Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several Adware Programs & God knows what else


  • Please log in to reply
13 replies to this topic

#1 SueCagg

SueCagg

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 08 February 2015 - 07:24 PM

Hey! I've come here before regarding my laptop and was pretty successful then, so I figured this is where my best chance of succeeding again.

Today my aunt brought me her laptop (Aspire 5749Z) because she thought she "might have a virus or something"

Complete understatement, the computer is the worst I've ever seen. 
The worse part is it wasn't even her who infected it, nor was it any other household user who did. 

While my aunt was out of town, my uncle had brought it to someone to fix because it was slow.

Originally operating on Windows 8, this guy 

- downgraded from Windows 8 to (a probably bootleg copy) Windows 7

- installed programs such as Reg Pro, Optimizer Pro, PerfMax Scanner (& many others.)

- a modded version of Google Chrome that I can only assume he did on purpose because regardless of how many times I reset or changed the settings it opened up to his personal website on start-up

He also charged 40$ for this lovely service. 

I used Wise Program Uninstaller to uninstall & remove associated files to all known infected programs, and then AdwCleaner, restarted and although most is gone there's still 
CouepScaNNer, Cinemax, Cinemax Go Pro, Media+PlayerVidEd, Sense, Ge-Force, tperfectcoeupON, shopperz 

plug ins that won't remove/disable, and something that's tracking, opening up new tabs to redirect to ads,
 

I tried installing Malewarebytes but when I try to set up it up it tells me Internal Error: Cannot locate Common files paths x64 

I'd appreciate any help or advice, 
 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:36 AM

Posted 08 February 2015 - 07:41 PM

Sue the perp that did the damage....fraud.

If the computer originally had Windows 8 and a recovery partition then you may be able to do a clean install using the Win 8 install files in the Recovery partition.

I don't think I would trust any other remedy than a clean install.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 SueCagg

SueCagg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 09 February 2015 - 02:20 PM

Okay, the recovery partition wouldn't happen to be on the secondary drive, usually labeled recovery, would it?
Because yeah, that's not there either. She only have the one C drive. -.-
and I know it's fraud, it's a small town and I doubt anyone will actually do anything to take this guy out pf business

#4 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:36 AM

Posted 09 February 2015 - 02:54 PM

So, the butthead wiped the entire drive. If you want to attempt to clean up the comp and keep Windows 7, here are some suggestions:

 

Easiest way to get rid of plug-ins is to completely uninstall browsers like Firefox and Chrome. That means uninstalling the Profile for each, too.

5 Ways to Uninstall Google Chrome - wikiHow

 

I'm not familiar with the uninstaller you used. I always suggest using Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

in Advanced mode.

 

You can scan for adware and malware using these programs: (You can disable startups and uninstall programs using CCleaner. Select Tools and either startups or Uninstall to see the lists)

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 SueCagg

SueCagg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 09 February 2015 - 03:38 PM

Okay I'll try those, but Malwarebytes won't even install. It'll say select language to install, I click okay, then it gives me that error message. Should I try chameleon version?

#6 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:36 AM

Posted 09 February 2015 - 03:42 PM

Skip it...run the other programs...we'll come back to that problem later.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 SueCagg

SueCagg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 09 February 2015 - 07:18 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by June on Mon 02/09/2015 at 20:05:44.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrazyForCrafts_7n.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrazyForCrafts_7n.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\HowToSimplified_8e.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\HowToSimplified_8e.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644114495}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644574483}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644794413}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644904459}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644914429}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644114495}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644574483}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644794413}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644904459}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644914429}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644114495}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644574483}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644794413}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644904459}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644914429}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611111195}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611571183}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611791113}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611901159}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611911129}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611111195}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611571183}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611791113}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901159}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611911129}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644114495}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644574483}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644794413}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644904459}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644914429}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611111195}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611571183}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611791113}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611911129}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06fc2b62-806b-4ab9-814c-68406ebc09e0}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{06fc2b62-806b-4ab9-814c-68406ebc09e0}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9ea0115-dc08-4422-9e96-9b1960971322}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b9ea0115-dc08-4422-9e96-9b1960971322}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06fc2b62-806b-4ab9-814c-68406ebc09e0}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{06fc2b62-806b-4ab9-814c-68406ebc09e0}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9ea0115-dc08-4422-9e96-9b1960971322}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b9ea0115-dc08-4422-9e96-9b1960971322}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\June\AppData\LocalLow\FCTB000100573
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\June\appdata\local\tvwizard"
Successfully deleted: [Folder] "C:\Users\June\appdata\locallow\crazyforcrafts_7n"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/09/2015 at 20:10:26.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
This will be Adw Cleaner S0 (as I stated, I had to scan a few times.)
 
