Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GoSave 2.0 Extention Tool in Google Chrome Virus that memory wipes my laptop.


  • This topic is locked This topic is locked
26 replies to this topic

#1 sniperboo

sniperboo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:54 PM

Posted 20 November 2014 - 07:29 PM

Hello there, guys!

 

So I seem to have been infected with a virus of some sort, I've been browsing the Security forums for about a week now and I've seen that there are others that have encountered the same problem as me.

Mine however, is a bit different. I think.

So basically, this GoSave 2.0 extension tool that I have in Google Chrome keeps attempting to run in 'Developer Mode', it also refuses to be deleted from the extension list. I have no recollection of ever downloading this tool, let alone searching for it.

I'm lucky to even be posting this topic to be honest, for the past few days I've had to run several System Recoveries because everything on my laptop wipes whenever my Panda Internet Security 'neutralizes' the infection.
It generally starts off with my laptop slowing down heavily, sound cutting off, internet cutting off and then everything from iTunes to my Computer Panel being completely 'removed'. When this happens, anything I try to open literally doesn't exist any more on my laptop.

I've tried searching for files or programs related to 'GoSave 2.0' on my laptop and deleting it, but I have been unable to come across anything at all.

I've read the 'Preparation Guide' and I've backed up all of my important documents, pictures etc.



Here is the DDS.txt file:


 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.15.2
Run by 831 at 23:52:56 on 2014-11-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1261 [GMT 0:00]
.
AV: Panda Global Protection 2014 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Global Protection 2014 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2014 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\TPSrvWow.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2014\WebProxy.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\pavsrvx86.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\AVENGINE.EXE
c:\program files (x86)\panda security\panda global protection 2014\firewall\PSHOST.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PsImSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\ApVxdWin.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\SRVLOAD.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PavBckPT.exe
C:\Windows\system32\wuauclt.exe
C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2014\TPSRVAUX.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uProxyServer = 168.144.97.202:3128
uProxyOverride = 127.0.0.1:9421;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: GoSave: {cc5adb64-a865-4876-a30c-aa85ca5eb182} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\Inicio.exe"
mRun: [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8E9089E1-0461-4F60-8150-1E334629ABB7} - hxxp://webdown2.nexon.co.jp/arad/real/installer/arad_dis.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{AC2BC68D-DF1F-4CAF-9AD0-EDEC3F190646} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AC2BC68D-DF1F-4CAF-9AD0-EDEC3F190646}\244584F6D65684572623D243936335 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AC2BC68D-DF1F-4CAF-9AD0-EDEC3F190646}\2454C4C4336313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AC2BC68D-DF1F-4CAF-9AD0-EDEC3F190646}\4514C4B44514C4B4D2033363543493 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AC2BC68D-DF1F-4CAF-9AD0-EDEC3F190646}\84F676771627473784967686771697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AC2BC68D-DF1F-4CAF-9AD0-EDEC3F190646}\C6F62746026716C6B697279656 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: GoSave: {cc5adb64-a865-4876-a30c-aa85ca5eb182} - 
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: avldr - avldr64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\831\AppData\Roaming\Mozilla\Firefox\Profiles\4vz9rom2.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\831\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2013-9-5 71432]
R2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2013-9-5 129096]
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2013-9-5 15928]
R2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2013-9-5 82952]
R2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2013-9-5 31752]
R2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2013-9-5 78920]
R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2013-9-5 170504]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2013-9-5 216648]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe  "%1" %*
FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe  "%1" %*
FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*
FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*
FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe  "%1" %*
.
=============== Created Last 30 ================
.
2014-11-20 05:56:33 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23DF001C-F7EF-4549-8BFC-D8EDC09F08F6}\offreg.dll
2014-11-19 23:36:38 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 23:36:38 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-19 23:36:37 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-19 23:36:37 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 23:36:37 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 23:36:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-19 23:36:37 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-19 23:36:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-19 23:36:32 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-19 23:36:32 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-19 23:34:57 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-19 23:34:54 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-19 23:32:14 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23DF001C-F7EF-4549-8BFC-D8EDC09F08F6}\mpengine.dll
2014-11-19 21:21:02 -------- d-----w- C:\ProgramData\Recovery
2014-11-18 13:21:38 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-10-31 16:41:51 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-30 20:15:59 400968 ----a-w- C:\Program Files\Internet Explorer\msdbg2.dll
2014-10-27 15:01:21 -------- d-----w- C:\ProgramData\GoSave
2014-10-27 15:00:41 -------- d-----w- C:\ProgramData\fcf961673ea47d1a
2014-10-27 15:00:39 -------- d-----w- C:\Users\831\AppData\Local\Torch
2014-10-27 15:00:39 -------- d-----w- C:\Users\831\AppData\Local\Chromatic Browser
2014-10-27 15:00:38 -------- d-----w- C:\Users\831\AppData\Local\Comodo
.
==================== Find3M  ====================
.
2014-11-12 01:56:53 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 01:56:53 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-04 14:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 20:15:59 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-30 20:15:53 13824 ----a-w- C:\Windows\System32\mshta.exe
2014-10-30 20:15:52 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-10-30 20:15:51 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-10-30 20:15:51 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-10-30 20:15:50 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-10-30 20:15:49 48128 ----a-w- C:\Windows\System32\imgutil.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 23:57:15.56 ===============

Attached File  attach.txt   17.71KB   0 downloads




Thank you guys in advance! Really appreciated!

