Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus changes network connection settings


  • This topic is locked This topic is locked
53 replies to this topic

#1 newschick

newschick

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:41 AM

Posted 16 February 2015 - 06:01 AM

I have been working with someone in the "Am I Infected" section for 3 days.
 

 

Well, it appears to be nearly impossible to fix your network connection using the tools which we are allowed to use on this forum. I recommend you to post a new topic in the Malware Removal Logs forum for a more thorough look by a professional tech expert.
 
Please follow the preparation guide for posting in the Malware Removal Logs forum, and post a new topic called "Virus changes network connection settings". Make sure to include a link back to this forum topic, so that BleepingComputer staff members can see the logs posted here.

 

 
As you can see, I have been instructed to create this post here for more thorough assistance.  Here is the link to the original post, the previous logs and all the steps taken: http://www.bleepingcomputer.com/forums/t/566857/unable-to-connect-to-internet-proxy-server-refusing-connections/
 
And here is the original post: 
 


 
 

HP TouchSmart Windows 8 w/Norton 360 installed.
Unable to connect to internet, proxy server refusing connections, unable to change in internet options (will not save)
Shows user is admin, but won't let changes be made.
(I've found a wealth of help here before, and this time my boss needs help, so I am trying to help him out)
 
Found a thread on microsoft stating this could be a possible virus.
Advised to download Hitman, Spybot, Malwarebytes and AVG.
Was able to download Hitman and run from USB.  Found 33+ threats, and supposedly quarantined or deleted them.
Unable to scan with Spybot, because it said needed internet connection.
Scanned with Malwarebytes and found 1204 no malicious, and 2 malicious. Supposedly removed those as well.
 
Gen: Variant.Adware.Graftor.169592
HEUR: Trojan.Win32.Generic
Trojan.Generic.11651395
Troan.GenerickD.2082785
 
While running through these, Norton popped up something about Bloodhound.MalPE
 
I've told him he doesn't need Norton, but right now we don't know how to get rid of it.
 
Please let me know if you can help us out.  We will be available to post whatever is needed and proceed tomorrow. Thanks in advance!

 

The Norton's has since expired. Because I was instructed to do a system restore to a prior date, I fear the viruses are back.  Either way, I cannot modify the network settings and connect to the internet. Because of this, I had to downloaded the FRST program to a flash drive and scan.  
 