 
 
 
***** [ Services ] *****
 
Service Deleted : BackupStack
Service Deleted : CltMngSvc
Service Deleted : EZ Software Updater
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : pennybee
Service Deleted : sbmntr
Service Deleted : SPBIUpd
[#] Service Deleted : SPBIUpdd
Service Deleted : shopperz Updater
Service Deleted : ColorMedia
Service Deleted : PicColor Service
[#] Service Deleted : SWUpdater
[#] Service Deleted : YahooAUService
[#] Service Deleted : asuservice
[#] Service Deleted : wpnfd_1_10_0_5
Service Deleted : wpsvc_1.10.0.5
Service Deleted : Internet Enhancer Service
[#] Service Deleted : cherimoya
[#] Service Deleted : Update Cyti Web
[#] Service Deleted : Util Cyti Web
Service Deleted : {20915d52-1148-4fc2-8788-129eeb5e27dd}w64
Service Deleted : {3560b757-0519-45b3-a215-cfb94afd0821}w64
Service Deleted : {689b5bed-4e9b-4b8b-a673-3c39fb4d2820}w64
Service Deleted : {72046701-0cbb-49f5-bb97-c718dc285f35}w64
Service Deleted : {7b7db604-54eb-492b-a629-19e0f0c6ac57}w64
Service Deleted : {921265c3-88e5-40e1-8d74-df5314572900}w64
Service Deleted : {a6994947-8316-401e-82e4-23da215413fb}w64
Service Deleted : {c0915853-fd66-4086-a9ce-b80496d49b3f}w64
Service Deleted : {f69f75dd-7e74-4885-b8d1-87b7e0b79ccb}w64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\TVWizard
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\MovieMode
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\TVWizard
Folder Deleted : C:\ProgramData\Reimage Protector
Folder Deleted : C:\ProgramData\PicColor Utility
Folder Deleted : C:\ProgramData\ShoppingDealFactory
Folder Deleted : C:\ProgramData\PicColorData
Folder Deleted : C:\ProgramData\drivergenius
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\ProgramData\Deal4mme
Folder Deleted : C:\ProgramData\FlashCoupoin
Folder Deleted : C:\ProgramData\GoldenCoupon
Folder Deleted : C:\ProgramData\QueenCoupon
Folder Deleted : C:\ProgramData\RoyalaCouponn
Folder Deleted : C:\ProgramData\ROyalSehopperApp
Folder Deleted : C:\ProgramData\87a611fd8875b7ea
Folder Deleted : C:\ProgramData\9774519821868054506
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance
Folder Deleted : C:\Program Files (x86)\Easy Speed Check
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\NetCrawl
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\pc speed up
Folder Deleted : C:\Program Files (x86)\PennyBee
Folder Deleted : C:\Program Files (x86)\PepperZip
Folder Deleted : C:\Program Files (x86)\Probit Software
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Sense
Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\SmartMediaConverter
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\System Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\EZ Software Updater
Folder Deleted : C:\Program Files (x86)\Super Optimizer
Folder Deleted : C:\Program Files (x86)\Ge-Force
Folder Deleted : C:\Program Files (x86)\wordproser_1.10.0.5
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.16
[!] Folder Deleted : C:\Program Files (x86)\Cyti Web
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.20
Folder Deleted : C:\Program Files (x86)\WaInterEnhance
Folder Deleted : C:\Program Files (x86)\WSE_Taplika
Folder Deleted : C:\Program Files (x86)\FlashCoupoin
Folder Deleted : C:\Program Files (x86)\QueenCoupon
Folder Deleted : C:\Program Files (x86)\RoyalaCouponn
Folder Deleted : C:\Program Files (x86)\ROyalSehopperApp
Folder Deleted : C:\Program Files (x86)\CouepScaNNeR
Folder Deleted : C:\Program Files (x86)\tperfectcoeupON
[!] Folder Deleted : C:\Program Files (x86)\Cyti Web
Folder Deleted : C:\Program Files (x86)\gmsd_ca_32
Folder Deleted : C:\Program Files (x86)\gmsd_ca_36
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\June\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\June\AppData\Local\Temp\apn
Folder Deleted : C:\Program Files\Reimage
[!] Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Program Files\WebBar