John


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:54 PM

Posted 25 November 2014 - 07:02 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:54 PM

Posted 27 November 2014 - 03:52 PM

Hello,

 

Do you still need assistance?

 

 

Regards,

Georgi


cXfZ4wS.png


#4 sniperboo

sniperboo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:54 PM

Posted 28 November 2014 - 10:25 AM

Hello, Georgi!


Sincerest apologies for the late reply; I've only just returned home after dealing with some outside business.

Bear with me one moment.


Thanks,
John



#5 sniperboo

sniperboo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:54 PM

Posted 28 November 2014 - 11:48 AM

Heya, Georgi!


Thank you so much for your patience!

I really appreciate you taking time out of your own life to help me out here! Much respect!


Here are the following .txts you asked for:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by 831 (administrator) on 831-HP on 28-11-2014 16:27:19
Running from C:\Users\831\Downloads
Loaded Profile: 831 (Available profiles: 831)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\psksvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\TPSrvWow.exe
(Panda Security) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\WebProxy.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PsCtrlS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PavFnSvr.exe
(Panda Security, S.L.) C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\pavsrvx86.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\AVENGINE.EXE
(Panda Security International) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\FIREWALL\PSHost.exe
(Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PsImSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\ApVxdWin.exe
(Google Inc.) C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Google Inc.) C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\SrvLoad.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PavBckPT.exe
(Google Inc.) C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APVXDWIN] => C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\APVXDWIN.EXE [1062880 2013-07-05] (Panda Security, S.L.)
HKLM-x32\...\Run: [SCANINICIO] => C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\Inicio.exe [70432 2012-11-08] (Panda Security, S.L.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-07] (Easybits)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\avldr: C:\Windows\SYSTEM32\avldr64.dll (On-Access Anti-Malware Scanner Sync)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3933245322-2934227867-2511158935-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3933245322-2934227867-2511158935-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-09-01] (Sony)
HKU\S-1-5-21-3933245322-2934227867-2511158935-1000\...\MountPoints2: {3ccc2110-5877-11e3-8f56-68b59965fa07} - F:\Startme.exe
Startup: C:\Users\831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3933245322-2934227867-2511158935-1000] => 168.144.97.202:3128
HKU\S-1-5-21-3933245322-2934227867-2511158935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-3933245322-2934227867-2511158935-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {6B9F627D-CD24-406E-B0EA-1149302655D6} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D15B35D2-A8DE-4D8B-9FD8-63BDE0E51DE9} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {6B9F627D-CD24-406E-B0EA-1149302655D6} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D15B35D2-A8DE-4D8B-9FD8-63BDE0E51DE9} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {E7FD1777-0D9B-4AA4-8330-165EC772BB15} URL = 
SearchScopes: HKU\.DEFAULT -> {6B9F627D-CD24-406E-B0EA-1149302655D6} URL = 
SearchScopes: HKU\S-1-5-21-3933245322-2934227867-2511158935-1000 -> {6B9F627D-CD24-406E-B0EA-1149302655D6} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3933245322-2934227867-2511158935-1000 -> {D15B35D2-A8DE-4D8B-9FD8-63BDE0E51DE9} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: GoSave -> {cc5adb64-a865-4876-a30c-aa85ca5eb182} -> C:\Program Files (x86)\GoSave\dzbm077FiFbFKh.x64.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: GoSave -> {cc5adb64-a865-4876-a30c-aa85ca5eb182} -> C:\Program Files (x86)\GoSave\dzbm077FiFbFKh.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
DPF: HKLM-x32 {8E9089E1-0461-4F60-8150-1E334629ABB7} http://webdown2.nexon.co.jp/arad/real/installer/arad_dis.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-15] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\831\AppData\Roaming\Mozilla\Firefox\Profiles\4vz9rom2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3933245322-2934227867-2511158935-1000: @tools.google.com/Google Update;version=3 -> C:\Users\831\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3933245322-2934227867-2511158935-1000: @tools.google.com/Google Update;version=9 -> C:\Users\831\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Dictionnaire français «Moderne» - C:\Users\831\AppData\Roaming\Mozilla\Firefox\Profiles\4vz9rom2.default\Extensions\fr-moderne@dictionaries.addons.mozilla.org [2011-10-07]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\831\AppData\Roaming\Mozilla\Firefox\Profiles\4vz9rom2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-08-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-11-07]
FF HKU\S-1-5-21-3933245322-2934227867-2511158935-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-10]
FF Extension: No Name - C:\Program Files (x86)\Fiddler2\FiddlerHook [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\831\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\831\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (AdBlock) - C:\Users\831\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-27]
CHR Extension: (Hola Better Internet) - C:\Users\831\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-27]
CHR Extension: (GoSave) - C:\Users\831\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\831\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR StartMenuInternet: Google Chrome - C:\Users\831\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4726616 2012-01-03] (INCA Internet Co., Ltd.)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.)
R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.)
R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
R2 PSHost; c:\program files (x86)\panda security\panda global protection 2014\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Global Protection 2014\TPSrvWow.exe [173816 2014-02-25] (Panda Security, S.L.)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-10-08] (Wellbia.com Co., Ltd.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.)
R2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
R2 ComFiltr; C:\Windows\system32\DRIVERS\COMFiltr.sys [15928 2013-09-05] ()
R2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
R2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
R2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
R2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-01] (Panda Security, S.L.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.)
S3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [45440 2007-01-18] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
R1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.)