Here is the first FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Hannah (administrator) on EPTINGPC on 16-02-2015 05:33:22
Running from E:\Bert
Loaded Profiles: Hannah (Available profiles: Hannah)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
() C:\Users\Hannah\AppData\Local\ConvertAd\CASrv.exe
() C:\Program Files (x86)\surf slide\updatesurfslide.exe
() C:\Program Files (x86)\surf slide\bin\utilsurfslide.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Systweak) C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Hannah\AppData\Local\gmsd_us_89\upgmsd_us_89.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SoftBrain Technologies Ltd.) C:\Users\Hannah\AppData\Local\SmartWeb\SmartWebHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe
(SoftBrain Technologies Ltd.) C:\Users\Hannah\AppData\Local\SmartWeb\SmartWebApp.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe [1413632 2014-08-14] ()
HKLM-x32\...\Run: [BrowserSafeguard Update Task] => "C:\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true
HKLM-x32\...\Run: [fst_us_209] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [gmsd_us_89] => "C:\Program Files (x86)\gmsd_us_89\gmsd_us_89.exe"
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Hannah\AppData\Local\SmartWeb\SmartWebHelper.exe [270696 2014-12-31] (SoftBrain Technologies Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [upgmsd_us_89.exe] => C:\Users\Hannah\AppData\Local\gmsd_us_89\upgmsd_us_89.exe [3310760 2015-01-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\Run: [WebBar] => C:\Users\Hannah\AppData\Local\WebBar\2.0.5382.15320\wb.exe [225264 2014-09-26] (Web Bar Media)
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\Run: [GoogleChromeAutoLaunch_9A6EFE938925B0A31154F3911BF52CC0] => C:\Users\Hannah\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\MountPoints2: {3db5db5a-74b7-11e3-be79-a0481c10ef23} - "E:\MI.exe" 
AppInit_DLLs: C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\ProgramData\Performance Optimizer\PerformanceOptimizer_x64.dll [4303360 2014-09-09] ()
AppInit_DLLs-x32: C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll.dll => "C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
ShortcutTarget: SmartWeb.lnk -> C:\Users\Hannah\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Users\Hannah\AppData\Local\StormWatch\StormWatch.exe (No File)
Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Hannah\AppData\Local\StormWatch\StormWatchApp.exe (No File)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:49540;https=127.0.0.1:49540
ProxyServer: [HKLM-x32] => http=127.0.0.1:49540;https=127.0.0.1:49540
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affid=na
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Jf2ZObV-3fE-jrafiUv1sbZJDei3H350ifUGLZhTnXVkmFV1nW0LJiX522dSAwyuRaSphbsZimPIFCHzZnYZuYQt2U6V39CUkrdEvLXNTFrlMq5ULxe8xr4asbK3tWpsQo8zfA5qNqhqmi0URxs-5A,,&q={searchTerms}
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Jf2ZObV-3fE-jrafiUv1sbZJDei3H350ifUGLZhTnXVkmFV1nW0LJiX522dSAwyuRaSphbsZimPIFCHzZnYZuYQt2U6V39CUkrdEvLXNTFrlMq5ULxe8xr4asbK3tWpsQo8zfA5qNqhqmi0URxs-5A,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=293&itype=n&ver=13892&tm=495&src=ds&p={searchTerms}
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Jf2ZObV-3fE-jrafiUv1sbZJDei3H350ifUGLZhTnXVkmFV1nW0LJiX522dSAwyuRaSphbsZimPIFCHzZnYZuYQt2U6V39CUkrdEvLXNTFrlMq5ULxe8xr4asbK3tWpsQo8zfA5qNqhqmi0URxs-5A,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=293&itype=n&ver=13892&tm=495&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtCtD0E0FtBtA0EtDyEyDtN0D0Tzu0StCtDyBtBtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDzz0BtD0BtAyCzztGyDyCyB0AtGyC0ByByDtGyDyCyE0DtGyBzzzztByB0F0AyC0BtAtB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0EyEyE0AyBtDzztGtA0D0ByBtGyEyBtDtCtG0ByDtByCtGyC0FtByB0BtCzz0BtByB0Ezz2Q&cr=909913389&ir=
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtCtD0E0FtBtA0EtDyEyDtN0D0Tzu0StCtDyBtBtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDzz0BtD0BtAyCzztGyDyCyB0AtGyC0ByByDtGyDyCyE0DtGyBzzzztByB0F0AyC0BtAtB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0EyEyE0AyBtDzztGtA0D0ByBtGyEyBtDtCtG0ByDtByCtGyC0FtByB0BtCzz0BtByB0Ezz2Q&cr=909913389&ir=
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=293&itype=n&ver=13892&tm=495&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {A4AA60A4-0FD2-445E-8541-A862B0C3279F} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=721
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Jf2ZObV-3fE-jrafiUv1sbZJDei3H350ifUGLZhTnXVkmFV1nW0LJiX522dSAwyuRaSphbsZimPIFCHzZnYZuYQt2U6V39CUkrdEvLXNTFrlMq5ULxe8xr4asbK3tWpsQo8zfA5qNqhqmi0URxs-5A,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto4_14_31&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtCtD0E0FtBtA0EtDyEyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FyE1VtCyE1VtAtCtN1L1G1B1V1N2Y1L1Qzu2SyCyC0FzzyE0FyBzztG0AyBtA0FtG0A0FtA0CtG0FyBtC0FtGtCzytAyEyC0B0E0F0CtByDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0BzztCtC0B0AyEtG0Czy0EyEtGtB0CyB0AtG0FyE0EtBtGtByDtA0E0AtAyD0B0F0Azy0F2Q&cr=1959710150&ir=
BHO: Fun2Save -> {043a4300-aacd-459c-8062-941a02b70e3c} -> C:\ProgramData\Fun2Save\GylfZtmqKKJmL6.x64.dll ()
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Hannah\AppData\Local\Linkey\IEExtension\iedll64.dll No File
BHO: savinshop -> {59b909a8-7a6d-4935-9cb2-737d22191cc6} -> C:\ProgramData\savinshop\zclWdu1yU5EUlm.x64.dll ()
BHO: TakkeTheCouponn -> {5b52eccd-f73e-449d-a44c-67b599d6306c} -> C:\ProgramData\TakkeTheCouponn\My0y7ShXAEpnem.x64.dll ()
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: NetoiCoupOn -> {72049242-fe73-4f46-83a0-49dffc246f93} -> C:\ProgramData\NetoiCoupOn\UcsEwhqj4F8CzU.x64.dll ()
BHO: SaverAddonn -> {7c199875-4bbc-48aa-9c51-b692536e6f69} -> C:\ProgramData\SaverAddonn\qhm44cK78ldLv8.x64.dll ()
BHO: PriceeDowwnloadeR -> {88b81fa4-c4db-4336-92a2-3492812f6ad0} -> C:\ProgramData\PriceeDowwnloadeR\rvmXMERlMUme33.x64.dll ()
BHO: BlockAndSurf -> {9F9A9E97-1F3F-F344-012C-2EABBD8584E5} -> C:\Program Files (x86)\ver6BlockAndSurf\179_x64.dll ()
BHO: RegularDeals -> {C734DE6A-831B-7D2F-9813-2DE4AC476102} -> C:\ProgramData\RegularDeals\NQ3km1Vbu.x64.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Fun2Save -> {043a4300-aacd-459c-8062-941a02b70e3c} -> C:\ProgramData\Fun2Save\GylfZtmqKKJmL6.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: deali44reeal -> {2D1A7BC8-9C99-201C-9D5F-9AF9D29E1CEB} -> C:\ProgramData\deali44reeal\JXA0K.dll ()
BHO-x32: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Hannah\AppData\Local\Linkey\IEExtension\iedll.dll No File
BHO-x32: cosstminn -> {598A0855-E606-A987-499A-0BB7A5426F48} -> C:\Program Files (x86)\cosstminn\6GGup4.dll No File
BHO-x32: savinshop -> {59b909a8-7a6d-4935-9cb2-737d22191cc6} -> C:\ProgramData\savinshop\zclWdu1yU5EUlm.dll ()
BHO-x32: TakkeTheCouponn -> {5b52eccd-f73e-449d-a44c-67b599d6306c} -> C:\ProgramData\TakkeTheCouponn\My0y7ShXAEpnem.dll ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: BestSaveForYou -> {6453e787-a9c6-4f7c-b18d-c7e65037d26e} -> C:\ProgramData\BestSaveForYou\mUntNvz6yQNhXG.dll No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: NetoiCoupOn -> {72049242-fe73-4f46-83a0-49dffc246f93} -> C:\ProgramData\NetoiCoupOn\UcsEwhqj4F8CzU.dll ()
BHO-x32: NeteooCooupon -> {7b3890d6-916b-486f-b682-015366ba7854} -> C:\ProgramData\NeteooCooupon\gLAsrifqilSiqe.dll No File
BHO-x32: SaverAddonn -> {7c199875-4bbc-48aa-9c51-b692536e6f69} -> C:\ProgramData\SaverAddonn\qhm44cK78ldLv8.dll No File
BHO-x32: PriceeDowwnloadeR -> {88b81fa4-c4db-4336-92a2-3492812f6ad0} -> C:\ProgramData\PriceeDowwnloadeR\rvmXMERlMUme33.dll No File
BHO-x32: surf slide 1.0.0.6 -> {916acf26-e1a6-45da-b34f-2147d400448c} -> C:\Program Files (x86)\surf slide\surfslideBHO.dll (surf slide)
BHO-x32: BlockAndSurf -> {9F9A9E97-1F3F-F344-012C-2EABBD8584E5} -> C:\Program Files (x86)\ver6BlockAndSurf\179.dll No File
BHO-x32: Klip Pal 1.0.0.6 -> {a13d85a3-d31a-4f34-b4cd-fce576dc079e} -> C:\Program Files (x86)\Klip Pal\KlipPalBHO.dll No File
BHO-x32: RegularDeals -> {C734DE6A-831B-7D2F-9813-2DE4AC476102} -> C:\ProgramData\RegularDeals\NQ3km1Vbu.dll ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PRoShopPer -> {DD44AB3D-A2D3-C302-5066-9354C718161C} -> C:\ProgramData\PRoShopPer\vHknJyrQKy.dll No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: deal4real -> {f320613e-0155-428f-b741-b57d854c78ac} -> C:\ProgramData\deal4real\coiIccMjsY5mHR.dll No File
BHO-x32: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23\kzhxnitccw.dll No File
BHO-x32: DigiCouppoon -> {FFE4AEDB-DD5B-DACB-DB82-CF49946D266E} -> C:\ProgramData\DigiCouppoon\apE4i7.dll ()
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-02-15]
FF HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\Firefox\Extensions: [{56791912-F4C2-417E-D654-2D99CBE99C83}] - C:\Program Files (x86)\ver6BlockAndSurf\179.xpi
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa [2014-08-18]
CHR Extension: (BlockAndSurf) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehlpmmhfmolfcbneeikpkiohkkjcgde [2014-10-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-26]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\Hannah\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AllDaySavingsService64; C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2014-02-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2014-02-16] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]
S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32040 2014-07-21] () [File not signed] <==== ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 serverca; C:\Users\Hannah\AppData\Local\ConvertAd\CASrv.exe [181248 2015-01-14] () [File not signed]
R2 Update surf slide; C:\Program Files (x86)\surf slide\updatesurfslide.exe [632560 2015-01-23] ()
R2 Util surf slide; C:\Program Files (x86)\surf slide\bin\utilsurfslide.exe [632560 2015-01-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
S2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=B021CBBD-E38E-4F8C-8E93-6624B0597A23 [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 jAylTMhwMmZ; "C:\ProgramData\pLjxsAUgsQc\jAylTMhwMmZ.exe" [X]
S2 pastaleadsServiceCore; C:\Program Files (x86)\pastaleads\PastaLeadsService.exe [X]
S2 servervo; C:\Users\Hannah\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATTENTION
S2 SmdmFService; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [X]
S2 Update App Bud; "C:\Program Files (x86)\App Bud\updateAppBud.exe" [X]
S2 Update Klip Pal; "C:\Program Files (x86)\Klip Pal\updateKlipPal.exe" [X]
S2 Util Klip Pal; "C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-01-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-25] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\drivers\FlyUsb.sys [24576 2013-10-31] (LeapFrog)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-23] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.032\ENG64.SYS [129752 2015-01-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.032\EX64.SYS [2137304 2015-01-25] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-02-16] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [56504 2014-10-08] (Corsica)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R1 {4eb2a13d-18ae-409a-90b2-663225f13d69}w64; C:\Windows\System32\drivers\{4eb2a13d-18ae-409a-90b2-663225f13d69}w64.sys [48784 2015-01-13] (StdLib)
R1 {ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64; C:\Windows\System32\drivers\{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64.sys [48784 2015-01-23] (StdLib)
U4 CltMngSvc; No ImagePath
S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S1 {4bc8f9ab-e0f0-481d-bf94-159f3acf61de}w64; system32\drivers\{4bc8f9ab-e0f0-481d-bf94-159f3acf61de}w64.sys [X]
S1 {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64; system32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys [X]
S1 {e0c89f91-0178-4464-8daf-bec566dd2d9a}w64; system32\drivers\{e0c89f91-0178-4464-8daf-bec566dd2d9a}w64.sys [X]
S1 {fbcdebd1-63c6-4472-a6d6-7b58b0b8d1a8}w64; system32\drivers\{fbcdebd1-63c6-4472-a6d6-7b58b0b8d1a8}w64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 05:32 - 2015-02-16 05:33 - 00000000 ____D () C:\FRST
2015-02-15 15:51 - 2015-02-15 15:51 - 00003076 _____ () C:\Windows\System32\Tasks\Advanced-System Protector_startup
2015-02-15 15:45 - 2015-02-15 15:45 - 00000000 ____D () C:\ProgramData\Systweak
2015-02-13 08:49 - 2015-02-13 08:50 - 00001612 _____ () C:\Users\Hannah\Desktop\Rkill.txt
2015-02-12 17:16 - 2015-02-15 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-12 17:16 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Mozilla
2015-02-12 17:16 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Mozilla
2015-02-12 17:16 - 2015-02-12 17:16 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-12 17:08 - 2015-02-12 17:11 - 00000000 ____D () C:\AdwCleaner
2015-02-12 16:40 - 2015-02-12 16:40 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\SUPERAntiSpyware.com
2015-02-12 16:39 - 2015-02-15 15:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-12 16:39 - 2015-02-12 16:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-12 15:50 - 2015-02-15 15:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-12 15:50 - 2015-02-12 15:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 15:13 - 2015-02-15 15:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-12 15:13 - 2015-02-12 15:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-12 15:04 - 2015-02-12 15:04 - 00617824 _____ () C:\Users\Hannah\Documents\HitmanPro_20150212_1504.log
2015-02-12 15:00 - 2015-02-12 15:00 - 00592484 _____ () C:\Users\Hannah\Documents\HitmanPro_20150212_1500.log
2015-02-12 14:53 - 2015-02-15 15:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-12 12:09 - 2015-02-15 15:14 - 00000000 ____D () C:\Windows\pss
2015-01-26 17:12 - 2015-01-26 17:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2015-01-23 14:58 - 2015-02-15 15:19 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Pay-By-Ads
2015-01-23 14:58 - 2015-01-23 14:58 - 00003498 _____ () C:\Windows\System32\Tasks\Yahoo! Search Updater
2015-01-23 14:58 - 2015-01-23 14:58 - 00003494 _____ () C:\Windows\System32\Tasks\Yahoo! Search
2015-01-23 14:40 - 2015-01-23 06:27 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64.sys
2015-01-23 14:35 - 2015-02-15 15:52 - 00000000 ____D () C:\Users\Hannah\AppData\Local\CrashDumps
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 05:32 - 2012-07-26 02:28 - 00942994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 05:31 - 2013-12-12 22:21 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{951B22EF-8365-479C-ACEB-256387802C81}
2015-02-16 05:31 - 2012-07-26 02:21 - 00040225 _____ () C:\Windows\setupact.log
2015-02-16 05:30 - 2015-01-14 10:39 - 00000000 ____D () C:\Users\Hannah\AppData\Local\gmsd_us_89
2015-02-16 05:29 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-16 05:29 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-16 05:28 - 2013-12-12 22:16 - 01079615 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 16:35 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-15 16:16 - 2013-12-12 22:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2402670478-804093956-1478943341-1001
2015-02-15 16:12 - 2014-01-02 21:56 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-15 16:12 - 2014-01-02 21:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 16:08 - 2014-08-17 22:08 - 00000314 _____ () C:\Windows\Tasks\Groovorio Updater.job
2015-02-15 16:01 - 2014-01-31 22:30 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 15:57 - 2014-12-08 22:56 - 00000314 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2015-02-15 15:46 - 2015-01-14 10:59 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-02-15 15:44 - 2014-10-04 09:45 - 00000000 ____D () C:\Users\Hannah\AppData\Local\WebBar
2015-02-15 15:44 - 2014-01-31 22:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 15:44 - 2013-12-12 22:16 - 00000000 ____D () C:\Users\Hannah
2015-02-15 15:25 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 15:24 - 2015-01-12 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance
2015-02-15 15:24 - 2014-10-08 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2015-02-15 15:24 - 2014-10-08 22:38 - 00000000 ____D () C:\Program Files (x86)\ASP
2015-02-15 15:24 - 2014-10-08 22:37 - 00000000 ____D () C:\Program Files (x86)\RCP
2015-02-15 15:24 - 2014-08-14 12:42 - 00000000 ____D () C:\Program Files (x86)\LPT
2015-02-15 15:24 - 2014-08-14 12:40 - 00000000 ____D () C:\Users\Hannah\AppData\Local\LPT
2015-02-15 15:23 - 2014-07-15 08:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-15 15:23 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-15 15:21 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-15 15:21 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-02-15 15:21 - 2012-07-26 00:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-02-15 15:21 - 2012-07-26 00:37 - 00000000 ____D () C:\Windows\servicing
2015-02-15 15:20 - 2015-01-14 10:40 - 00000000 ____D () C:\Users\Hannah\AppData\Local\SmartWeb
2015-02-15 15:20 - 2015-01-14 09:29 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Compatibility Verifier
2015-02-15 15:20 - 2014-12-08 22:57 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-02-15 15:20 - 2014-12-08 22:57 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Vosteran
2015-02-15 15:20 - 2014-12-08 22:56 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\WSE_Vosteran
2015-02-15 15:20 - 2014-12-08 22:56 - 00000000 ____D () C:\Users\Hannah\AppData\Local\wincheck
2015-02-15 15:20 - 2014-10-08 22:44 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-02-15 15:20 - 2014-10-08 22:24 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instant PC Optimizer
2015-02-15 15:20 - 2014-10-08 22:23 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-02-15 15:20 - 2014-10-08 22:23 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Weather_Protector_LLC
2015-02-15 15:20 - 2014-10-08 22:23 - 00000000 ____D () C:\Users\Hannah\AppData\Local\StormWatch
2015-02-15 15:20 - 2014-08-18 22:53 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\istart123
2015-02-15 15:20 - 2014-08-18 22:52 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\MailUpdate
2015-02-15 15:20 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2015-02-15 15:20 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2015-02-15 15:20 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Torch
2015-02-15 15:20 - 2014-08-17 22:08 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\GroovorioUpdater
2015-02-15 15:20 - 2014-08-14 12:40 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Systweak
2015-02-15 15:20 - 2014-08-14 12:40 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Smartbar
2015-02-15 15:20 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-15 15:19 - 2014-12-08 22:26 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Search Extensions
2015-02-15 15:19 - 2014-10-08 22:24 - 00000000 ____D () C:\Users\Hannah\AppData\Local\pricehorse
2015-02-15 15:18 - 2015-01-14 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2015-02-15 15:18 - 2015-01-12 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
2015-02-15 15:18 - 2015-01-12 22:16 - 00000000 ____D () C:\ProgramData\PriceeDowwnloadeR
2015-02-15 15:18 - 2015-01-12 22:15 - 00000000 ____D () C:\ProgramData\SaverAddonn
2015-02-15 15:18 - 2015-01-12 09:27 - 00000000 ____D () C:\ProgramData\TakkeTheCouponn
2015-02-15 15:18 - 2014-12-23 11:23 - 00000000 ____D () C:\ProgramData\NetoiCoupOn
2015-02-15 15:18 - 2014-12-08 23:04 - 00000000 ____D () C:\ProgramData\savinshop
2015-02-15 15:18 - 2014-10-14 20:20 - 00000000 ____D () C:\ProgramData\NeteooCooupon
2015-02-15 15:18 - 2014-10-14 20:00 - 00000000 ____D () C:\ProgramData\PRoShopPer
2015-02-15 15:18 - 2014-10-08 22:40 - 00000000 ____D () C:\ProgramData\pastaleads
2015-02-15 15:18 - 2014-10-08 22:38 - 00000000 ____D () C:\Users\Hannah\AppData\Local\ConvertAd
2015-02-15 15:18 - 2014-10-08 22:37 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Linkey
2015-02-15 15:18 - 2014-10-08 22:37 - 00000000 ____D () C:\ProgramData\smdmf
2015-02-15 15:18 - 2014-09-09 08:48 - 00000000 ____D () C:\ProgramData\Performance Optimizer
2015-02-15 15:18 - 2014-08-26 20:54 - 00000000 ____D () C:\ProgramData\RegularDeals
2015-02-15 15:18 - 2014-08-18 22:53 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Chromatic Browser
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2015-02-15 15:18 - 2013-06-07 01:42 - 00000000 ____D () C:\ProgramData\Norton
2015-02-15 15:17 - 2015-01-14 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-02-15 15:17 - 2015-01-14 10:39 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_89
2015-02-15 15:17 - 2015-01-12 22:51 - 00000000 ____D () C:\Program Files (x86)\speed browser
2015-02-15 15:17 - 2015-01-12 21:57 - 00000000 ____D () C:\Program Files (x86)\WaInterEnhance
2015-02-15 15:17 - 2015-01-12 09:29 - 00000000 ____D () C:\ProgramData\BestSaveForYou
2015-02-15 15:17 - 2014-12-23 11:22 - 00000000 ____D () C:\ProgramData\deal4real
2015-02-15 15:17 - 2014-12-08 23:04 - 00000000 ____D () C:\ProgramData\Fun2Save
2015-02-15 15:17 - 2014-12-08 22:56 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
2015-02-15 15:17 - 2014-10-14 19:39 - 00000000 ____D () C:\ProgramData\Browser
2015-02-15 15:17 - 2014-10-08 22:41 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-02-15 15:17 - 2014-10-08 22:40 - 00000000 ____D () C:\Program Files (x86)\pastaleads
2015-02-15 15:17 - 2014-10-08 22:38 - 00000000 ____D () C:\Program Files (x86)\ver6BlockAndSurf
2015-02-15 15:17 - 2014-10-08 22:38 - 00000000 ____D () C:\Program Files (x86)\surf slide
2015-02-15 15:17 - 2014-10-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2015-02-15 15:17 - 2014-10-08 22:37 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2015-02-15 15:17 - 2014-10-08 22:24 - 00000000 ____D () C:\Program Files (x86)\Instant PC Optimizer
2015-02-15 15:17 - 2014-10-08 22:22 - 00000000 ____D () C:\ProgramData\Disasteroids
2015-02-15 15:17 - 2014-09-11 15:06 - 00000000 ____D () C:\ProgramData\DigiCouppoon
2015-02-15 15:17 - 2014-09-09 21:46 - 00000000 ____D () C:\ProgramData\deali44reeal
2015-02-15 15:17 - 2014-08-18 22:52 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-02-15 15:17 - 2014-08-18 22:33 - 00000000 ____D () C:\ProgramData\44623b39dc631b20
2015-02-15 15:17 - 2014-08-18 22:33 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2015-02-15 15:17 - 2014-08-14 12:26 - 00000000 ____D () C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2015-02-15 15:17 - 2014-08-14 12:16 - 00000000 ____D () C:\Program Files (x86)\BrowserSafeguard
2015-02-15 15:17 - 2014-06-11 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-02-15 15:17 - 2014-06-11 21:31 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-02-15 15:17 - 2014-01-02 21:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-15 15:14 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\registration
2015-02-15 15:10 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-02-15 15:10 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-02-15 15:10 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\HomeGroupUser$
2015-02-15 15:08 - 2015-01-14 10:40 - 00000000 ____D () C:\ProgramData\COMODO
2015-02-15 15:08 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Comodo
2015-02-15 15:08 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-02-15 15:08 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2015-02-15 15:08 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Guest
2015-02-15 15:08 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-02-15 15:08 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2015-02-15 15:08 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Administrator
2015-02-15 15:07 - 2015-01-14 10:40 - 00000000 ____D () C:\Program Files\COMODO
2015-02-13 08:54 - 2013-12-16 00:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-12 18:27 - 2014-08-12 20:58 - 00008192 ___SH () C:\Users\Hannah\Documents\Thumbs.db
2015-02-12 17:01 - 2012-08-03 17:23 - 02150074 _____ () C:\Windows\PFRO.log
2015-02-12 14:36 - 2013-12-27 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 13:36 - 2014-01-07 22:04 - 00393728 ___SH () C:\Users\Hannah\Desktop\Thumbs.db
2015-02-11 17:08 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-26 17:33 - 2015-01-12 09:17 - 00000000 ____D () C:\Users\Hannah\AppData\Local\f494fb7e-4f8f-49df-ae05-307f2e80dbbf
2015-01-26 17:07 - 2015-01-14 10:58 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-01-26 17:06 - 2015-01-14 11:08 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-01-26 17:05 - 2015-01-14 11:08 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2015-01-26 17:05 - 2015-01-14 10:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-01-26 17:02 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-23 18:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2015-01-23 17:33 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2015-01-23 15:56 - 2014-10-08 22:37 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2015-01-23 14:57 - 2012-07-26 00:26 - 00000194 _____ () C:\Windows\win.ini
2015-01-23 14:56 - 2014-10-14 20:08 - 00000165 _____ () C:\Users\Hannah\AppData\Roaming\WB.CFG
2015-01-23 14:54 - 2014-01-31 22:32 - 00000000 ___RD () C:\Users\Hannah\Google Drive
 