Folder Deleted : C:\Users\June\AppData\Local\globalUpdate
Folder Deleted : C:\Users\June\AppData\Local\iac
Folder Deleted : C:\Users\June\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Folder Deleted : C:\Users\June\AppData\Local\SearchProtect
Folder Deleted : C:\Users\June\AppData\Local\TVWizard
Folder Deleted : C:\Users\June\AppData\Local\Weather_Protector_LLC
Folder Deleted : C:\Users\June\AppData\Local\CrashRpt
Folder Deleted : C:\Users\June\AppData\Local\speed browser
Folder Deleted : C:\Users\June\AppData\Local\Kromtech
Folder Deleted : C:\Users\June\AppData\Local\WebBar
Folder Deleted : C:\Users\June\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\June\AppData\Local\gmsd_ca_32
Folder Deleted : C:\Users\June\AppData\Local\gmsd_ca_36
Folder Deleted : C:\Users\June\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\June\AppData\LocalLow\iac
Folder Deleted : C:\Users\June\AppData\LocalLow\Sense
Folder Deleted : C:\Users\June\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\June\AppData\LocalLow\Ge-Force
Folder Deleted : C:\Users\June\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\June\AppData\Roaming\Activeris
Folder Deleted : C:\Users\June\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\June\AppData\Roaming\GroovorioUpdater
Folder Deleted : C:\Users\June\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\June\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\June\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\June\AppData\Roaming\PennyBee
Folder Deleted : C:\Users\June\AppData\Roaming\Probit Software
Folder Deleted : C:\Users\June\AppData\Roaming\Systweak
Folder Deleted : C:\Users\June\AppData\Roaming\Super Optimizer
Folder Deleted : C:\Users\June\AppData\Roaming\WSE_Taplika
Folder Deleted : C:\Users\June\Documents\Optimizer Pro
Folder Deleted : C:\Users\June\Documents\PC Cleaner
Folder Deleted : C:\Users\June\Documents\PC Health Kit
Folder Deleted : C:\Users\June\Documents\PCSpeedUp
Folder Deleted : C:\Users\June\Documents\Super Optimizer
Folder Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniiadklfgdhjcmmkpggffjngihaaoip
Folder Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhommlgbajjmgdjfkofmjkdiicdfknde
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\p5PSSavr.scr
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\wpnfd_1_10_0_5.sys
File Deleted : C:\Windows\System32\drivers\cherimoya.sys
File Deleted : C:\Windows\System32\drivers\{20915d52-1148-4fc2-8788-129eeb5e27dd}w64.sys
File Deleted : C:\Windows\System32\drivers\{3560b757-0519-45b3-a215-cfb94afd0821}w64.sys
File Deleted : C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}w64.sys
File Deleted : C:\Windows\System32\drivers\{72046701-0cbb-49f5-bb97-c718dc285f35}w64.sys
File Deleted : C:\Windows\System32\drivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}w64.sys
File Deleted : C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}w64.sys
File Deleted : C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}w64.sys
File Deleted : C:\Windows\System32\drivers\{c0915853-fd66-4086-a9ce-b80496d49b3f}w64.sys
File Deleted : C:\Windows\System32\drivers\{f69f75dd-7e74-4885-b8d1-87b7e0b79ccb}w64.sys
File Deleted : C:\Users\June\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\June\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\June\Desktop\Live PC Help.lnk
File Deleted : C:\Users\June\Desktop\gameo.lnk
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage
File Deleted : C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchApp
Task Deleted : Optimizer Pro Schedule
Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SMupdate1
Task Deleted : SPDriver
Task Deleted : YTDownloader
Task Deleted : PennyBee
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
Task Deleted : gameo_update
Task Deleted : YTDownloaderUpd
Task Deleted : WSE_Taplika