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
R2 WNMFLT; C:\Windows\system32\Drivers\WNMFLT64.SYS [74760 2009-09-25] (Panda Security, S.L.)
S3 dump_wmimmc; \??\C:\AeriaGames\MetalAssault\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 npkcusb; \??\C:\Users\831\Desktop\RO - Copy\npkcusb.sys [X]
R3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
S3 SbieDrv; \??\C:\Users\831\Desktop\Sandboxie\SbieDrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 16:27 - 2014-11-28 16:28 - 00021591 _____ () C:\Users\831\Downloads\FRST.txt
2014-11-28 16:26 - 2014-11-28 16:27 - 00000000 ____D () C:\FRST
2014-11-28 16:24 - 2014-11-28 16:25 - 02117632 _____ (Farbar) C:\Users\831\Downloads\FRST64.exe
2014-11-20 23:57 - 2014-11-20 23:57 - 00018140 _____ () C:\Users\831\Desktop\attach.txt
2014-11-20 23:57 - 2014-11-20 23:57 - 00017113 _____ () C:\Users\831\Desktop\dds.txt
2014-11-20 23:51 - 2014-11-20 23:51 - 00688992 ____R (Swearware) C:\Users\831\Downloads\dds.com
2014-11-20 02:55 - 2014-11-20 04:09 - 3491952221 _____ () C:\Users\831\Desktop\Music.rar
2014-11-20 02:47 - 2014-11-20 02:53 - 600419794 _____ () C:\Users\831\Desktop\100 NIKON.rar
2014-11-20 02:42 - 2014-11-20 02:44 - 212783331 _____ () C:\Users\831\Desktop\Covers.rar
2014-11-20 02:42 - 2014-11-20 02:42 - 47119806 _____ () C:\Users\831\Desktop\ScreenShot2.rar
2014-11-20 02:39 - 2014-11-20 02:39 - 81210047 _____ () C:\Users\831\Desktop\ScreenShot.rar
2014-11-19 23:36 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 23:36 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 23:36 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 23:36 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 23:36 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-19 23:36 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-19 23:36 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-19 23:36 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-19 23:36 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-19 23:36 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-19 23:35 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-19 23:35 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-19 23:35 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-19 23:35 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-19 23:35 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-19 23:35 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-19 23:35 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-19 23:35 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-19 23:35 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-19 23:35 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-19 23:35 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-19 23:35 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-19 23:35 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-19 23:35 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-19 23:34 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-19 23:34 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-19 21:21 - 2014-11-19 23:36 - 00000000 ____D () C:\ProgramData\Recovery
2014-11-18 13:31 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-18 13:31 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-18 13:31 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-18 13:31 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-18 13:31 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-18 13:31 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-18 13:31 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-18 13:31 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-18 13:31 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-18 13:31 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-18 13:31 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-18 13:31 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-18 13:31 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-18 13:31 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-18 13:31 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-18 13:31 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-18 13:31 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-18 13:31 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-18 13:31 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-18 13:31 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-18 13:31 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-18 13:31 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-18 13:31 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-18 13:31 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-18 13:31 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-18 13:31 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-18 13:30 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-18 13:30 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-18 13:30 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-18 13:30 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-18 13:30 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-18 13:30 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-18 13:30 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-18 13:30 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-18 13:30 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-18 13:30 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-18 13:30 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-18 13:30 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-18 13:30 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-18 13:30 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-18 13:30 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-18 13:30 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-18 13:30 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-18 13:30 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-18 13:30 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-18 13:30 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-18 13:30 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-18 13:30 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-18 13:30 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-18 13:30 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-18 13:30 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-18 13:30 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-18 13:30 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-18 13:30 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-18 13:30 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-18 13:30 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-18 13:27 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-18 13:27 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-18 13:27 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-18 13:27 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-18 13:22 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-18 13:22 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-18 13:22 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-18 13:22 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-18 13:22 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-18 13:22 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-18 13:22 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-18 13:22 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-18 13:22 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-18 13:22 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-18 13:21 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:31 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:31 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:31 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:31 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:31 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:31 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:31 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:31 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 11:25 - 2014-11-12 11:25 - 00959864 _____ () C:\Windows\Minidump\111214-24772-01.dmp