==================== Files in the root of some directories =======
 
2014-08-14 12:15 - 2014-08-14 12:18 - 0060416 _____ (Fusion Install        ) C:\Users\Hannah\AppData\Roaming\setup.exe
2014-10-14 20:08 - 2015-01-23 14:56 - 0000165 _____ () C:\Users\Hannah\AppData\Roaming\WB.CFG
2014-12-08 23:08 - 2014-12-23 11:59 - 0000010 _____ () C:\Users\Hannah\AppData\Local\DSI.DAT
2014-12-23 11:56 - 2014-12-23 11:56 - 0234679 _____ () C:\Users\Hannah\AppData\Local\dsi1.dat
2014-12-23 11:56 - 2014-12-23 11:57 - 0022528 _____ () C:\Users\Hannah\AppData\Local\dsisetup12584737031.exe
2014-12-23 11:59 - 2014-12-23 11:59 - 0022528 _____ () C:\Users\Hannah\AppData\Local\dsisetup12585937652.exe
2014-12-08 23:08 - 2014-12-08 23:08 - 0022528 _____ () C:\Users\Hannah\AppData\Local\dsisetup27110622.exe
2015-01-12 09:08 - 2015-01-12 09:08 - 0520003 _____ () C:\Users\Hannah\AppData\Local\upd2976331218.exe
2014-01-02 21:22 - 2014-01-07 22:08 - 0001315 _____ () C:\ProgramData\hpzinstall.log
2013-12-12 22:19 - 2013-12-12 22:19 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-14 14:32
 
==================== End Of Log ============================
 
 
The additional log is attached.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:41 PM

Posted 16 February 2015 - 07:18 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Your system is badly infected. It will take me some time to create a fix.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:41 PM

Posted 16 February 2015 - 08:43 AM

Hi again,

 

 

STEP 1

 

 

Please go ahead and uninstall the following programs from the Control Panel:

 

Advanced-System Protector
AnyProtect
BestSaveForYou
BlockAndSurf
Buzzdock
ConvertAd
cosstminn
deal4real
DigiCouppoon
Fun2Save
GamesDesktop 025.89
GeekBuddy
istart123 uninstall
Klip Pal
Linkey
LPT System Updater Service
McAfee Security Scan Plus
NetoiCoupOn
PastaQuotes
Performance Optimizer
PriceeDowwnloadeR
Price-Horse
PRoShopPer
RegClean-Pro
RegularDeals
RocketTab
SafeFinder Smartbar
SaverAddonn
savinshop
Settings Manager
SmartWeb
speed browser
StormWatch
Supporter 1.80
surf slide
TakkeTheCouponn
Vosteran
Wajam
Web Bar 2.0.5382.15320
WinCheck
WinZipper
WSE_Vosteran
Yahoo! Search

 

If some of them refuse to uninstall then use this tool to get rid of them.

 

 

 

STEP 2

 

 

 

Please download the following file => and save it on the flash drive where FRST64.exe is located

Transfer both files (FRST.64.exe and fixlist.txt) to the affected computer
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST64.exe and press the Fix button just once and wait.
The tool will make a log file in the same folder where frst64.exe is located named (Fixlog.txt). Please post it to your reply. (if unable to connect to internet then transfer the file using the flash drive and post it from a clean computer).

 

 

 

Regards,

Georgi


cXfZ4wS.png


#4 newschick

newschick
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:41 AM

Posted 16 February 2015 - 09:50 AM

Unable to uninstall the following:

 

Advanced-System Protector -Message file "C/Program Files (x86)\ASP\unins00.msg is missing. Please correct the problem or obtain a new copy of the program.
 

AnyProtect =Message: Connection Error (File Open Error) Please check your internet connection and hit OK.

BestSaveForYou -NOTHING happens when I choose uninstall

BlockAndSurf -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

Buzzdock -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

ConvertAd -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

cosstminn -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

deal4real -NOTHING happens when I select uninstall

DigiCouppoon -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

Fun2Save - NOTHING happens when I select uninstall

GamesDesktop 025.89 -Message file "C/Program Files (x86)\gmsd_us_89\unins000.msg is missing. Please correct the problem or obtain a new copy of the program.

istart123 uninstall -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

Klip Pal -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

LPT System Updater Service -The featrue you are trying to use is on a network resource that is unavalable. Cllick OK to try again, or enter an alternate path to a folder containing the installation package LPTInstaller.msi in the box below:  It is currently directed to: C:\Users\Hannah\AppData\Local\LPT\

NetoiCoupOn -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

PastaQuotes -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

Performance Optimizer -There was a problem starting C:\PROGA~3\PERFOR~1\PERFOR~`.DLL The specified module could not be found.