Task Deleted : 08811b32-6c35-4bfc-8b0b-a028aff7e8bf-1
Task Deleted : 08811b32-6c35-4bfc-8b0b-a028aff7e8bf-5
Task Deleted : 08811b32-6c35-4bfc-8b0b-a028aff7e8bf-5_user
Task Deleted : 08811b32-6c35-4bfc-8b0b-a028aff7e8bf-6
Task Deleted : 08811b32-6c35-4bfc-8b0b-a028aff7e8bf-7
Task Deleted : 32f73ca7-17da-4d01-8cdb-d4b596d9c6be-1
Task Deleted : 32f73ca7-17da-4d01-8cdb-d4b596d9c6be-11
Task Deleted : 32f73ca7-17da-4d01-8cdb-d4b596d9c6be-4
Task Deleted : 32f73ca7-17da-4d01-8cdb-d4b596d9c6be-5
Task Deleted : 32f73ca7-17da-4d01-8cdb-d4b596d9c6be-5_user
Task Deleted : 32f73ca7-17da-4d01-8cdb-d4b596d9c6be-6
Task Deleted : 32f73ca7-17da-4d01-8cdb-d4b596d9c6be-7
Task Deleted : 66667193-27a5-4470-8f44-76c102eab7dc-1
Task Deleted : 66667193-27a5-4470-8f44-76c102eab7dc-3
Task Deleted : 66667193-27a5-4470-8f44-76c102eab7dc-5
Task Deleted : 66667193-27a5-4470-8f44-76c102eab7dc-5_user
Task Deleted : 66667193-27a5-4470-8f44-76c102eab7dc-6
Task Deleted : 66667193-27a5-4470-8f44-76c102eab7dc-7
Task Deleted : ddc07ca1-412f-4607-a5ef-b7c1b8c2b02e-1
Task Deleted : ddc07ca1-412f-4607-a5ef-b7c1b8c2b02e-10_user
Task Deleted : ddc07ca1-412f-4607-a5ef-b7c1b8c2b02e-3
Task Deleted : ddc07ca1-412f-4607-a5ef-b7c1b8c2b02e-5
Task Deleted : ddc07ca1-412f-4607-a5ef-b7c1b8c2b02e-5_user
Task Deleted : ddc07ca1-412f-4607-a5ef-b7c1b8c2b02e-6
Task Deleted : ddc07ca1-412f-4607-a5ef-b7c1b8c2b02e-7
Task Deleted : e5abfa2a-8157-44a5-a580-f7c79bd8595b-1
Task Deleted : e5abfa2a-8157-44a5-a580-f7c79bd8595b-5
Task Deleted : e5abfa2a-8157-44a5-a580-f7c79bd8595b-5_user
Task Deleted : e5abfa2a-8157-44a5-a580-f7c79bd8595b-6
Task Deleted : e5abfa2a-8157-44a5-a580-f7c79bd8595b-7
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM64\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Microsoft\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [EasySpeedCheck]
Key Deleted : HKLM\SOFTWARE\Classes\RoyaalSHoopperAPp.RoyaalSHoopperAPp
Key Deleted : HKLM\SOFTWARE\Classes\RoyaalSHoopperAPp.RoyaalSHoopperAPp.2.1
Key Deleted : HKLM\SOFTWARE\Classes\ROOyalCoupOeN.ROOyalCoupOeN
Key Deleted : HKLM\SOFTWARE\Classes\ROOyalCoupOeN.ROOyalCoupOeN.1.6
Key Deleted : HKLM\SOFTWARE\Classes\P06fc2b62_806b_4ab9_814c_68406ebc09e0_.P06fc2b62_806b_4ab9_814c_68406ebc09e0_
Key Deleted : HKLM\SOFTWARE\Classes\P06fc2b62_806b_4ab9_814c_68406ebc09e0_.P06fc2b62_806b_4ab9_814c_68406ebc09e0_.9
Key Deleted : HKLM\SOFTWARE\Classes\FlashCoupoN.FlashCoupoN
Key Deleted : HKLM\SOFTWARE\Classes\FlashCoupoN.FlashCoupoN.1.6
Key Deleted : HKLM\SOFTWARE\Classes\QueennCoupoon.QueennCoupoon
Key Deleted : HKLM\SOFTWARE\Classes\QueennCoupoon.QueennCoupoon.1.4
Key Deleted : HKLM\SOFTWARE\Classes\Pb9ea0115_dc08_4422_9e96_9b1960971322_.Pb9ea0115_dc08_4422_9e96_9b1960971322_
Key Deleted : HKLM\SOFTWARE\Classes\Pb9ea0115_dc08_4422_9e96_9b1960971322_.Pb9ea0115_dc08_4422_9e96_9b1960971322_.9
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297964
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{031A4BF8-E6C4-FDC2-1BA2-FAB1263C311B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03259425-FDEC-2BBE-5642-81D54DFF3CAB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06fc2b62-806b-4ab9-814c-68406ebc09e0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{276F62AE-5F16-5C40-4762-DE512B498A70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F3172AF-E9B2-26BC-B92D-C4CA57BA3B98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b9ea0115-dc08-4422-9e96-9b1960971322}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901159}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611911129}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622112295}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572283}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622792213}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902259}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622912229}
 