2014-11-11 14:57 - 2014-11-12 11:25 - 419922837 _____ () C:\Windows\MEMORY.DMP
2014-11-09 14:09 - 2014-11-28 15:19 - 00001792 _____ () C:\Windows\setupact.log
2014-11-09 14:09 - 2014-11-09 14:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-01 20:54 - 2014-11-20 02:44 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFor831
2014-11-01 20:54 - 2014-11-20 02:44 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleFor831.job
2014-10-30 20:24 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-10-30 20:16 - 2014-10-30 20:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-30 20:16 - 2014-10-30 20:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-30 20:16 - 2014-10-30 20:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-30 20:16 - 2014-10-30 20:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-30 20:16 - 2014-10-30 20:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-30 20:16 - 2014-10-30 20:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-30 20:16 - 2014-10-30 20:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-30 20:16 - 2014-10-30 20:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-30 20:16 - 2014-10-30 20:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-30 20:15 - 2014-10-30 20:15 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-30 20:15 - 2014-10-30 20:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-30 20:15 - 2014-10-30 20:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-30 20:15 - 2014-10-30 20:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-30 20:15 - 2014-10-30 20:15 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-30 20:15 - 2014-10-30 20:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 16:25 - 2013-09-05 03:15 - 00385208 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT.bck
2014-11-28 16:25 - 2013-09-05 03:15 - 00385208 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT
2014-11-28 16:07 - 2011-10-10 05:48 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933245322-2934227867-2511158935-1000UA.job
2014-11-28 16:03 - 2012-10-04 19:24 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC
2014-11-28 15:52 - 2012-05-27 21:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 15:52 - 2012-05-27 21:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-28 15:52 - 2012-05-27 21:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 15:52 - 2011-05-16 17:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 15:34 - 2010-10-09 03:02 - 01336610 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 15:31 - 2009-07-14 04:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 15:31 - 2009-07-14 04:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 15:23 - 2013-09-05 14:01 - 00000128 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt.bck
2014-11-28 15:23 - 2013-09-05 14:01 - 00000128 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt
2014-11-28 15:23 - 2013-09-05 13:58 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg.bck
2014-11-28 15:23 - 2013-09-05 13:58 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg
2014-11-28 15:23 - 2013-09-05 13:58 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg.bck
2014-11-28 15:23 - 2013-09-05 13:58 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg
2014-11-28 15:23 - 2013-09-05 13:58 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg.bck
2014-11-28 15:23 - 2013-09-05 13:58 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg
2014-11-28 15:23 - 2013-09-05 13:58 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg.bck
2014-11-28 15:23 - 2013-09-05 13:58 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg
2014-11-28 15:23 - 2013-09-05 03:15 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls.bck
2014-11-28 15:23 - 2013-09-05 03:15 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls
2014-11-28 15:23 - 2013-09-05 03:15 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG.bck
2014-11-28 15:23 - 2013-09-05 03:15 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG
2014-11-28 15:21 - 2014-05-12 01:04 - 00000000 ____D () C:\Users\831\AppData\Local\Deployment
2014-11-28 15:20 - 2014-03-31 13:10 - 00000064 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt
2014-11-28 15:20 - 2013-09-05 13:58 - 00000152 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg.bck
2014-11-28 15:20 - 2013-09-05 13:58 - 00000152 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2014-11-28 15:20 - 2013-09-05 13:58 - 00000064 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt.bck
2014-11-28 15:19 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 21:09 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 03:32 - 2014-05-06 11:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-21 03:11 - 2013-07-29 23:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-21 03:00 - 2010-12-05 20:07 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-21 00:07 - 2011-10-10 05:48 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933245322-2934227867-2511158935-1000Core.job
2014-11-20 07:44 - 2009-07-14 04:45 - 04856392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-20 02:42 - 2012-03-02 11:36 - 00000000 ____D () C:\Users\831\Desktop\RO stuff
2014-11-20 02:35 - 2012-07-23 12:53 - 00000000 ___RD () C:\Users\831\Desktop\Covers
2014-11-20 02:35 - 2011-02-03 21:04 - 00835584 ___SH () C:\Users\831\Documents\Thumbs.db
2014-11-20 02:32 - 2010-12-30 07:54 - 00000000 ____D () C:\Users\831\Documents\My Received Files
2014-11-19 23:47 - 2012-11-20 09:16 - 00000000 ____D () C:\Windows\Minidump
2014-11-19 23:47 - 2012-08-03 12:06 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-19 23:47 - 2009-07-14 03:20 - 00000000 __RSD () C:\Windows\Media
2014-11-19 23:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-19 23:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-19 23:46 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-11-19 23:32 - 2010-12-02 17:37 - 00000000 ____D () C:\Users\831
2014-11-18 17:38 - 2013-06-08 18:47 - 02400768 ___SH () C:\Users\831\Desktop\Thumbs.db
2014-11-10 01:04 - 2014-09-10 05:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-09 13:22 - 2009-09-07 01:57 - 00000000 ____D () C:\Windows\Panther
2014-11-05 16:15 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-04 14:30 - 2010-12-02 17:51 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 10:18 - 2010-12-02 17:48 - 00001417 _____ () C:\Users\831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-01 22:43 - 2014-10-27 15:01 - 00000000 ____D () C:\ProgramData\GoSave
 