PriceeDowwnloadeR -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

Price-Horse -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

PRoShopPer -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

RegClean-Pro -Messsages file "C:\Program Files (x86)\RCP\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program.

 
RegularDeals -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

RocketTab -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

 
SafeFinder Smartbar -please wait while Windows configures SafeFinder Smartbar -- IT HUNG ON THIS FOR QUITE A WHILE, so I selected CANCEL, and it that stayed hung for quite a while so I tried to end in TaskManager, but it isn't responding.

 

SaverAddonn -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.
 

savinshop -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

 

Settings Manager -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

 

SmartWeb -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.


Supporter 1.80 - There was a problem starting C:\PROGRA~2\SUPPOR~1\SUPPOR~1.DLL  - the specified module could not be found


surf slide -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.


TakkeTheCouponn -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.


Vosteran -NOTHING appeared to happen, but it is no longer listed in the programs and features ?


Wajam -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.


Web Bar 2.0.5382.15320 -File "C\Users\Hannah\AppData\Local\WebBar\unins000.data" does not exist. Cannot uninstall.


WinZipper - will not uninstall, just keeps freezing up


WSE_Vosteran -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.


Yahoo! Search -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.

 

I was going to attempt to remove the above with the FixIt program, but it says it does not apply to your operating system of application version. Looking for another download. ETA: just noticed I pulled the wrong FixIt from the FlashDrive. When I attempted using the correct program: Troubleshooting cannot continue because an error has occurred. We're sorry, but the program encountered an error trying to contact the server. Please try again later - [code 80072EFD]

 

Looks like the FixIt program won't work. What now?  ETA: The program was hung, so I attempted a force restart ... saying it is installing 10 updates and then restarted. Attemped FixIt again, same message was given.


Edited by newschick, 16 February 2015 - 10:47 AM.


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:41 PM

Posted 16 February 2015 - 11:20 AM

Hi,

 

Please create a new restore point first. See here how.

 

Now please download GeekUninstaller and save it to your usb flash drive and transfer it to the affected computer.

Extract the archive and run the file geek.exe IxXO5oO.jpg
From the list find and uninstall the programs above

 
Right click on the Advanced-System Protector for example and click on the Uninstall button. (here is an example pic for Mozilla Firefox)
 
XhV2QLa.png
 
Once the uninstallation is complete, the following window will appear to let you remove all leftovers including unnecessary files, useless folders, registry entries related to the uninstalled program.

Here is an example for Opera brower:
 
geek-uninstaller-remove-leftovers.png
 

Click on the “Finish” button to remove all detected traces.

Finally, click on the “Close” button to complete and go back to the main interface of Geek Uninstaller .

Next remove the rest of the programs.

Next continue with the rest of the instructions from my previous post.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 newschick

newschick
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:41 AM

Posted 16 February 2015 - 11:32 AM

I've tried to use Geek Uninstaller on the 1st program in the list - Advance System Protector. I am getting the same message;

"C/Program Files (x86)\ASP\unins00.msg is missing. Please correct the problem or obtain a new copy of the program.
 

Should I select Force Removal when they won't uninstall?



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:41 PM

Posted 16 February 2015 - 11:46 AM

No for now. GeekUninstaller should be able to scan for traces and will let you remove them even the installers are corrupted.

Let me know about the results.

 

 

Regards,

Georgi


cXfZ4wS.png


#8 newschick

newschick
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:41 AM

Posted 16 February 2015 - 11:55 AM

Still unable to uninstall the following:

Advanced-System Protector -Message file "C/Program Files (x86)\ASP\unins00.msg is missing. Please correct the problem or obtain a new copy of the program.
 

AnyProtect =Message: Connection Error (File Open Error) Please check your internet connection and hit OK.

BestSaveForYou -NOTHING happens when I choose uninstall

 

deal4real -NOTHING happens when I select uninstall

 

Fun2Save - NOTHING happens when I select uninstall

 

GamesDesktop 025.89 -Message file "C/Program Files (x86)\gmsd_us_89\unins000.msg is missing. Please correct the problem or obtain a new copy of the program.

 

LPT System Updater Service -The featrue you are trying to use is on a network resource that is unavalable. Cllick OK to try again, or enter an alternate path to a folder containing the installation package LPTInstaller.msi in the box below:  It is currently directed to: C:\Users\Hannah\AppData\Local\LPT\


Performance Optimizer -There was a problem starting C:\PROGA~3\PERFOR~1\PERFOR~`.DLL The specified module could not be found.

 

RegClean-Pro -Messsages file "C:\Program Files (x86)\RCP\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program.

 

Supporter 1.80 - There was a problem starting C:\PROGRA~2\SUPPOR~1\SUPPOR~1.DLL  - the specified module could not be found


surf slide -An error occurred while trying to uninstall - may have already been uninstalled. Said yes to remove from the Programs and Features list.


Web Bar 2.0.5382.15320 -File "C\Users\Hannah\AppData\Local\WebBar\unins000.dat" does not exist. Cannot uninstall.


WinZipper - nothing happens



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:41 PM

Posted 16 February 2015 - 12:01 PM

Hi,

 

Ok, we will remove them manually if they still exist at the end of the cleaning process.

Please proceed with step 2 now and post back the fixlog.txt. :)

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#10 newschick

newschick
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:41 AM

Posted 16 February 2015 - 12:20 PM

Completed.

Tried again to connect to internet, but got a different message:
Internet Explorer - Search Provider Default

A program on your computer has corrupted your default search provider setting for Internet Explorer.

Internet Explorer has reset this setting to your original search provider, Bing (www.bing.com).

Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.

 

Should I click OK???

 