 
 
This will be scan 2
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Program Files (x86)\Cyti Web
[!] Folder Deleted : C:\Program Files (x86)\Cyti Web
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Users\June\AppData\Local\TVWizard
Folder Deleted : C:\Users\June\AppData\Local\GameHugArcade
Folder Deleted : C:\Users\June\AppData\Roaming\GameHugArcade
Folder Deleted : C:\Users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameHug Arcade
File Deleted : C:\Users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameHugArcadeApp.lnk
File Deleted : C:\Users\June\Desktop\GameHug Arcade.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [GameHug Arcade]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{aa2fac44-d24d-4fed-9e32-397d138365f1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655115595}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575583}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655795513}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905559}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655915529}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666116695}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576683}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666796613}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666916629}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4b030cae-5396-4e8d-b29f-0bc3213ab606}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa2fac44-d24d-4fed-9e32-397d138365f1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{aa2fac44-d24d-4fed-9e32-397d138365f1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{aa2fac44-d24d-4fed-9e32-397d138365f1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655115595}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575583}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655795513}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905559}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655915529}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666116695}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576683}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666796613}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666916629}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tune
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Easy Speed Check
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\WaInterEnhance
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\GameHug
Key Deleted : HKCU\Software\GameHugArcadeApp
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PopularScreensavers
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\WaInterEnhance
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Cyti Web
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameHugArcade
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4F6F37C-8D19-4DAD-BF7B-0953133FD43F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cyti Web
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Google Chrome v33.0.1750.154
 
[C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://Taplika.com/?f=1&a=tpl_tuto7_15_04&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzyyE0D0CtCyE0DyD0B0C0CtN0D0Tzu0StCtCtCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDyE0EtD0ByD0C0DtGtBzytBtAtG0DzyyEyBtG0DyDtAtAtGyEzztD0FyCzztA0B0FyB0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0F0Azz0D0AzytGtB0Dzy0DtGyE0EtAyDtGzy0E0AyDtGzzyDzyyDtByEyC0EyB0EyB0D2Q&cr=191160625&ir=
[C:\Users\June\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://Taplika.com/?f=1&a=tpl_tuto7_15_04&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzyyE0D0CtCyE0DyD0B0C0CtN0D0Tzu0StCtCtCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDyE0EtD0ByD0C0DtGtBzytBtAtG0DzyyEyBtG0DyDtAtAtGyEzztD0FyCzztA0B0FyB0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0F0Azz0D0AzytGtB0Dzy0DtGyE0EtAyDtGzy0E0AyDtGzzyDzyyDtByEyC0EyB0EyB0D2Q&cr=191160625&ir=
 
*************************
 
AdwCleaner[R0].txt - [50945 bytes] - [08/02/2015 17:57:27]
AdwCleaner[R1].txt - [21595 bytes] - [08/02/2015 18:12:26]
AdwCleaner[S0].txt - [22946 bytes] - [08/02/2015 18:06:07]
AdwCleaner[S1].txt - [18049 bytes] - [08/02/2015 18:13:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [18109  bytes] ##########
 
Results from the next scan.
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\June\AppData\Local\TVWizard
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
*************************
 