Some content of TEMP:
====================
C:\Users\831\AppData\Local\Temp\gqd6ao9e.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-20 05:56
 
==================== End Of Log ============================


Attached File  Addition.txt   39.57KB   2 downloads



I hope this helps! Thank you again for helping me out!

Regards,
John


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:54 PM

Posted 29 November 2014 - 04:59 PM

Hello John,

 

 

STEP 1

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

STEP 2

 

 

Now we need to downgrade Google Chrome to the latest stable release. The adware has updated your browser to the developer version where Chrome internal checks are disabled and the adware will reinstall the malicious extensions periodically again if not downgraded...

Make sure that you export your passwords and favorites/bookmarks if you have any before you proceed with the steps below.

Create a new Restore Point before you proceed just in case.

Now please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select Google Chrome.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

Now you can reinstall Google Chrome to the latest stable build Google Chrome 39.0.2171.71 Stable

 

 

Regards,

Georgi


cXfZ4wS.png


#7 sniperboo

sniperboo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:54 PM

Posted 30 November 2014 - 05:28 AM

Hello there, Georgi!


So I've followed everything you've told me to do and things seem to be going smoothly at the moment.

I don't know whether this means it's all finished now or?

Thanks once again for your swift reply, it means a lot!


Regards,
John



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:54 PM

Posted 30 November 2014 - 04:57 PM

Hi John,

 

I am glad I could help. :)

 

Can you please post the fixlog.txt in your next reply?

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 sniperboo

sniperboo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:54 PM

Posted 01 December 2014 - 04:56 PM

Heya, Georgi!


All of that will be coming up ASAP!

Thanks again for helping me even further!

Regards,
John



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:54 PM

Posted 01 December 2014 - 04:57 PM

It's my pleasure, John. :thumbup2:

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:54 PM

Posted 05 December 2014 - 08:01 AM

Hi,

 

Are you still around?

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 48 hours.

Thank you for your understanding.

 

Regards,

Georgi


cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:54 PM

Posted 08 December 2014 - 04:57 AM

Hi,

 

Are you still around? Just checking. No rush. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#13 sniperboo

sniperboo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:54 PM

Posted 08 December 2014 - 12:10 PM

Heya there, Georgi!


Here's the fixlog.txt that you requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by 831 at 2014-11-30 09:25:44 Run:1
Running from C:\Users\831\Desktop
Loaded Profile: 831 (Available profiles: 831)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: GoSave -> {cc5adb64-a865-4876-a30c-aa85ca5eb182} -> C:\Program Files (x86)\GoSave\dzbm077FiFbFKh.x64.dll No File
BHO-x32: GoSave -> {cc5adb64-a865-4876-a30c-aa85ca5eb182} -> C:\Program Files (x86)\GoSave\dzbm077FiFbFKh.dll No File
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\831\AppData\Roaming\Mozilla\Firefox\Profiles\4vz9rom2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-08-25]
CHR Extension: (GoSave) - C:\Users\831\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo [2014-10-27]
C:\Program Files (x86)\GoSave
C:\ProgramData\GoSave
C:\Users\831\AppData\Local\Temp\gqd6ao9e.dll
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
end
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc5adb64-a865-4876-a30c-aa85ca5eb182}" => Key deleted successfully.
"HKCR\CLSID\{cc5adb64-a865-4876-a30c-aa85ca5eb182}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc5adb64-a865-4876-a30c-aa85ca5eb182}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{cc5adb64-a865-4876-a30c-aa85ca5eb182}" => Key deleted successfully.
C:\Users\831\AppData\Roaming\Mozilla\Firefox\Profiles\4vz9rom2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} => Moved successfully.
C:\Users\831\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo => Moved successfully.
"C:\Program Files (x86)\GoSave" => File/Directory not found.
C:\ProgramData\GoSave => Moved successfully.
C:\Users\831\AppData\Local\Temp\gqd6ao9e.dll => Moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {E1B08240-7DD0-46D2-86B3-8CF380FC1FF2}.
{239CE741-F7E0-4913-AC5C-29CAA8F7CEEC} canceled.
{DB6A6553-1B2E-445E-BE17-CBB77DC6BF34} canceled.
{750067E2-E666-4EB0-AF08-FBB7119902E3} canceled.
{1B715CAD-0F29-43BA-BA3C-69D6E1184DE9} canceled.
4 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


The results of your next steps will be posted after this!


#14 sniperboo

sniperboo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:54 PM

Posted 08 December 2014 - 02:17 PM

 Hello again, Georgi!


Here are the logs you requested:


MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08/12/2014
Scan Time: 18:24:18
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.08.06
Rootkit Database: v2014.12.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: 831
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383900
Time Elapsed: 31 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.InstallCore, C:\Users\831\Downloads\FreeYouTubeToMP3Converter.exe, Quarantined, [4520d987a4d8c373842554e0bb4ac43c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


