Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly multiple issues Slow internet bad streaming experience, and safesearch


  • Please log in to reply
62 replies to this topic

#1 morganjeff7272

morganjeff7272

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 03 June 2016 - 10:55 PM

Ok Im currently trying to remove safesearch. So Now I know my computer is infected with safesearch so lets take care of that first. Ill go to the threads I have found and do the removal instructions. But I'd like for someone here to read the thread I have at cox.com support of my internet connection cause I have seemingly random drop outs of service and they say there is nothing wrong. I show nothing wrong with my computer and I can not see my issues with google, abc, fox, cw, nbc, hulu being a prevelant issue, The support departments for those websites have stated to me that they showed no outages at the times of my failures. I contracted safesearch while trying to download opera browser to try a different browser, so that is not the issue just a new issue.Hmm ok the thread for my internet issue is http://forums.cox.com/forum_home/internet_forum/f/5/t/14098.aspx and you can see I use malware anti bytes found nothing I use house call found nothing use spybot found nothing and I use iolo and avast as my real time protection.
I am going to follow the thread http://www.bleepingcomputer.com/forums/t/603497/cannot-get-rid-of-safesearch/?hl=%2Bsafesearch+%2Bremoval#entry3922108 for removal of safe search.

Edited by Orange Blossom, 04 June 2016 - 01:41 AM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 03 June 2016 - 11:06 PM

Programs to remove
Amazon Browser App
Fast Browser

C:\Program Files (x86)\NpackdCL

I downloaded revo uninstaller and did not find any of the above listed programs.



#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 03 June 2016 - 11:07 PM

Lets have a look at some logs. :)

 

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#4 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 03 June 2016 - 11:12 PM

running frst atm do you want me to skip that?



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 03 June 2016 - 11:13 PM

No FRST logs are allowed in this area; so yes.



#6 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 03 June 2016 - 11:24 PM

# AdwCleaner v5.119 - Logfile created 03/06/2016 at 23:21:40
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Media - MEDIA-PC
# Running from : D:\User\Jeff\Downloads\bleeping\adwcleaner_5.119.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
[-] File Deleted : C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk
[-] File Deleted : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\searchplugins\safesearch.xml
[-] File Deleted : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
[-] File Deleted : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
[-] Shortcut Disinfected : C:\Users\Media\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Media\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command []
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxp://www.safesear.ch/?type=20160603-165-ff");
[-] [C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\prefs.js] Deleted : user_pref("browser.newtab.url", "hxxp://www.safesear.ch/?type=20160603-165-ff-nt");
[-] [C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "SafeSearch");
[-] [C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\prefs.js] Deleted : user_pref("browser.search.order.1", "SafeSearch");
[-] [C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "SafeSearch");
[-] [C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\prefs.js] Deleted : user_pref("keyword.url", "hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=");
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [5475 bytes] - [03/06/2016 23:21:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [7190 bytes] - [03/06/2016 23:19:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5621 bytes] ##########


#7 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 03 June 2016 - 11:28 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Media (Administrator) on Fri 06/03/2016 at 23:24:19.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 75 
 
Failed to delete: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\236XSDUW (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96Y2PH0A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\search.lnk (Shortcut) 
Successfully deleted: C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\shopearn@prodege.com.xpi (File) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\009RC3F2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HCCPCJ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JU1SGJF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4WQ4X02N (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\853TAUFV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8EAIQG2A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWC2ORH2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFMWMKA2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF5C0JBO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIZ5N8KE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKEYR2WT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9OOZHAS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZTXDVKQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKZJ18QI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYIKP65Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIS4GED0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLQWVE6S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7QJHYRW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8A9FUDT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5DOUNB6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5IQ5PL5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REQ4ILH4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDM5BV6Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0CUHAHF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDWWCS4L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNIYS31F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1TGKBRG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5P2E2DB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1TSOIXW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2V8K0OB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\009RC3F2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HCCPCJ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\236XSDUW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JU1SGJF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4WQ4X02N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\853TAUFV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8EAIQG2A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96Y2PH0A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWC2ORH2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFMWMKA2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF5C0JBO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIZ5N8KE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKEYR2WT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9OOZHAS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZTXDVKQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKZJ18QI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYIKP65Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIS4GED0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLQWVE6S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7QJHYRW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8A9FUDT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5DOUNB6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5IQ5PL5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REQ4ILH4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDM5BV6Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0CUHAHF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDWWCS4L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNIYS31F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1TGKBRG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5P2E2DB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1TSOIXW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2V8K0OB (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/03/2016 at 23:27:54.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 03 June 2016 - 11:32 PM

Sorry, ZHP cleaner is Here


Edited by InadequateInfirmity, 03 June 2016 - 11:34 PM.