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Hannah at 2015-02-16 12:09:51 Run:1
Running from C:\Users\Hannah\Desktop
Loaded Profiles: Hannah (Available profiles: Hannah)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\WinZipper
C:\Users\Hannah\AppData\Local\ConvertAd
C:\Program Files (x86)\surf slide
C:\Program Files (x86)\ASP
C:\Users\Hannah\AppData\Local\gmsd_us_89
C:\Users\Hannah\AppData\Local\SmartWeb
C:\Program Files (x86)\BrowserSafeguard
HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe [1413632 2014-08-14] ()
HKLM-x32\...\Run: [BrowserSafeguard Update Task] => "C:\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true
HKLM-x32\...\Run: [fst_us_209] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
C:\Program Files (x86)\AnyProtectEx
HKLM-x32\...\Run: [gmsd_us_89] => "C:\Program Files (x86)\gmsd_us_89\gmsd_us_89.exe"
C:\Program Files (x86)\gmsd_us_89
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Hannah\AppData\Local\SmartWeb\SmartWebHelper.exe [270696 2014-12-31] (SoftBrain Technologies Ltd.)
HKLM-x32\...\RunOnce: [upgmsd_us_89.exe] => C:\Users\Hannah\AppData\Local\gmsd_us_89\upgmsd_us_89.exe [3310760 2015-01-13] ()
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\Run: [WebBar] => C:\Users\Hannah\AppData\Local\WebBar\2.0.5382.15320\wb.exe [225264 2014-09-26] (Web Bar Media)
C:\Users\Hannah\AppData\Local\WebBar
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\Run: [GoogleChromeAutoLaunch_9A6EFE938925B0A31154F3911BF52CC0] => C:\Users\Hannah\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
C:\Users\Hannah\AppData\Local\Vosteran
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\MountPoints2: {3db5db5a-74b7-11e3-be79-a0481c10ef23} - "E:\MI.exe" 
AppInit_DLLs: C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\ProgramData\Performance Optimizer\PerformanceOptimizer_x64.dll [4303360 2014-09-09] ()
C:\ProgramData\Performance Optimizer
AppInit_DLLs-x32: C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll.dll => "C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found
C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll
C:\Program Files (x86)\Settings Manager
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:49540;https=127.0.0.1:49540
ProxyServer: [HKLM-x32] => http=127.0.0.1:49540;https=127.0.0.1:49540
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affid=na
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=293&itype=n&ver=13892&tm=495&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408420321&from=tt4u&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=293&itype=n&ver=13892&tm=495&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1421251114&from=wpm01143&uid=TOSHIBAXMQ01ABF050_83O5S9I6SXX83O5S9I6S&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=293&itype=n&ver=13892&tm=495&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2402670478-804093956-1478943341-1001 -> {A4AA60A4-0FD2-445E-8541-A862B0C3279F} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=721
BHO: Fun2Save -> {043a4300-aacd-459c-8062-941a02b70e3c} -> C:\ProgramData\Fun2Save\GylfZtmqKKJmL6.x64.dll ()
C:\ProgramData\Fun2Save
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Hannah\AppData\Local\Linkey\IEExtension\iedll64.dll No File
BHO: savinshop -> {59b909a8-7a6d-4935-9cb2-737d22191cc6} -> C:\ProgramData\savinshop\zclWdu1yU5EUlm.x64.dll ()
C:\ProgramData\savinshop
BHO: TakkeTheCouponn -> {5b52eccd-f73e-449d-a44c-67b599d6306c} -> C:\ProgramData\TakkeTheCouponn\My0y7ShXAEpnem.x64.dll ()
C:\ProgramData\TakkeTheCouponn
BHO: NetoiCoupOn -> {72049242-fe73-4f46-83a0-49dffc246f93} -> C:\ProgramData\NetoiCoupOn\UcsEwhqj4F8CzU.x64.dll ()
C:\ProgramData\NetoiCoupOn
BHO: SaverAddonn -> {7c199875-4bbc-48aa-9c51-b692536e6f69} -> C:\ProgramData\SaverAddonn\qhm44cK78ldLv8.x64.dll ()
C:\ProgramData\SaverAddonn
BHO: PriceeDowwnloadeR -> {88b81fa4-c4db-4336-92a2-3492812f6ad0} -> C:\ProgramData\PriceeDowwnloadeR\rvmXMERlMUme33.x64.dll ()
C:\ProgramData\PriceeDowwnloadeR
BHO: BlockAndSurf -> {9F9A9E97-1F3F-F344-012C-2EABBD8584E5} -> C:\Program Files (x86)\ver6BlockAndSurf\179_x64.dll ()
C:\Program Files (x86)\ver6BlockAndSurf
BHO: RegularDeals -> {C734DE6A-831B-7D2F-9813-2DE4AC476102} -> C:\ProgramData\RegularDeals\NQ3km1Vbu.x64.dll ()
C:\ProgramData\RegularDeals
BHO-x32: Fun2Save -> {043a4300-aacd-459c-8062-941a02b70e3c} -> C:\ProgramData\Fun2Save\GylfZtmqKKJmL6.dll ()
BHO-x32: deali44reeal -> {2D1A7BC8-9C99-201C-9D5F-9AF9D29E1CEB} -> C:\ProgramData\deali44reeal\JXA0K.dll ()
C:\ProgramData\deali44reeal
BHO-x32: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Hannah\AppData\Local\Linkey\IEExtension\iedll.dll No File
BHO-x32: cosstminn -> {598A0855-E606-A987-499A-0BB7A5426F48} -> C:\Program Files (x86)\cosstminn\6GGup4.dll No File
BHO-x32: savinshop -> {59b909a8-7a6d-4935-9cb2-737d22191cc6} -> C:\ProgramData\savinshop\zclWdu1yU5EUlm.dll ()
BHO-x32: TakkeTheCouponn -> {5b52eccd-f73e-449d-a44c-67b599d6306c} -> C:\ProgramData\TakkeTheCouponn\My0y7ShXAEpnem.dll ()
BHO-x32: BestSaveForYou -> {6453e787-a9c6-4f7c-b18d-c7e65037d26e} -> C:\ProgramData\BestSaveForYou\mUntNvz6yQNhXG.dll No File
BHO-x32: NetoiCoupOn -> {72049242-fe73-4f46-83a0-49dffc246f93} -> C:\ProgramData\NetoiCoupOn\UcsEwhqj4F8CzU.dll ()
BHO-x32: NeteooCooupon -> {7b3890d6-916b-486f-b682-015366ba7854} -> C:\ProgramData\NeteooCooupon\gLAsrifqilSiqe.dll No File
BHO-x32: SaverAddonn -> {7c199875-4bbc-48aa-9c51-b692536e6f69} -> C:\ProgramData\SaverAddonn\qhm44cK78ldLv8.dll No File
BHO-x32: PriceeDowwnloadeR -> {88b81fa4-c4db-4336-92a2-3492812f6ad0} -> C:\ProgramData\PriceeDowwnloadeR\rvmXMERlMUme33.dll No File
BHO-x32: surf slide 1.0.0.6 -> {916acf26-e1a6-45da-b34f-2147d400448c} -> C:\Program Files (x86)\surf slide\surfslideBHO.dll (surf slide)
BHO-x32: BlockAndSurf -> {9F9A9E97-1F3F-F344-012C-2EABBD8584E5} -> C:\Program Files (x86)\ver6BlockAndSurf\179.dll No File
BHO-x32: Klip Pal 1.0.0.6 -> {a13d85a3-d31a-4f34-b4cd-fce576dc079e} -> C:\Program Files (x86)\Klip Pal\KlipPalBHO.dll No File
BHO-x32: RegularDeals -> {C734DE6A-831B-7D2F-9813-2DE4AC476102} -> C:\ProgramData\RegularDeals\NQ3km1Vbu.dll ()
BHO-x32: PRoShopPer -> {DD44AB3D-A2D3-C302-5066-9354C718161C} -> C:\ProgramData\PRoShopPer\vHknJyrQKy.dll No File
BHO-x32: deal4real -> {f320613e-0155-428f-b741-b57d854c78ac} -> C:\ProgramData\deal4real\coiIccMjsY5mHR.dll No File
BHO-x32: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23\kzhxnitccw.dll No File
BHO-x32: DigiCouppoon -> {FFE4AEDB-DD5B-DACB-DB82-CF49946D266E} -> C:\ProgramData\DigiCouppoon\apE4i7.dll ()
C:\ProgramData\DigiCouppoon
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
FF HKU\S-1-5-21-2402670478-804093956-1478943341-1001\...\Firefox\Extensions: [{56791912-F4C2-417E-D654-2D99CBE99C83}] - C:\Program Files (x86)\ver6BlockAndSurf\179.xpi
CHR Extension: (No Name) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa [2014-08-18]
CHR Extension: (BlockAndSurf) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehlpmmhfmolfcbneeikpkiohkkjcgde [2014-10-08]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\Hannah\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [Not Found]
S2 AllDaySavingsService64; C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23
S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32040 2014-07-21] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\LPT
R2 serverca; C:\Users\Hannah\AppData\Local\ConvertAd\CASrv.exe [181248 2015-01-14] () [File not signed]
R2 Update surf slide; C:\Program Files (x86)\surf slide\updatesurfslide.exe [632560 2015-01-23] ()
R2 Util surf slide; C:\Program Files (x86)\surf slide\bin\utilsurfslide.exe [632560 2015-01-23] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
S2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=B021CBBD-E38E-4F8C-8E93-6624B0597A23 [X]
C:\Program Files\005
S2 jAylTMhwMmZ; "C:\ProgramData\pLjxsAUgsQc\jAylTMhwMmZ.exe" [X]
C:\ProgramData\pLjxsAUgsQc
S2 pastaleadsServiceCore; C:\Program Files (x86)\pastaleads\PastaLeadsService.exe [X]
C:\Program Files (x86)\pastaleads
S2 servervo; C:\Users\Hannah\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATTENTION
C:\Users\Hannah\AppData\Roaming\VOPackage
S2 SmdmFService; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [X]
S2 Update App Bud; "C:\Program Files (x86)\App Bud\updateAppBud.exe" [X]
C:\Program Files (x86)\App Bud
S2 Update Klip Pal; "C:\Program Files (x86)\Klip Pal\updateKlipPal.exe" [X]
C:\Program Files (x86)\Klip Pal
S2 Util Klip Pal; "C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe" [X]
R1 {4eb2a13d-18ae-409a-90b2-663225f13d69}w64; C:\Windows\System32\drivers\{4eb2a13d-18ae-409a-90b2-663225f13d69}w64.sys [48784 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{4eb2a13d-18ae-409a-90b2-663225f13d69}w64.sys
R1 {ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64; C:\Windows\System32\drivers\{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64.sys [48784 2015-01-23] (StdLib)
C:\Windows\System32\drivers\{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64.sys
U4 CltMngSvc; No ImagePath
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S1 {4bc8f9ab-e0f0-481d-bf94-159f3acf61de}w64; system32\drivers\{4bc8f9ab-e0f0-481d-bf94-159f3acf61de}w64.sys [X]
S1 {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64; system32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys [X]
S1 {e0c89f91-0178-4464-8daf-bec566dd2d9a}w64; system32\drivers\{e0c89f91-0178-4464-8daf-bec566dd2d9a}w64.sys [X]
S1 {fbcdebd1-63c6-4472-a6d6-7b58b0b8d1a8}w64; system32\drivers\{fbcdebd1-63c6-4472-a6d6-7b58b0b8d1a8}w64.sys [X]
2015-02-15 15:51 - 2015-02-15 15:51 - 00003076 _____ () C:\Windows\System32\Tasks\Advanced-System Protector_startup
2015-02-15 15:45 - 2015-02-15 15:45 - 00000000 ____D () C:\ProgramData\Systweak
2015-01-23 14:58 - 2015-02-15 15:19 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Pay-By-Ads
2015-01-23 14:58 - 2015-01-23 14:58 - 00003498 _____ () C:\Windows\System32\Tasks\Yahoo! Search Updater
2015-01-23 14:58 - 2015-01-23 14:58 - 00003494 _____ () C:\Windows\System32\Tasks\Yahoo! Search
2015-01-23 14:40 - 2015-01-23 06:27 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64.sys
2015-02-15 15:57 - 2014-12-08 22:56 - 00000314 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2015-02-15 15:24 - 2014-10-08 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2015-02-15 15:24 - 2014-10-08 22:37 - 00000000 ____D () C:\Program Files (x86)\RCP
2015-02-15 15:24 - 2014-08-14 12:40 - 00000000 ____D () C:\Users\Hannah\AppData\Local\LPT
2015-02-15 15:20 - 2014-12-08 22:57 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-02-15 15:20 - 2014-12-08 22:56 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\WSE_Vosteran
2015-02-15 15:20 - 2014-12-08 22:56 - 00000000 ____D () C:\Users\Hannah\AppData\Local\wincheck
2015-02-15 15:20 - 2014-10-08 22:44 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-02-15 15:20 - 2014-10-08 22:24 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instant PC Optimizer
2015-02-15 15:20 - 2014-10-08 22:23 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-02-15 15:20 - 2014-10-08 22:23 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Weather_Protector_LLC
2015-02-15 15:20 - 2014-10-08 22:23 - 00000000 ____D () C:\Users\Hannah\AppData\Local\StormWatch
2015-02-15 15:20 - 2014-08-18 22:53 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\istart123
2015-02-15 15:20 - 2014-08-18 22:52 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\MailUpdate
2015-02-15 15:20 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2015-02-15 15:20 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2015-02-15 15:20 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Torch
2015-02-15 15:20 - 2014-08-17 22:08 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\GroovorioUpdater
2015-02-15 15:20 - 2014-08-14 12:40 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Systweak
2015-02-15 15:20 - 2014-08-14 12:40 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Smartbar
2015-02-15 15:19 - 2014-12-08 22:26 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Search Extensions
2015-02-15 15:19 - 2014-10-08 22:24 - 00000000 ____D () C:\Users\Hannah\AppData\Local\pricehorse
2015-02-15 15:18 - 2015-01-14 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2015-02-15 15:18 - 2014-10-14 20:20 - 00000000 ____D () C:\ProgramData\NeteooCooupon
2015-02-15 15:18 - 2014-10-14 20:00 - 00000000 ____D () C:\ProgramData\PRoShopPer
2015-02-15 15:18 - 2014-10-08 22:40 - 00000000 ____D () C:\ProgramData\pastaleads
2015-02-15 15:18 - 2014-10-08 22:38 - 00000000 ____D () C:\Users\Hannah\AppData\Local\ConvertAd
2015-02-15 15:18 - 2014-10-08 22:37 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Linkey
2015-02-15 15:18 - 2014-10-08 22:37 - 00000000 ____D () C:\ProgramData\smdmf
2015-02-15 15:18 - 2014-08-18 22:53 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Chromatic Browser
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2015-02-15 15:18 - 2014-08-18 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2015-02-15 15:17 - 2015-01-12 22:51 - 00000000 ____D () C:\Program Files (x86)\speed browser
2015-02-15 15:17 - 2015-01-12 21:57 - 00000000 ____D () C:\Program Files (x86)\WaInterEnhance
2015-02-15 15:17 - 2015-01-12 09:29 - 00000000 ____D () C:\ProgramData\BestSaveForYou
2015-02-15 15:17 - 2014-12-23 11:22 - 00000000 ____D () C:\ProgramData\deal4real
2015-02-15 15:17 - 2014-12-08 22:56 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
2015-02-15 15:17 - 2014-10-14 19:39 - 00000000 ____D () C:\ProgramData\Browser
2015-02-15 15:17 - 2014-10-08 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2015-02-15 15:17 - 2014-10-08 22:24 - 00000000 ____D () C:\Program Files (x86)\Instant PC Optimizer
2015-02-15 15:17 - 2014-08-18 22:52 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-02-15 15:17 - 2014-08-18 22:33 - 00000000 ____D () C:\ProgramData\44623b39dc631b20
2015-02-15 15:17 - 2014-08-18 22:33 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2015-01-26 17:33 - 2015-01-12 09:17 - 00000000 ____D () C:\Users\Hannah\AppData\Local\f494fb7e-4f8f-49df-ae05-307f2e80dbbf
2015-01-23 15:56 - 2014-10-08 22:37 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-08-14 12:15 - 2014-08-14 12:18 - 0060416 _____ (Fusion Install        ) C:\Users\Hannah\AppData\Roaming\setup.exe
Task: {08855F6F-75EA-4E6B-91A1-17DD47A40130} - System32\Tasks\Yahoo! Search => C:\Users\Hannah\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe <==== ATTENTION
Task: {23415FB9-BF8D-470C-A96E-673427E2853F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4DDFE5B2-EF19-4EAA-9A4A-83B15C05E6E0} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-10-07] (Systweak) <==== ATTENTION
Task: {7491073B-B8EB-4FBE-923D-AD373A2A5ED1} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ATTENTION
Task: {74FB86EB-0A82-4ABE-9AD1-1F3DD9C14421} - System32\Tasks\Price-Horse Udpater => C:\Users\Hannah\AppData\Local\pricehorse\pricehorse\1.3.13.12\playsetup.exe <==== ATTENTION
Task: {7820148C-2EC0-4202-B3EB-BDEEF8AC1F7B} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe [2014-09-09] ()
Task: {7C4C3F38-11FD-4BF7-9A90-49C83ADDB735} - System32\Tasks\Yahoo! Search Updater => C:\Users\Hannah\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrsetup.exe <==== ATTENTION
Task: {7CE62184-32A9-49AF-9D05-FDBF66722A5D} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Hannah\AppData\Local\SmartWeb\SmartWebHelper.exe [2014-12-31] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {8FA2877F-52C2-40B4-AC93-5EFBD2FA5528} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9D49DFFA-29B8-46CE-B79A-EE4FD5AF8A2B} - System32\Tasks\WSE_Vosteran => C:\Users\Hannah\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2014-12-08] () <==== ATTENTION
Task: {C0069BB6-4A94-4EC7-8462-7156407A4AE7} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ATTENTION
Task: {CD4BEA0F-4258-4D22-9F17-76BB01608C82} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ATTENTION
Task: {D63CC283-CC49-4912-BCE7-ECF6B0CC3C91} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D71A6374-5F99-4D35-9276-CA7AA7230CDA} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E35AF27C-43F1-4E69-A794-33A0584C8309} - System32\Tasks\Price-Horse => C:\Users\Hannah\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe <==== ATTENTION
Task: {EE0D3118-CFFA-4201-B980-1F67AEBD8EE8} - System32\Tasks\Groovorio Updater => C:\Users\Hannah\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe [2013-04-09] () <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Groovorio Updater.job => C:\Users\Hannah\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Hannah\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "AnyProtect Scanner" /f
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
emptytemp:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\WinZipper => Moved successfully.
C:\Users\Hannah\AppData\Local\ConvertAd => Moved successfully.
C:\Program Files (x86)\surf slide => Moved successfully.
C:\Program Files (x86)\ASP => Moved successfully.
C:\Users\Hannah\AppData\Local\gmsd_us_89 => Moved successfully.
 