JRT.txt:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by 831 on 08/12/2014 at 17:56:04.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard update task
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bservice
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\bservice
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bservice64
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\bservice64
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eocomputer
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eorezo
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\helper
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\iminent
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\uniblue registrybooster 2
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\updatedownload-freesofthp
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yahoo! search
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{037039D8-8C53-43CC-95BE-198556E66531}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks\\{13C1216B-1C15-4569-B1CD-574A8567ED9A}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{56C4496E-79CE-4759-BFC7-C1380C276498}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{700F9637-8FFE-4759-ACDA-902AA7E96400}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{771D0255-20A6-40A7-8060-E681B3F9D5E8}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7E9F58B3-A23D-4340-BE12-BF56F3A7E6F5}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{83B5DC4E-8B4C-4CD3-A48A-5FD9F95CC34F}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks\\{92E1F8F8-1014-45EF-9CA6-785ED77F0D5E}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A52C74EB-AE94-481C-98A2-1101929A1D52}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{B54F7908-F0BA-4BEB-860E-4794C42035FC}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C8512D14-B450-422A-A5E5-EB7C11AE2469}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DA71D6D0-86E6-4E56-8D0C-091B3BDE27BA}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{DBFB1E76-8974-479C-BD01-B1F3357FC330}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{F4D76F09-7896-458A-890F-E1F05C46069F}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update bomlabio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update glindorus
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update lamilov
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update storimbo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update togglemark
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update trolatunt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util greener web
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037039D8-8C53-43CC-95BE-198556E66531}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1486AECD-A40B-4444-A6C2-049323A4173A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C4311FE-9225-4929-B9B2-8B48905FC8C2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{309D0F41-9A76-4D24-8518-607AA1E6AB4D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{309D0F41-9A76-4D24-8518-607AA1E6AB4D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3FF0F851-2817-499A-A7B9-E67790C849E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4692DC9E-F6EA-4A49-9F23-791FA3F454B0}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48894945-22E8-4BDF-8FC0-741A376AB81E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B0AC9E7-A519-4B9E-BB82-B599EBC6B584}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{568F1261-D116-4E54-90B8-17D0ACDE2AD7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{62A95860-F05D-4F3A-98FE-DB7AB361FBBA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{62A95860-F05D-4F3A-98FE-DB7AB361FBBA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6A263946-6A77-41FF-BB84-60B5D1E14914}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C434537-053E-486D-B62A-160059D9D456}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7E9F58B3-A23D-4340-BE12-BF56F3A7E6F5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83B5DC4E-8B4C-4CD3-A48A-5FD9F95CC34F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{905B576E-6A96-4033-9482-69BDDE082315}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{905B576E-6A96-4033-9482-69BDDE082315}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{90DB667F-75D9-4D32-8A79-F8BA648D4D88}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92E1F8F8-1014-45EF-9CA6-785ED77F0D5E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92E1F8F8-1014-45EF-9CA6-785ED77F0D5E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{97CD4B58-F9A7-4AE0-99F5-38C038890E19}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B8A32040-C5A1-4704-AD53-FE9C69E4B5C7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BC79CD63-2A51-4E5C-8A80-A758EED8F722}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C8512D14-B450-422A-A5E5-EB7C11AE2469}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8512D14-B450-422A-A5E5-EB7C11AE2469}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF7A7A83-AB17-419D-A0C4-67CA3F49D6FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D76F09-7896-458A-890F-E1F05C46069F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F834C500-C4E0-479D-8352-34CC5F54C4EC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FCB5BFAF-2EF5-4A8A-A5F5-1B74347F0217}
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A81E64F-A2E3-4B3C-ABC5-6A011C31956A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1AF34-01B4-4CBE-9D05-9D130A2C8215}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2229D638-6A5B-4002-BE42-58B17A5EFEF8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2388CB34-AE30-435F-86B7-6AFD3A016F90}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2877A654-1C9F-4CB5-8438-16022B2FDD9C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2888D76D-7B56-45A5-94D0-DC7ACE93B7CF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29ACF17C-1713-4286-8F40-BFD05F1E70C8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F06672-0E95-41A9-80CB-DEE386AF99AD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34191E35-BBFC-4587-87A9-4B397107119D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A98F6E-9322-4CDE-AE38-B284B6BED648}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{398C01F1-E584-46AD-A649-4F78B435DCFE}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CB4C6B3-3576-45CC-AA1F-287141A9F29E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D206148-6081-42E4-BE5F-614FF2C73CE0}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D68E927-6002-6BB4-7940-C297F1177192}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C03A4A-45BF-A5F1-E2ED-5A2B34E4BC86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{421C1B53-DAFB-4C55-9A5F-EFBA47D935B1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{442AE524-EBA5-4B17-82F3-888D68BC999A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45470599-8237-486D-87B5-E89CD6AED154}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51B1CC78-7D64-4610-9D44-705544D1F904}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{574BE437-25AE-4010-A53E-8C63B6AE02FF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57EB5B9C-8FCE-4DF6-99AF-D8940861A355}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61FE8D95-8EEF-4E3D-80F2-A53020AA73E8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62889C04-D644-4290-9D16-91EA440F3B29}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652853AD-5592-4231-88C6-706613A52E61}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F5CAD1-0FED-4118-BEFB-5510CC1772AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69C0E130-9F25-437B-9522-192970C0D4FA}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DB6CAFC-699A-4626-8284-E74217D6886C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70879F23-6ED6-4461-BA7B-BC9F383FA84F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70DD86E8-B5BC-4E4A-9D5C-B6234C24323C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7269532E-55C2-486A-A2AE-C2DA07E580A4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{745A6D3B-4DB0-4246-B596-9189787D4ED5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{808F71A1-1D74-4364-B0E3-5A66CE3FCA4E}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81A8912C-1568-45E6-8888-A6141361E4EB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{829CBB8D-4FBC-2464-E9D7-D55180B193B4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82E5E2FF-9260-4D88-B0C6-7CC358C5D418}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8561F2A1-D885-4852-8289-81AE4AD0AD99}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775FDB-6972-41F9-AE51-8326E38CB206}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A5229AE-2939-4A45-B16E-C5D8BB6D859B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BD7501A-5166-4036-BB01-5FC63C68EFEB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91A6E29D-664F-446E-82FD-CAEF6278FB30}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930F1200-F5F1-4870-BAC6-E233EC8E7023}