#9 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 03 June 2016 - 11:46 PM

[-] Deleted ->> File ->> C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\jid1-vS7biDmom8YxhA@jetpack.xpi
[-] Deleted ->> File ->> C:\Users\Media\Application Data\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\jid1-vS7biDmom8YxhA@jetpack.xpi
[-] Deleted ->> Folder ->> C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji
[-] Deleted ->> Folder ->> C:\Users\Media\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack} <RegData:> C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\{jid1-vS7biDmom8YxhA@jetpack} : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\{jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack} <RegData:> C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\{jid1-vS7biDmom8YxhA@jetpack} : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\{jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack} <RegData:> C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\{jid1-vS7biDmom8YxhA@jetpack} : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\{jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack} <RegData:> C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\{jid1-vS7biDmom8YxhA@jetpack} : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\extensions\{jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs\ <RegValue:> 1 <RegData:> http://www.safesear.ch/?type=20160603-ch-ix : http://www.safesear.ch/?type=20160603-ch-ix
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs\ <RegValue:> 1 <RegData:> http://www.safesear.ch/?type=20160603-ch-ix : http://www.safesear.ch/?type=20160603-ch-ix
[-] Deleted ->> Registry Value Name ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Name ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack}
[-] Repaired ->> File ->> C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Preferences
[-] Repaired ->> File ->> C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
[-] Repaired ->> File ->> C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Last Session
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji
 
 
I went ahead and rebooted hoping the clean had worked since it did find safesearch stuff. No such luck it is still active in chrome browser.


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 03 June 2016 - 11:48 PM

I went ahead and rebooted hoping the clean had worked since it did find safesearch stuff. No such luck it is still active in chrome browser.

 

 

Just continue with the scans, safe search will trouble you no more when we are done. :thumbup2:



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 03 June 2016 - 11:50 PM

I am about to sign off..... When the other scans are complete, then do these as well.

 

 

 

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

Edited by InadequateInfirmity, 03 June 2016 - 11:51 PM.


#12 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 03 June 2016 - 11:56 PM

~ ZHPCleaner v2016.6.2.71 by Nicolas Coolman (2016/06/02)
~ Run by Media (Administrator)  (03/06/2016 23:54:34)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Media\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Media\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (15520)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (63)
MOVED folder: C:\Windows\Installer\MSI102F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI13E0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI14C7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1EF8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2BE1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2D60.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2F2E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI370C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3F18.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI44C1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI45CB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4B4C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4BA3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI56DD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5725.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI59E9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5DBE.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5DB5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI65E1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6847.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI69BD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6A5B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6B7D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6F5B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6FCF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7051.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7207.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI749B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI765E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7938.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7B1D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8280.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8624.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8847.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8A89.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8CBC.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8EC0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8FCA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI90F2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI92C5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI92C3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9374.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9897.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9B66.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9D01.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9E8A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAEB8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAEB1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIBDA0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC53A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID18E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDBFB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDF08.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDF6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE30E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE89C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE8CB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEB5B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIECB3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF271.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF694.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFAA1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFF28.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (1)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\soundcloud.com []  =>PUP.Optional.SoundCloud
 
 
---\\  Summary of the elements found (1)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.SoundCloud
 
 
---\\  Other deletions. (10)
~ Registry Keys Tracing deleted (10)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 31587
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 64
 
 
~ End of clean in 00h00mn19s
~====================
ZHPCleaner-[R]-03062016-23_54_53.txt
ZHPCleaner-[S]-03062016-23_53_38.txt


#13 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 04 June 2016 - 07:03 AM

---------- | AdsFix | g3n-h@ckm@n | 3_03.06.2016.1
 
----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 23:58:11 - 03/06/2016
 
update on : 03/06/2016 | 09.00 by g3n-h@ckm@n
D:\User\Jeff\Downloads\bleeping\adsfix_3_03.06.2016.1.exe
Boot: Normal boot
[Media (Administrator)] - [MEDIA-PC] -  (usa [0409])
SID = S-1-5-21-1176525809-4075488535-2378474212-1000 || [4d65646961205e5e]
PC : MSI - A78M-E35 (MS-7721) - To be filled by O.E.M.
Processor : X64 - 3892 - AMD A6-6400K APU with Radeon™ HD Graphics   
Bios : American Megatrends Inc. - 12/15/2014 - V.V30.6
CoreTemp : -1� C - Max : � C
 
CPU #1 value:93 %
CPU #2 value:18 %
Total Overall CPU Usage value:56 %
 
System : Windows 7 Ultimate (64 bits) Ultimate Service Pack 1
RAM memory = Total (MB) : 7542 | Free (MB) : 5527
Pagefile = Total (MB) : 15083 | Free (MB) : 12674
Virtual = Total (MB) : 4194 | Free (MB) : 4008
 