"C:\Users\Hannah\AppData\Local\SmartWeb" directory move:
 
C:\Users\Hannah\AppData\Local\SmartWeb\SmartWebApp.exe => Moved successfully.
C:\Users\Hannah\AppData\Local\SmartWeb\SmartWebHelper.exe => Moved successfully.
C:\Users\Hannah\AppData\Local\SmartWeb\swhk.dll => Moved successfully.
Could not move "C:\Users\Hannah\AppData\Local\SmartWeb" directory. => Scheduled to move on reboot.
 
C:\Program Files (x86)\BrowserSafeguard => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard Update Task => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_209 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => value deleted successfully.
C:\Program Files (x86)\AnyProtectEx => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_89 => value deleted successfully.
C:\Program Files (x86)\gmsd_us_89 => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_us_89.exe => value deleted successfully.
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WebBar => value deleted successfully.
C:\Users\Hannah\AppData\Local\WebBar => Moved successfully.
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9A6EFE938925B0A31154F3911BF52CC0 => Value not found.
C:\Users\Hannah\AppData\Local\Vosteran => Moved successfully.
"HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3db5db5a-74b7-11e3-be79-a0481c10ef23}" => Key deleted successfully.
HKCR\CLSID\{3db5db5a-74b7-11e3-be79-a0481c10ef23} => Key not found. 
"C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll64.dll" => Value Data removed successfully.
" C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
" C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL" => Value Data removed successfully.
" C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL" => Value Data removed successfully.
C:\ProgramData\Performance Optimizer => Moved successfully.
"C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll.dll" => Value Data removed successfully.
" C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
" c:\progra~2\suppor~1\suppor~1.dll" => Value Data removed successfully.
C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => Moved successfully.
"C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk" => File/Directory not found.
"C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk" => File/Directory not found.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
C:\Program Files (x86)\Settings Manager => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found. 
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
"HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found. 
"HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4AA60A4-0FD2-445E-8541-A862B0C3279F}" => Key deleted successfully.
HKCR\CLSID\{A4AA60A4-0FD2-445E-8541-A862B0C3279F} => Key not found. 
"HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found. 
"HKU\S-1-5-21-2402670478-804093956-1478943341-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043a4300-aacd-459c-8062-941a02b70e3c} => Key not found. 
"HKCR\CLSID\{043a4300-aacd-459c-8062-941a02b70e3c}" => Key deleted successfully.
C:\ProgramData\Fun2Save => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key not found. 
"HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. 
HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59b909a8-7a6d-4935-9cb2-737d22191cc6} => Key not found. 
"HKCR\CLSID\{59b909a8-7a6d-4935-9cb2-737d22191cc6}" => Key deleted successfully.
C:\ProgramData\savinshop => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b52eccd-f73e-449d-a44c-67b599d6306c} => Key not found. 
"HKCR\CLSID\{5b52eccd-f73e-449d-a44c-67b599d6306c}" => Key deleted successfully.
C:\ProgramData\TakkeTheCouponn => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72049242-fe73-4f46-83a0-49dffc246f93} => Key not found. 
"HKCR\CLSID\{72049242-fe73-4f46-83a0-49dffc246f93}" => Key deleted successfully.
C:\ProgramData\NetoiCoupOn => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c199875-4bbc-48aa-9c51-b692536e6f69} => Key not found. 
"HKCR\CLSID\{7c199875-4bbc-48aa-9c51-b692536e6f69}" => Key deleted successfully.
C:\ProgramData\SaverAddonn => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88b81fa4-c4db-4336-92a2-3492812f6ad0} => Key not found. 
"HKCR\CLSID\{88b81fa4-c4db-4336-92a2-3492812f6ad0}" => Key deleted successfully.
C:\ProgramData\PriceeDowwnloadeR => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F9A9E97-1F3F-F344-012C-2EABBD8584E5} => Key not found. 
"HKCR\CLSID\{9F9A9E97-1F3F-F344-012C-2EABBD8584E5}" => Key deleted successfully.
C:\Program Files (x86)\ver6BlockAndSurf => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C734DE6A-831B-7D2F-9813-2DE4AC476102} => Key not found. 
"HKCR\CLSID\{C734DE6A-831B-7D2F-9813-2DE4AC476102}" => Key deleted successfully.
C:\ProgramData\RegularDeals => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043a4300-aacd-459c-8062-941a02b70e3c} => Key not found. 
"HKCR\Wow6432Node\CLSID\{043a4300-aacd-459c-8062-941a02b70e3c}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D1A7BC8-9C99-201C-9D5F-9AF9D29E1CEB} => Key not found. 
"HKCR\Wow6432Node\CLSID\{2D1A7BC8-9C99-201C-9D5F-9AF9D29E1CEB}" => Key deleted successfully.
C:\ProgramData\deali44reeal => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key not found. 
"HKCR\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key not found. 
"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. 
HKCR\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598A0855-E606-A987-499A-0BB7A5426F48} => Key not found. 
"HKCR\Wow6432Node\CLSID\{598A0855-E606-A987-499A-0BB7A5426F48}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59b909a8-7a6d-4935-9cb2-737d22191cc6} => Key not found. 
"HKCR\Wow6432Node\CLSID\{59b909a8-7a6d-4935-9cb2-737d22191cc6}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b52eccd-f73e-449d-a44c-67b599d6306c} => Key not found. 
"HKCR\Wow6432Node\CLSID\{5b52eccd-f73e-449d-a44c-67b599d6306c}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6453e787-a9c6-4f7c-b18d-c7e65037d26e}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6453e787-a9c6-4f7c-b18d-c7e65037d26e}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72049242-fe73-4f46-83a0-49dffc246f93}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{72049242-fe73-4f46-83a0-49dffc246f93}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b3890d6-916b-486f-b682-015366ba7854}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7b3890d6-916b-486f-b682-015366ba7854}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c199875-4bbc-48aa-9c51-b692536e6f69}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7c199875-4bbc-48aa-9c51-b692536e6f69}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88b81fa4-c4db-4336-92a2-3492812f6ad0}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{88b81fa4-c4db-4336-92a2-3492812f6ad0}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{916acf26-e1a6-45da-b34f-2147d400448c}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{916acf26-e1a6-45da-b34f-2147d400448c}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F9A9E97-1F3F-F344-012C-2EABBD8584E5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9F9A9E97-1F3F-F344-012C-2EABBD8584E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a13d85a3-d31a-4f34-b4cd-fce576dc079e}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{a13d85a3-d31a-4f34-b4cd-fce576dc079e}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C734DE6A-831B-7D2F-9813-2DE4AC476102}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C734DE6A-831B-7D2F-9813-2DE4AC476102}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD44AB3D-A2D3-C302-5066-9354C718161C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DD44AB3D-A2D3-C302-5066-9354C718161C}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f320613e-0155-428f-b741-b57d854c78ac}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{f320613e-0155-428f-b741-b57d854c78ac}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbdff406-2c4c-5d35-8469-34bb67ea3353}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{fbdff406-2c4c-5d35-8469-34bb67ea3353}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFE4AEDB-DD5B-DACB-DB82-CF49946D266E}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FFE4AEDB-DD5B-DACB-DB82-CF49946D266E}" => Key deleted successfully.
C:\ProgramData\DigiCouppoon => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKU\S-1-5-21-2402670478-804093956-1478943341-1001\Software\Mozilla\Firefox\Extensions\\{56791912-F4C2-417E-D654-2D99CBE99C83} => value deleted successfully.
C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa => Moved successfully.
C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehlpmmhfmolfcbneeikpkiohkkjcgde => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah => Key not found. 
AllDaySavingsService64 => Service deleted successfully.
C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23 => Moved successfully.
LPTSystemUpdater => Service deleted successfully.
C:\Program Files (x86)\LPT => Moved successfully.
serverca => Service deleted successfully.
Update surf slide => Service deleted successfully.
Util surf slide => Service deleted successfully.
winzipersvc => Service deleted successfully.
BackupStack => Service deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
cyycfhtzro64 => Service deleted successfully.
C:\Program Files\005 => Moved successfully.
jAylTMhwMmZ => Service deleted successfully.
C:\ProgramData\pLjxsAUgsQc => Moved successfully.
pastaleadsServiceCore => Service deleted successfully.
C:\Program Files (x86)\pastaleads => Moved successfully.
servervo => Service deleted successfully.
"C:\Users\Hannah\AppData\Roaming\VOPackage" => File/Directory not found.
SmdmFService => Service deleted successfully.
Update App Bud => Service deleted successfully.
"C:\Program Files (x86)\App Bud" => File/Directory not found.
Update Klip Pal => Service deleted successfully.
"C:\Program Files (x86)\Klip Pal" => File/Directory not found.
Util Klip Pal => Service deleted successfully.
{4eb2a13d-18ae-409a-90b2-663225f13d69}w64 => Unable to stop service
{4eb2a13d-18ae-409a-90b2-663225f13d69}w64 => Service deleted successfully.
C:\Windows\System32\drivers\{4eb2a13d-18ae-409a-90b2-663225f13d69}w64.sys => Moved successfully.
{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64 => Unable to stop service
{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64 => Service deleted successfully.
C:\Windows\System32\drivers\{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64.sys => Moved successfully.
CltMngSvc => Service deleted successfully.
F06DEFF2-5B9C-490D-910F-35D3A9119622 => Service deleted successfully.
netfilter64 => Service deleted successfully.
{4bc8f9ab-e0f0-481d-bf94-159f3acf61de}w64 => Service deleted successfully.
{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64 => Service deleted successfully.
{e0c89f91-0178-4464-8daf-bec566dd2d9a}w64 => Service deleted successfully.
{fbcdebd1-63c6-4472-a6d6-7b58b0b8d1a8}w64 => Service deleted successfully.
C:\Windows\System32\Tasks\Advanced-System Protector_startup => Moved successfully.
C:\ProgramData\Systweak => Moved successfully.
C:\Users\Hannah\AppData\Local\Pay-By-Ads => Moved successfully.
C:\Windows\System32\Tasks\Yahoo! Search Updater => Moved successfully.
C:\Windows\System32\Tasks\Yahoo! Search => Moved successfully.
"C:\Windows\system32\Drivers\{ce45bed6-5a5d-49e9-ac1c-530454a830e2}w64.sys" => File/Directory not found.
C:\Windows\Tasks\WSE_Vosteran.job => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector => Moved successfully.
C:\Program Files (x86)\RCP => Moved successfully.
"C:\Users\Hannah\AppData\Local\LPT" => File/Directory not found.
"C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran" => File/Directory not found.
C:\Users\Hannah\AppData\Roaming\WSE_Vosteran => Moved successfully.
"C:\Users\Hannah\AppData\Local\wincheck" => File/Directory not found.
C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup => Moved successfully.
C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instant PC Optimizer => Moved successfully.
"C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch" => File/Directory not found.
"C:\Users\Hannah\AppData\Local\Weather_Protector_LLC" => File/Directory not found.
"C:\Users\Hannah\AppData\Local\StormWatch" => File/Directory not found.
C:\Users\Hannah\AppData\Roaming\istart123 => Moved successfully.
C:\Users\Hannah\AppData\Roaming\MailUpdate => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Torch => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Hannah\AppData\Local\Torch => Moved successfully.
C:\Users\Hannah\AppData\Roaming\GroovorioUpdater => Moved successfully.
C:\Users\Hannah\AppData\Roaming\Systweak => Moved successfully.
"C:\Users\Hannah\AppData\Local\Smartbar" => File/Directory not found.
C:\Users\Hannah\AppData\Local\Search Extensions => Moved successfully.
C:\Users\Hannah\AppData\Local\pricehorse => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper => Moved successfully.
C:\ProgramData\NeteooCooupon => Moved successfully.
C:\ProgramData\PRoShopPer => Moved successfully.
C:\ProgramData\pastaleads => Moved successfully.
"C:\Users\Hannah\AppData\Local\ConvertAd" => File/Directory not found.
"C:\Users\Hannah\AppData\Local\Linkey" => File/Directory not found.
C:\ProgramData\smdmf => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Users\Hannah\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Guest\AppData\Local\Torch => Moved successfully.
C:\Users\Guest\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Administrator\AppData\Local\Torch => Moved successfully.
C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully.
C:\Program Files (x86)\speed browser => Moved successfully.
C:\Program Files (x86)\WaInterEnhance => Moved successfully.
C:\ProgramData\BestSaveForYou => Moved successfully.
C:\ProgramData\deal4real => Moved successfully.
C:\Program Files (x86)\WSE_Vosteran => Moved successfully.
C:\ProgramData\Browser => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro => Moved successfully.
C:\Program Files (x86)\Instant PC Optimizer => Moved successfully.
C:\ProgramData\MailUpdate => Moved successfully.
C:\ProgramData\44623b39dc631b20 => Moved successfully.
C:\Program Files (x86)\cosstminn => Moved successfully.
C:\Users\Hannah\AppData\Local\f494fb7e-4f8f-49df-ae05-307f2e80dbbf => Moved successfully.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job => Moved successfully.
C:\Users\Hannah\AppData\Roaming\setup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08855F6F-75EA-4E6B-91A1-17DD47A40130}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08855F6F-75EA-4E6B-91A1-17DD47A40130}" => Key deleted successfully.
C:\Windows\System32\Tasks\Yahoo! Search not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23415FB9-BF8D-470C-A96E-673427E2853F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23415FB9-BF8D-470C-A96E-673427E2853F}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DDFE5B2-EF19-4EAA-9A4A-83B15C05E6E0} => Key not found. 
C:\Windows\System32\Tasks\Advanced-System Protector_startup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7491073B-B8EB-4FBE-923D-AD373A2A5ED1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7491073B-B8EB-4FBE-923D-AD373A2A5ED1}" => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro_UPDATES => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74FB86EB-0A82-4ABE-9AD1-1F3DD9C14421}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74FB86EB-0A82-4ABE-9AD1-1F3DD9C14421}" => Key deleted successfully.
C:\Windows\System32\Tasks\Price-Horse Udpater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price-Horse Udpater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7820148C-2EC0-4202-B3EB-BDEEF8AC1F7B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7820148C-2EC0-4202-B3EB-BDEEF8AC1F7B}" => Key deleted successfully.
C:\Windows\System32\Tasks\PastaQuotes => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C4C3F38-11FD-4BF7-9A90-49C83ADDB735}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C4C3F38-11FD-4BF7-9A90-49C83ADDB735}" => Key deleted successfully.
C:\Windows\System32\Tasks\Yahoo! Search Updater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CE62184-32A9-49AF-9D05-FDBF66722A5D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CE62184-32A9-49AF-9D05-FDBF66722A5D}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FA2877F-52C2-40B4-AC93-5EFBD2FA5528}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FA2877F-52C2-40B4-AC93-5EFBD2FA5528}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D49DFFA-29B8-46CE-B79A-EE4FD5AF8A2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D49DFFA-29B8-46CE-B79A-EE4FD5AF8A2B}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Vosteran => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0069BB6-4A94-4EC7-8462-7156407A4AE7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0069BB6-4A94-4EC7-8462-7156407A4AE7}" => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD4BEA0F-4258-4D22-9F17-76BB01608C82}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4BEA0F-4258-4D22-9F17-76BB01608C82}" => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D63CC283-CC49-4912-BCE7-ECF6B0CC3C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D63CC283-CC49-4912-BCE7-ECF6B0CC3C91}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D71A6374-5F99-4D35-9276-CA7AA7230CDA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D71A6374-5F99-4D35-9276-CA7AA7230CDA}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E35AF27C-43F1-4E69-A794-33A0584C8309}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E35AF27C-43F1-4E69-A794-33A0584C8309}" => Key deleted successfully.
C:\Windows\System32\Tasks\Price-Horse => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price-Horse" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE0D3118-CFFA-4201-B980-1F67AEBD8EE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE0D3118-CFFA-4201-B980-1F67AEBD8EE8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Groovorio Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Groovorio Updater" => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\Windows\Tasks\Groovorio Updater.job => Moved successfully.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job not found.
C:\Windows\Tasks\RegClean Pro_UPDATES.job => Moved successfully.
C:\Windows\Tasks\WSE_Vosteran.job not found.
 