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A13164A-92D6-4E43-9017-0E476631596D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9B87BDC-5F30-4F77-8E96-E853434305FB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA9AA36B-5B7B-4996-B083-83EF84D53B19}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB9F4B05-11E0-4D71-B9A7-BA94EDBC7C5D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD5FA4D4-7A26-4987-A021-340676E0EDA0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFA0DB72-D709-4AA1-88BF-28CD3D51869B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B016900A-46F4-4E09-9C09-720F423A7FCF}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6F9D46B-1E99-4FCE-B899-CBAFE7586956}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7F6FEF8-BEB4-4E82-8DF9-1AC1ECC1E9D0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0454C5-FD30-428E-8DB9-3FF87A612F64}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFEAF3D0-307E-4F52-B64A-AF56BABE82B5}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C530AD12-C5D8-4B97-9A69-66774A46C31E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D332F5-F6C8-4845-BD6C-937838BA907F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7C9FC25-88B0-4682-9C9F-2608E9117647}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C92AE615-4D46-4489-96FA-C5D6A38B3AB1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9AFAF70-F7EB-44B6-A334-0ED998D466E7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC6A027B-C5FE-4E10-B67C-6FF850C04791}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCC6A719-C3AC-46C7-8FF1-A2607C347B30}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D53E3A3E-BD9F-4C07-9E9D-C700CFEE1DF1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF89BC70-AC87-4A31-ACD5-7417E2CF1209}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF96F37A-ACCD-42B5-BD3D-629C0895E2B0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1B81206-8EBA-43EF-9C8F-811087E137BE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1BFC11E-A392-4575-9EE7-27A96EB0DB90}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E30A55B1-F1B7-43A4-B3F6-EC90CDC4FE60}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E646D4B1-FD71-4495-8A2E-566F93504FBE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEAD004E-7E2D-49F8-831C-A01647E85B53}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF384998-4499-4ED7-AF82-15DA4A5BD38D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F007C90A-2A1C-44FE-AC1A-4ED74F3D5523}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0381DBD-E018-4E07-AE40-D96AB15083FA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6F0F973-A4A3-48CF-9A7A-B7A69C30D71A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8698E62-9284-432A-9C62-C1293A2B1DD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9BBE8C7-1928-43F9-87C0-8C30583ABE4C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{011F9246-DA13-4555-9998-6E4805BD533F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C483849-889D-4573-A21F-57D8585B430D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18CAEA74-C7E8-4D37-967F-1D01351BA398}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A320D1-D26B-48E5-A301-1DC697606798}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25557344-D3F8-441E-BC05-6DD9872EF925}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BE65D6A-A340-403D-9A23-70D640283B38}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CE9C24E-7AFE-4486-A923-138D2C3F0B1E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62889C04-D644-4290-9D16-91EA440F3B29}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D5AE610-803A-E578-8B93-EE9CE23BE350}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72EE0D99-BFE9-46FC-92AC-E1AB74444ECD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DA17D5A-5718-4130-A605-FC316C827836}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A5229AE-2939-4A45-B16E-C5D8BB6D859B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2B6C1C5-ACDE-415E-A965-9FCB42E95952}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A37EC2D3-F094-466D-B833-D3DA89E3A00C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABF49CA0-CAA7-41B3-B772-826BB2DBE3A1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D8D716F2-AA5C-4406-9C39-C8FF582023E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA1194AD-F64B-4FE2-BEAD-5881D52F2754}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBBA2A2F-7B79-462A-A550-E500FE0DD556}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F904F51B-52DD-42EC-9DC8-D0856A0D1D67}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9BBE8C7-1928-43F9-87C0-8C30583ABE4C}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\132
Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\136
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\1affxtbr@samplesaledash_1a.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\2bffxtbr@bettercareersearch_2b.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\2kffxtbr@dotspot_2k.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\2sffxtbr@gamenutt_2s.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\45ffxtbr@quotationcafe_45.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\49ffxtbr@utilitychest_49.com
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\4affxtbr@astrology_4a.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\4fbafdb618701@4fbafdb61873a.info
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\4jffxtbr@radiorage_4j.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\4lffxtbr@bibletriviatime_4l.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\4pffxtbr@minddabble_4p.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\4pffxtbr@minddabble_4p.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\4zffxtbr@videodownloadconverter_4z.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\8jffxtbr@myimageconverter_8j.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\8zffxtbr@productrecallalert_8z.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\93ffxtbr@suddenlymusic_93.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\94ffxtbr@motitags_94.com
Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\9effxtbr@findmefreebies_9e.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\9effxtbr@findmefreebies_9e.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\addon@freecorder.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\clickpotatolite@clickpotatolite.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\dealcabby@jetpack
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\dealio@mybrowserbar.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\ffxtlbr@delta.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\games@acandy.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\gtffxtbr@gamingwonderland.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\lrcspal@xinghao.net
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\offerboxffx@offerbox.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\plugin@getwebcake.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\pricepeep@getpricepeep.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\search@searchsettings.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0cc09160-108c-4759-bab1-5c12c216e005}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1266764d-fc4f-4fa7-b63b-884d53b1680f}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1a615ea8-4c56-49ee-be83-f9a264b79997}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1d10eb57-e111-ea32-c58f-b1eaaeae1962}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{27e679cc-6aab-4b2a-bb87-096fe4178464}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{282b0e54-8981-49eb-9193-5910a1f6fd33}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{29acf17c-1713-4286-8f40-bfd05f1e70c8}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{462be121-2b54-4218-bf00-b9bf8135b23f}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{4cfc8387-5fb1-47c1-8aa4-5b7b906a591e}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{55a99d57-10ed-4466-a624-3008ab6c0fa0}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{a79d8b60-1ff0-47f0-8e79-8cde1fecb0fd}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ca60f577-1b28-41d6-8c78-c49e63304fcf}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{cdf97ee2-ded0-4369-835e-99dd08225fa5}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{d4be399f-cfdf-462f-b234-2e3a62cff5a8}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{f32e7e42-9afa-47ca-a0c4-d07ee651d404}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@allin1convert_8h.com/plugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@dailyjewishguide_18.com/plugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mapsgalaxy_39.com/plugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@bringmeapps_8k.com/plugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@electiontracker_59.com/plugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@happinessinfusion_5w.com/plugin
 