AdwCleaner[R0].txt - [50945 bytes] - [08/02/2015 17:57:27]
AdwCleaner[R1].txt - [21595 bytes] - [08/02/2015 18:12:26]
AdwCleaner[R2].txt - [998 bytes] - [08/02/2015 18:53:54]
AdwCleaner[S0].txt - [22946 bytes] - [08/02/2015 18:06:07]
AdwCleaner[S1].txt - [18406 bytes] - [08/02/2015 18:13:54]
AdwCleaner[S2].txt - [928 bytes] - [08/02/2015 18:56:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [986  bytes] ##########
 
annnnnd the final one
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\June\AppData\Local\TVWizard
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Optimizer Pro
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [50945 bytes] - [08/02/2015 17:57:27]
AdwCleaner[R1].txt - [21595 bytes] - [08/02/2015 18:12:26]
AdwCleaner[R2].txt - [998 bytes] - [08/02/2015 18:53:54]
AdwCleaner[R3].txt - [1242 bytes] - [09/02/2015 19:55:47]
AdwCleaner[S0].txt - [22946 bytes] - [08/02/2015 18:06:07]
AdwCleaner[S1].txt - [18406 bytes] - [08/02/2015 18:13:54]
AdwCleaner[S2].txt - [1065 bytes] - [08/02/2015 18:56:19]
AdwCleaner[S3].txt - [1127 bytes] - [09/02/2015 19:59:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1186  bytes] ##########
 
The third scanner is at 83% and will upload soon, so far 33 infected files.
 
 


#8 SueCagg

SueCagg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 09 February 2015 - 07:26 PM

Jesus. It won't allow me to install anything? My attempt to download Reno Uninstaller I'm getting the same thing as Malwarebytes. 
Internal Error: Failed to get path 64 in Common Files 
I tried using a snipping tool to show you, but I got an error with that too. 
I'm about to shove this laptop right up this guy's butt. 



#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 09 February 2015 - 07:31 PM

(sorry buddy, just had to comment here )

 

:hysterical: ....well said SueCagg !!!


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#10 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:36 AM

Posted 09 February 2015 - 07:34 PM

It's possible that Eset Online scanner, which I think is scanning now, will remove what is blocking the installs.

 

I wouldn't recommend doing any uninstalling while Eset is scanning.

 

chameleon is the next to try after Eset finishes.


Edited by buddy215, 09 February 2015 - 07:41 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 SueCagg

SueCagg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 09 February 2015 - 07:52 PM

Yeah ESET Scanner is going now, 91% 88 infected files, 

& Condobloke trust me, it wasn't my original thought, I had to paraphrase what I was thinking to be respectful of the forum, it wasn't so vanilla in my head.



#12 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:36 AM

Posted 09 February 2015 - 08:00 PM

Some of what Eset finds will be in the AdwCleaner Quarantined folder.....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 SueCagg