========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "AnyProtect Scanner" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    CodeBaseSearchPath    REG_SZ    CODEBASE
    EnablePunycode    REG_DWORD    0x1
    WarnOnIntranet    REG_DWORD    0x1
    MinorVersion    REG_SZ    0
    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files
    ProxyOverride    REG_SZ    <-loopback>
    MigrateProxy    REG_DWORD    0x1
    ProxyEnable    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000
    DefaultConnectionSettings    REG_BINARY    4600000049000000090000002A000000687474703D3132372E302E302E313A34393534303B68747470733D3132372E302E302E313A34393534300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000
    SavedLegacySettings    REG_BINARY    4600000089010000090000002A000000687474703D3132372E302E302E313A34393534303B68747470733D3132372E302E302E313A34393534300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
    CodeBaseSearchPath    REG_SZ    CODEBASE
    WarnOnIntranet    REG_DWORD    0x1
    EnablePunycode    REG_DWORD    0x1
    MinorVersion    REG_SZ    0
    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files
    MigrateProxy    REG_DWORD    0x1
    ProxyOverride    REG_SZ    <-loopback>
    ProxyEnable    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000
    DefaultConnectionSettings    REG_BINARY    4600000049000000090000002A000000687474703D3132372E302E302E313A34393534303B68747470733D3132372E302E302E313A34393534300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000
    SavedLegacySettings    REG_BINARY    4600000089010000090000002A000000687474703D3132372E302E302E313A34393534303B68747470733D3132372E302E302E313A34393534300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    IE5_UA_Backup_Flag    REG_SZ    5.0
    EnableNegotiate    REG_DWORD    0x1
    ZonesSecurityUpgrade    REG_BINARY    4B9176DAB1F7CE01
    MigrateProxy    REG_DWORD    0x1
    ProxyEnable    REG_DWORD    0x0
    EmailName    REG_SZ    User@
    AutoConfigProxy    REG_SZ    wininet.dll
    MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
    WarnOnPost    REG_BINARY    01000000
    UseSchannelDirectly    REG_BINARY    01000000
    EnableHttp1_1    REG_DWORD    0x1
    UrlEncoding    REG_DWORD    0x0
    SecureProtocols    REG_DWORD    0xa0
    PrivacyAdvanced    REG_DWORD    0x0
    DisableCachingOfSSLPages    REG_DWORD    0x0
    WarnonZoneCrossing    REG_DWORD    0x0
    CertificateRevocation    REG_DWORD    0x1
    GlobalUserOffline    REG_DWORD    0x0
    ProxyOverride    REG_SZ    <-loopback>
    EnableAutodial    REG_DWORD    0x0
    NoNetAutodial    REG_DWORD    0x0
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings    REG_BINARY    460000002A000000030000002A000000687474703D3132372E302E302E313A35353734323B68747470733D3132372E302E302E313A35353734320B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000004000000170000000000000026010000990005515CB9143AC697341B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002601000099000551A00618E2AB19F936000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A800110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386ABD30B30F5EBC5934530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SavedLegacySettings    REG_BINARY    4600000016030000030000002A000000687474703D3132372E302E302E313A35353734323B68747470733D3132372E302E302E313A35353734320B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000004000000170000000000000026010000990005515CB9143AC697341B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002601000099000551A00618E2AB19F936000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A800110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386ABD30B30F5EBC5934530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters
    ServiceDllUnloadOnStop    REG_DWORD    0x1
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\nlasvc.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Cache
    KnownProxylessGatewaysV4    REG_BINARY    066CB0CEE02F3ED74E0200
    OpportunisticInternetGatewaysV4    REG_BINARY    066CB0CEE02F3ED84E0200
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet
    ActiveWebProbePathV6    REG_SZ    ncsi.txt
    ActiveWebProbePath    REG_SZ    ncsi.txt
    ActiveDnsProbeHost    REG_SZ    dns.msftncsi.com
    EnableActiveProbing    REG_DWORD    0x1
    PassivePollPeriod    REG_DWORD    0xf
    ActiveWebProbeContentV6    REG_SZ    Microsoft NCSI
    ActiveDnsProbeContentV6    REG_SZ    fd3e:4f5a:5b81::1
    ActiveWebProbeContent    REG_SZ    Microsoft NCSI
    ActiveDnsProbeContent    REG_SZ    131.107.255.255
    ActiveWebProbeHost    REG_SZ    www.msftncsi.com
    StaleThreshold    REG_DWORD    0x1e
    ActiveWebProbeHostV6    REG_SZ    ipv6.msftncsi.com
    WebTimeout    REG_DWORD    0x23
    ActiveDnsProbeHostV6    REG_SZ    dns.msftncsi.com
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies
    (Default)    REG_SZ    1http=127.0.0.1:49540;https=127.0.0.1:49540
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {AE0A5C06-0A50-4173-B880-4238B67C4A13}.
Unable to cancel {534F42BD-B29C-4650-B0CA-53B3E584C91A}.
Unable to cancel {E5179AC9-D134-44B3-85E3-2CD858200C99}.
Unable to cancel {B756FBAD-28C6-4F0D-8A37-A4FD1B35113F}.
Unable to cancel {2AF4E16C-7CC0-468B-A488-0DE70374E5F3}.
Unable to cancel {E8A770AB-6703-4F7D-AEE0-5244A2A6200A}.
0 out of 6 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 798.9 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-16 12:13:56)<=
 