 
 
~~~ Chrome
 
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\aaaainelhcgoinheohbeolppeofibjlh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\aaaamlnbcjjkcgabjgbhdkjncianpaah
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aiennapmieppnpfhhogglccgepbdajan
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bdephonbpjofbmmhhlhiegdokbhhccch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bhapnjfnhgjijlphlbjbhkjbinbmcmjn
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bkjllalecbfjgljbohjbjbcnimkeehdd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\bolmicibdhjnmppjidlkppdaeplaphpi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdihkdldaicijakhchgojcokhpamkibi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ckdjndgfgjaglgcnllemofeepjeeaofa
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cknebhggccemgcnbidipinkifmmegdel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cknghehebaconkajgiobncfleofebcog
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\cmclajginlihohopoeofghddnhpplhom
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\cnglhdfndkfkpiddcmfioekcjkmojhbj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\coljhboelhlkbgaaolcngflenaggpeao
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dafciiblpodpjjihodceembgnglnkkie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\ddpocmpoechljihmgemoaahhmadaenbc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\didlmjkkjfegblmkekbhgpefajgikncm
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dmcecclamecbinmplcolhaljlclhbgah
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\edcikfknpchdehdlmjpbofgkoaonaijg
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\edcikfknpchdehdlmjpbofgkoaonaijg
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\eejgdjchkghejjjeeadkbojcnjilnmgf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\emaamodndfmmmcjepfigalbjjjemadom
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\engeblojhfeingnjnfpiceofljnjpldp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\fdedblfbimlecccianpicbeekhbijamo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\fhokfmhpdoppcompklkineedkmhinhdf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\flcnmdehjfeflkohlockkbmoglehckdf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\gijllgkkonhcdgklhffbpgbllneeblnh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\gmookaamlkjilnemkglmedgieblahbcn
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\gnbcopcndefcccgdofjadnafjljgofam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\hfdldabepacecakhpnhldhpejjfaaidf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hpdbfhoobgcmiffaheiedgepeipfcjpb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\hpilclpacieflhmobalmaccogiioldoo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\igapgnpnmadafimalefljcfplikonjpp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\iidmoehhpbghchkaogkhmcckhlhebekn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\ingolnlcamoheiiladeoecpgdbjjmlaf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\iohgglcbddjknnemakghbjadinmopafl
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\jljbhenkepchpiknajdnfglojnccebbi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\jljbhenkepchpiknajdnfglojnccebbi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\jonkjkdfeinmagldjmaiainlipljkaoa
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\kilnchfgclednmeoljcnnpjbhahobggo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\lcbpcjnokclpihddkmmjfbbpoaeobpcj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\lificnbhpecdikcjmcpdinkjbigomafg
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\loblblopcimdjlmbialgooenabfognaf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkbhbgeekdjepnnknnbmpnkidcifbfof
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\moeidmjobbckefodefgjocnpgkfonilj
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\nikdaiaidiiiogaidkkekcmokcgcdeac
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\oalbifknmclbnmjlljdemhjjlkmppjjl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\obciceimmggglbmelaidpjlmodcebijb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\odahgeaajkpopkhiakbpomdcehbmmkpg
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\odkbjcmjaccakaodmnhnkepfckjhghpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\pollkeobaahnbmpcgombjfibedabcddd
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/12/2014 at 18:12:25.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner[S0]:


# AdwCleaner v4.104 - Report created 08/12/2014 at 17:43:42

# Updated 05/12/2014 by Xplode
# Database : 2014-12-08.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : 831 - 831-HP
# Running from : C:\Users\831\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\fcf961673ea47d1a
Folder Deleted : C:\Users\831\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\831\AppData\Local\torch
Folder Deleted : C:\Users\831\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\831\AppData\Roaming\Mozilla\Firefox\Profiles\4vz9rom2.default\Extensions\RO@3.org
Folder Deleted : C:\Users\831\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo
Folder Deleted : C:\Users\831\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jomndpbkehejekfohipifagikhpilalo
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v7.0.1 (en-US)
 
[4vz9rom2.default\prefs.js] - Line Deleted : user_pref("extensions.mUYBSKvT8RrXp8tj.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
 
-\\ Google Chrome v39.0.2171.71
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [4216 octets] - [08/12/2014 17:39:26]
AdwCleaner[S0].txt - [3961 octets] - [08/12/2014 17:43:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4021 octets] ##########


I hope this helps!

Once again, thank you for being so patient!


Regards,
John


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:54 PM

Posted 08 December 2014 - 02:27 PM

Hey John,

 

Nice work. We are almost done here! :)

Lets check for leftovers.

 

 

STEP 1

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 2

 

 

Before I let you go I'd like to scan your machine with ESET OnlineScan
 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 3

 

 

Also let's check for outdated and vulnerable software on your pc

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

Let me know for any remaining issues.

 

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users