SueCagg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 09 February 2015 - 09:54 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouepScaNNeR\2zTtdYC5yxKPwR.dll.vir a variant of Win32/Adware.MultiPlug.EG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouepScaNNeR\2zTtdYC5yxKPwR.x64.dll.vir a variant of Win64/Adware.MultiPlug.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe.vir a variant of Win32/AdWare.EasySpeedCheck.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_ca_36\gmsd_ca_36.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.20\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Speed PC\EasySpeedPC.exe.vir a variant of Win32/SpeedingUpMyPC application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\tperfectcoeupON\sQHDzHx445YfeS.dll.vir a variant of Win32/Adware.MultiPlug.EG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\tperfectcoeupON\sQHDzHx445YfeS.x64.dll.vir a variant of Win64/Adware.MultiPlug.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\wordproser_1.10.0.5\Service\wpsvc.exe.vir a variant of Win32/AdWare.Vitruvian.D application
C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.H application
C:\AdwCleaner\Quarantine\C\ProgramData\MovieMode\up\2.6.78\MovieMode64.exe.vir a variant of MSIL/Adware.PullUpdate.D application
C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\ColorMedia.dll.vir a variant of Win32/Adware.PicColor.C application
C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\ColorMedia.exe.vir a variant of Win32/Adware.PicColor.C application
C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\ColorMedia64.dll.vir a variant of Win32/Adware.PicColor.C application
C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\PicColor.exe.vir a variant of Win32/Adware.PicColor.C application
C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\RgsBTMedia.exe.vir a variant of Win32/Adware.PicColor.C application
C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\RgsBTMedia64.exe.vir a variant of Win32/Adware.PicColor.C application
C:\AdwCleaner\Quarantine\C\Users\June\AppData\Local\gmsd_ca_36\upgmsd_ca_36.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\June\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat.vir VBS/Kryptik.DY trojan
C:\Config.Msi\21fce552.rbf a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\ProgramData\C5A3BB37E7764FD69BB3D8A75A7BB3E1\C5A3BB37E7764FD69BB3D8A75A7BB3E1.exe a variant of Win32/Adware.PicColor.H application
C:\ProgramData\UyUYBpRwsR\WDeYMmms.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\ProgramData\UyUYBpRwsR\dat\CxtduNdRYfx.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\ProgramData\UyUYBpRwsR\dat\FfgCiHzP.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\ProgramData\UyUYBpRwsR\dat\LHhmvTKrhX.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\ProgramData\UyUYBpRwsR\dat\XAOBSoUelG.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\Users\All Users\C5A3BB37E7764FD69BB3D8A75A7BB3E1\C5A3BB37E7764FD69BB3D8A75A7BB3E1.exe a variant of Win32/Adware.PicColor.H application
C:\Users\All Users\UyUYBpRwsR\WDeYMmms.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\Users\All Users\UyUYBpRwsR\dat\CxtduNdRYfx.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\Users\All Users\UyUYBpRwsR\dat\FfgCiHzP.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\Users\All Users\UyUYBpRwsR\dat\LHhmvTKrhX.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\Users\All Users\UyUYBpRwsR\dat\XAOBSoUelG.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\Users\June\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\June\AppData\Local\Downloaded Installations\{BF3589D3-BF62-48FE-9405-C2FB81574783}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\June\AppData\Local\Temp\air4741.exe Win32/SpeedingUpMyPC.I application
C:\Users\June\AppData\Local\Temp\air7F10.exe multiple threats
C:\Users\June\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Users\June\AppData\Local\Temp\optprosetup.exe multiple threats
C:\Users\June\AppData\Local\Temp\1b542f59-73f6-4b18-a624-e48eaf352d8b\games desktop.exe multiple threats
C:\Users\June\AppData\Local\Temp\1fe2af15-3ab5-4d27-9247-ae509715f0fb\5555-1007_checkmeup.exe a variant of Win32/Adware.AddLyrics.DN application
C:\Users\June\AppData\Local\Temp\5782f45c-43a2-40be-a1a2-b0f653407499\setup.exe multiple threats
C:\Users\June\AppData\Local\Temp\94ddc520-6b9c-41ff-b2ed-1fa7fba838d6\wordproser-setup-1.10.0.5.exe a variant of Win32/AdWare.Vitruvian.D application
C:\Users\June\AppData\Local\Temp\A654tmp\easyspeedpc.exe Win32/SpeedingUpMyPC.R application
C:\Users\June\AppData\Local\Temp\a6d0ca48-ff27-4d31-a19f-a47c28c6fce7\Setup (3).exe Win32/TrojanDownloader.Adload.NMZ trojan
C:\Users\June\AppData\Local\Temp\FreeTorrentViewer\PIPAskToolbar\Offercast2802_DSGOH_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\June\AppData\Local\Temp\ImproveSpeedPC\PIPAskToolbar\PIP26121_BCPA_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\June\AppData\Local\Temp\is-J6B2R.tmp\package_optimizerpro_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-N57EJ.tmp\gentlemjmp_ieeuu.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_AmNuvision_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_boost_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_commonshare_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_cp_desktopdock_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_CubepileShopperz_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_gamehug_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_linkey_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_MyTubeTheater_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_optimizerpro_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_plumoweb_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_secprotkeys_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_secprotwhite_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_secureprotect_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_spbp_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_speeditup_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_stormpverti_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_superpc_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_taplika_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_wordproser_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_wordproser_pariente_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-NJGG1.tmp\package_zombie_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-R81NT.tmp\gentlemjmp_ieeuu.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\is-UVCR0.tmp\gentlemjmp_ieeuu.exe Win32/AdWare.EoRezo.AW application