C:\Users\Hannah\AppData\Local\SmartWeb => Is moved successfully.
 
==== End of Fixlog 12:13:56 ====


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:41 PM

Posted 16 February 2015 - 12:47 PM

Hi,

 

Should I click OK???

 

Yes, also go ahead and reset the Internet Explorer settings to default.

http://windows.microsoft.com/en-us/windows7/reset-internet-explorer-settings

 

Next please do the following:

 

STEP 1

 

Also let's check for PUPs leftovers:

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

That's it for now. :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 16 February 2015 - 12:49 PM.

cXfZ4wS.png


#12 newschick

newschick
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:41 AM

Posted 16 February 2015 - 01:09 PM

Oh wow!! I was able to connect to the internet! 

Here is the adware log:

# AdwCleaner v4.110 - Logfile created 12/02/2015 at 17:11:38
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 8  (x64)
# Username : Hannah - EPTINGPC
# Running from : E:\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : netfilter64
[#] Service Deleted : pastaleadsServiceCore
[#] Service Deleted : servervo
[#] Service Deleted : Update Klip Pal
[#] Service Deleted : Util Klip Pal
[#] Service Deleted : {4bc8f9ab-e0f0-481d-bf94-159f3acf61de}w64
[#] Service Deleted : {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64
[#] Service Deleted : {e0c89f91-0178-4464-8daf-bec566dd2d9a}w64
[#] Service Deleted : {fbcdebd1-63c6-4472-a6d6-7b58b0b8d1a8}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\MailUpdate
Folder Deleted : C:\ProgramData\deal4real
Folder Deleted : C:\ProgramData\deali44reeal
Folder Deleted : C:\ProgramData\DigiCouppoon
Folder Deleted : C:\ProgramData\NeteooCooupon
Folder Deleted : C:\ProgramData\NetoiCoupOn
Folder Deleted : C:\ProgramData\PriceeDowwnloadeR
Folder Deleted : C:\ProgramData\PRoShopPer
Folder Deleted : C:\ProgramData\SaverAddonn
Folder Deleted : C:\ProgramData\TakkeTheCouponn
Folder Deleted : C:\ProgramData\44623b39dc631b20
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\supporter
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\speed browser
Folder Deleted : C:\Program Files (x86)\WaInterEnhance
Folder Deleted : C:\Program Files (x86)\gmsd_us_89
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Appupdater
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Hannah\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Hannah\AppData\Local\torch
Folder Deleted : C:\Users\Hannah\AppData\Local\Search Extensions
Folder Deleted : C:\Users\Hannah\AppData\Local\speed browser
Folder Deleted : C:\Users\Hannah\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Hannah\AppData\Local\wincheck
Folder Deleted : C:\Users\Hannah\AppData\Local\WebBar
Folder Deleted : C:\Users\Hannah\AppData\Local\gmsd_us_89
Folder Deleted : C:\Users\Hannah\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Hannah\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Hannah\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\Hannah\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Hannah\AppData\Roaming\MailUpdate
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Compatibility Verifier
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\Hannah\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acnpcmjjgjapcgmdgbhfkmbjgcegboaa
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Hannah\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\Hannah\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\Hannah\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Hannah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
File Deleted : C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Deleted : C:\Users\Hannah\Desktop\Continue Live Installation.lnk

***** [ Scheduled tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : LaunchSignup
Task Deleted : Yahoo! Search
Task Deleted : Price-Horse
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : Yahoo! Search Updater
Task Deleted : Price-Horse Udpater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Hannah\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\Hannah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserSafeguard Update Task]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserSafeguard]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\P7c199875_4bbc_48aa_9c51_b692536e6f69_.P7c199875_4bbc_48aa_9c51_b692536e6f69_
Key Deleted : HKLM\SOFTWARE\Classes\P7c199875_4bbc_48aa_9c51_b692536e6f69_.P7c199875_4bbc_48aa_9c51_b692536e6f69_.9
Key Deleted : HKLM\SOFTWARE\Classes\P88b81fa4_c4db_4336_92a2_3492812f6ad0_.P88b81fa4_c4db_4336_92a2_3492812f6ad0_
Key Deleted : HKLM\SOFTWARE\Classes\P88b81fa4_c4db_4336_92a2_3492812f6ad0_.P88b81fa4_c4db_4336_92a2_3492812f6ad0_.9
Key Deleted : HKLM\SOFTWARE\Classes\ProoShopper.ProoShopper
Key Deleted : HKLM\SOFTWARE\Classes\ProoShopper.ProoShopper.4.87
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_89]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6453e787-a9c6-4f7c-b18d-c7e65037d26e}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7b3890d6-916b-486f-b682-015366ba7854}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7c199875-4bbc-48aa-9c51-b692536e6f69}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88b81fa4-c4db-4336-92a2-3492812f6ad0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD44AB3D-A2D3-C302-5066-9354C718161C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f320613e-0155-428f-b741-b57d854c78ac}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6453e787-a9c6-4f7c-b18d-c7e65037d26e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b3890d6-916b-486f-b682-015366ba7854}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD44AB3D-A2D3-C302-5066-9354C718161C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f320613e-0155-428f-b741-b57d854c78ac}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6453e787-a9c6-4f7c-b18d-c7e65037d26e}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7b3890d6-916b-486f-b682-015366ba7854}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD44AB3D-A2D3-C302-5066-9354C718161C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f320613e-0155-428f-b741-b57d854c78ac}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6453e787-a9c6-4f7c-b18d-c7e65037d26e}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7b3890d6-916b-486f-b682-015366ba7854}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7c199875-4bbc-48aa-9c51-b692536e6f69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88b81fa4-c4db-4336-92a2-3492812f6ad0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD44AB3D-A2D3-C302-5066-9354C718161C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f320613e-0155-428f-b741-b57d854c78ac}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6453e787-a9c6-4f7c-b18d-c7e65037d26e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7b3890d6-916b-486f-b682-015366ba7854}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7c199875-4bbc-48aa-9c51-b692536e6f69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88b81fa4-c4db-4336-92a2-3492812f6ad0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD44AB3D-A2D3-C302-5066-9354C718161C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f320613e-0155-428f-b741-b57d854c78ac}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKCU\Software\surf slide
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\surf slide
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\WaInterEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\pricehorse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WaInterEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\32E0874E-2C8F-2A16-5CF3-9F2B4E7B3A1E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FA77785-00C3-A920-6452-D4FE5C9C129F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{317D8BB4-16C3-CFBD-3777-AED69667DA46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F213470-964F-4092-6B31-BC7570F31B5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_89_is1
Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\Hannah\AppData\Local\Linkey\IEEXTE~1\iedll.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suppor~1\suppor~1.dll
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] -

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17054

-\\ Google Chrome v

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [14730 bytes] - [12/02/2015 17:08:45]
AdwCleaner[S0].txt - [14563 bytes] - [12/02/2015 17:11:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14623  bytes] ##########
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 13:02:33
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8  (x64)
# Username : Hannah - EPTINGPC
# Running from : C:\Users\Hannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I52J3MK\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : webinstrNew

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance
Folder Deleted : C:\Users\Hannah\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Compatibility Verifier
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\sasnative64.exe
File Deleted : C:\Windows\System32\drivers\webinstrNew.sys
File Deleted : C:\Users\Hannah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
File Deleted : C:\Users\Hannah\Desktop\Continue Live Installation.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Hannah\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\Hannah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Hannah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{916ACF26-E1A6-45DA-B34F-2147D400448C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{916ACF26-E1A6-45DA-B34F-2147D400448C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\BrowserSafeguardInstalled
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\RocketTab
Key Deleted : HKCU\Software\RocketTabInstalled
Key Deleted : HKCU\Software\SmdmF
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKCU\Software\WSE_Vosteran
Key Deleted : HKCU\Software\surf slide
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\AllDaySavings
Key Deleted : HKLM\SOFTWARE\BrowserSafeGuard
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\istart123Software
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\surf slide
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\WaInterEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FA77785-00C3-A920-6452-D4FE5C9C129F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}
Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
Key Deleted : [x64] HKLM\SOFTWARE\allday savings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17183

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

-\\ Google Chrome v

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [28111 bytes] - [12/02/2015 17:08:45]
AdwCleaner[S0].txt - [26709 bytes] - [12/02/2015 17:11:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26769  bytes] ##########

 

Heading to step 2 now.



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:41 PM

Posted 16 February 2015 - 01:14 PM

Very well. :)

I am waiting for the second log then. ;)

 

 

Regards,

Georgi


cXfZ4wS.png


#14 newschick

newschick
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:41 AM

Posted 16 February 2015 - 01:21 PM

And here it is:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8 x64
Ran by Hannah on Mon 02/16/2015 at 13:12:01.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 13:15:55.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:41 PM

Posted 16 February 2015 - 02:43 PM

Hi,

 

Nice work. We are almost done here.

Let's check for malware leftovers:

 

 

STEP 1

 

 

Please download Malwarebytes Anti-Malware 2.0.4.1028 Final to your desktop.
 

  • Double-click mbam-setup-2.0.4.1028.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

STEP 3

 

 

Please rerun FRST64.exe and make sure that Addition.txt is ticked. Now press the SCAN button and wait for the scan to complete. Post both logs - FRST.txt and Addition.txt in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users