu_Setup.exe"
sh=CB3802B6435A9F476743476150958C22F56F6F74 ft=1 fh=c8b6d0dc4a70692b vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Documents and Settings\Dan\My Documents\Temp\FCTBSetup.exe"
 

I had also already installed and run the trial version of Malwarebytes several times. I uninstalled the version I downloaded and installed from your link and ran it. There was nothing in the log. Thanks.
 



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 04 November 2014 - 10:35 AM

Download 51a5ce45263de-delfix.pngDelfix by Xplode HERE to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

    Activate UAC (optional; some users prefer to keep it off)
    Remove disinfection tools
    Create registry backup
    Reset system settings


Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

 

After that:

 

icon1365009334.jpgDownload HitmanPro x64 HERE onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!
 



#9 dand999

dand999
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 04 November 2014 - 11:04 AM

Hitman was the one new program that I bought.

 

HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : DAN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Dan-PC\Dan
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (363 days left)

   Scan date . . . . . . : 2014-11-04 09:53:03
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14

   Objects scanned . . . : 2,296,766
   Files scanned . . . . : 100,963
   Remnants scanned  . . : 791,163 files / 1,404,640 keys

Cookies _____________________________________________________________________

   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:ads.trafficjunky.net
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:adtechus.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:ar.atwola.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:at.atwola.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:atwola.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:collective-media.net
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:media6degrees.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:pornhub.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:revsci.net
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:serving-sys.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\0vplr8mk.default\cookies.sqlite:track.adform.net
 

#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 04 November 2014 - 11:26 AM

Ok apply action in order to remove Cookies.

Can someone tell me why AdAware and Webroot didn't find any of these things and offer a suggestion as to whether Hitman or Spyhunter would be better to purchase?

Hitman yes another ones no!

So what is the situation now according to your first post?

 

Thank you!



#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 04 November 2014 - 11:31 AM

Did you run SpywareBlaster 5.0? And what it has found?



#12 dand999

dand999
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 04 November 2014 - 03:58 PM

Spyblaster is protecting all browsers and for each it says 0 items have protection disabled. I ran Norton again and Hitman. Norton said it found 61 items while it was running but when it was finished and I looked in the log, I only saw one cookie that it had removed. Hitman didn't find anything.

 

So you think that I only need Norton, Spyblaster and Hitman for protection? Can you recommend a program to defrag and cleanup the registry occassionally?

 

Thanks so much for all of your help.



#13 dand999

dand999
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 04 November 2014 - 04:03 PM

I just noticed that I said Spyblaster in the previous message but it's SpywareBlaster that I have.



#14 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 04 November 2014 - 04:48 PM

Update java - https://java.com/en/download/index.jsp

Also Adobe Flash - http://get.adobe.com/flashplayer/

Uncheck optional offer.

 

Yse but Spywareblaster has a scan option I think.So did you do this?

Not familiar with Norton I don`t know the way to combine with another protection software.

 

Auslogics Disk Defrag Free and for registry nothing because causes problems.I have used many,because installing and uninstalling many programs every day.But at the end reinstall Windows.



#15 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 04 November 2014 - 05:07 PM

This Spywareblaster is free I think and recommended here.But Malwarebytes and Superantispyware are better ones.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users