C:\Users\June\AppData\Local\Temp\nsoA77D.tmp\Helper.dll a variant of MSIL/Adware.PullUpdate.A application
C:\Users\June\AppData\Local\Temp\{167158CE-1637-4167-8A1C-C2549EEA966A}\Offercast2821_WCL2_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\June\AppData\Local\Temp\{8E0B3355-98CE-4ABC-A0EE-4D241F6A925A}\setup.exe multiple threats
C:\Users\June\AppData\Local\Temp\{F1F877B6-469A-44BA-A8A2-AF8B59067049}\setup.exe multiple threats
C:\Users\June\AppData\Roaming\Wise Uninstaller\1508615281724.file multiple threats
C:\Users\June\AppData\Roaming\Wise Uninstaller\1720015281629.file multiple threats
C:\Users\June\AppData\Roaming\Wise Uninstaller\3202915281641.file a variant of MSIL/RunElevated.A potentially unsafe application
C:\Users\June\AppData\Roaming\Wise Uninstaller\3824715281657.file a variant of Win32/AdWare.Vitruvian.D application
C:\Users\June\AppData\Roaming\Wise Uninstaller\4174115281645.file VBS/Kryptik.DY trojan
C:\Users\June\AppData\Roaming\Wise Uninstaller\739015281638.file multiple threats
C:\Users\June\AppData\Roaming\Wise Uninstaller\963315281643.file multiple threats
C:\Windows\SysWOW64\ColorMedia.dll a variant of Win32/Adware.PicColor.C application
C:\Windows\SysWOW64\MovieMode.48CA2AEFA22D.2.6.78.dll a variant of MSIL/Adware.PullUpdate.C application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\MovieMode.48CA2AEFA22D.2.6.78.dll a variant of MSIL/Adware.PullUpdate.C application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\MovieMode.exe a variant of MSIL/Adware.PullUpdate.D application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\MovieModeService.exe a variant of MSIL/Adware.PullUpdate.A application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\MovieModeUpdate.exe MSIL/Adware.PullUpdate.I application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BCPA1[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BCPA1[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BCPA1[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BCPA1[4].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows.old\Documents and Settings\june\AppData\Local\Application Data\Temp\ask.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Documents and Settings\june\AppData\Local\Application Data\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Documents and Settings\june\AppData\Local\Temp\ask.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Documents and Settings\june\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Documents and Settings\june\AppData\LocalLow\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Documents and Settings\june\Local Settings\Temp\ask.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Documents and Settings\june\Local Settings\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Program Files (x86)\Ask.com\GenericAskToolbar.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows.old\Program Files (x86)\Ask.com\precache.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows.old\Program Files (x86)\Ask.com\SaUpdate.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows.old\Program Files (x86)\Ask.com\UpdateTask.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows.old\Program Files (x86)\Ask.com\Updater\Updater.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows.old\Users\june\AppData\Local\Temp\ask.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Users\june\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Users\june\AppData\LocalLow\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Users\june\Local Settings\Temp\ask.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Users\june\Local Settings\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Windows\Installer\1d6dffc.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows\Installer\382b9.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSI5997.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\System32\ColorMedia.dll a variant of Win32/Adware.PicColor.C application cleaned by deleting (after the next restart) - quarantined
C:\Windows\System32\MovieMode.48CA2AEFA22D.2.6.78.dll a variant of MSIL/Adware.PullUpdate.C application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\MovieMode.48CA2AEFA22D.2.6.78.dll a variant of MSIL/Adware.PullUpdate.C application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\MovieMode.exe a variant of MSIL/Adware.PullUpdate.D application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\MovieModeService.exe a variant of MSIL/Adware.PullUpdate.A application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\MovieModeUpdate.exe MSIL/Adware.PullUpdate.I application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BCPA1[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BCPA1[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BCPA1[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BCPA1[4].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
 
 
 
It was stuck on one file at 99% for over an hour so I stopped it


#14 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:36 AM

Posted 10 February 2015 - 07:04 AM

Did you make a note of which file it was stuck on?

 

Use Windows Repair (All In One) Download . Be sure to run option #4....System File Check

  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Repair Internet Explorer
  • Repair MDAC & MS Jet
  • Repair Hosts File
  • Remove Policies Set By Infections
  • Repair Icons
  • Repair Winsock & DNS Cache
  • Remove Temp Files
  • Repair Proxy Settings
  • Unhide Non System Files

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users