C:\ -> [Fixed] | [] | Total : 111.69 Go | Free : 34.62 Go -> NTFS [SATA]
D:\ -> [Fixed] | [New Volume] | Total : 1862.89 Go | Free : 987.81 Go -> NTFS [SATA]
E:\ -> [CDROM] | [Bodhi Linux 3.1.] | Total : 0.56 Go | Free : 0 Go -> CDFS [SATA]
 
Registry saved, to restore :  Click on Options & Restore the register (C:\AdsFix\Save\Registry [03.06.2016 @ 23_58_09]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"
 
---------- | Windows Updates
 
Last detection : 2016-06-03 17:10:15
Last downloaded : 2016-06-03 17:10:44
Last installation : 2016-06-01 06:00:36
Next search : 2016-06-04 13:56:55
 
Microsoft : +
 
---------- | Browsers
 
IE : 11.0.9600.18315     (© Microsoft Corporation. All rights reserved.)
GC : 50.0.2661.102     (Copyright 2015 Google Inc. All rights reserved.)
 
---------- | Security (atcav : 0)
 
FW : 
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Started
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started
 
---------- | FlashPlayer
 
 
---------- | Killed processes
 
1004 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1164) = C:\Windows\System32\atiesrxx.exe
1336 | [Owner : SYSTEM |Parent : 1004()] - (.AMD - AMD External Events Client Module.) - (6.14.11.1164) = C:\Windows\System32\atieclxx.exe
1748 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
1780 | [Owner : SYSTEM |Parent : 1084(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
1896 | [Owner : Media |Parent : 1084(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
1916 | [Owner : SYSTEM |Parent : 1780()] - (.Google Inc. - Google Installer.) - (1.3.29.1) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1996 | [Owner : Media |Parent : 1896()] - (.iolo technologies, LLC - iolo Process Governor.) - (15.5.0.42) = C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
1160 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - (2.0.0.1011) = C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
1264 | [Owner : Media |Parent : 1632(explorer.exe)] - (.Advanced Micro Devices, Inc. - AMD USB 3.0 Device Detector.) - (2.1.27.0) = C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
1300 | [Owner : SYSTEM |Parent : 1916()] - (.Google Inc. - Google Crash Handler.) - (1.3.30.3) = C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
1372 | [Owner : Media |Parent : 1632(explorer.exe)] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.507.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1552 | [Owner : Media |Parent : 1632(explorer.exe)] - (.Softomotive - WinAutomation.DIAgent.) - (5.0.4.3995) = C:\Program Files\WinAutomation\WinAutomation.DIAgent.exe
1908 | [Owner : Media |Parent : 1632(explorer.exe)] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) - (6.67.83.0) = C:\Program Files\Logitech\SetPointP\SetPoint.exe
2072 | [Owner : Media |Parent : 1632(explorer.exe)] - (.AMD - HydraDM.) - (4.0.66.0) = C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
2220 | [Owner : Media |Parent : 1908()] - (.Logitech, Inc. - Logitech KHAL Main Process.) - (5.90.41.0) = C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
2252 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) - (2.0.0.1011) = C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
2484 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.iolo technologies, LLC - iolo System component.) - (15.5.0.59) = C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
2600 | [Owner : Media |Parent : 2072()] - (.AMD - HydraDMH64.) - (4.0.1.0) = C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
2744 | [Owner : Media |Parent : 2080()] - (.BlueStack Systems, Inc. - BlueStacks Agent.) - (2.0.0.1011) = C:\Program Files (x86)\BlueStacks\HD-Agent.exe
2956 | [Owner : Media |Parent : 2560()] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1152 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.MSI -.) - (2.0.0.23) = C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
2772 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.MSI -.) - (2.0.0.24) = C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
3180 | [Owner : Media |Parent : 2956()] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3340 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.Micro-Star INT'L CO., LTD. - MSI Live Update Service.) - (1.0.0.23) = C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
3820 | [Owner : NETWORK SERVICE |Parent : 680(services.exe)] - (.Microsoft Corporation - Message Queuing Service.) - (6.1.7600.16385) = C:\Windows\System32\mqsvc.exe
3852 | [Owner : SYSTEM |Parent : 1916()] - (.Google Inc. - Google Crash Handler.) - (1.3.30.3) = C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
3980 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.NoMachine - NoMachine Device Server.) - (5.1.1.0) = C:\Program Files (x86)\NoMachine\bin\nxservice64.exe
4036 | [Owner : Media |Parent : 2484()] - (.iolo technologies, LLC - iolo LiveBoost.) - (5.5.0.126) = C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
3672 | [Owner : SYSTEM |Parent : 680(services.exe)] - (.Softomotive - WinAutomation.ServiceAgent.) - (5.0.4.3995) = C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
2504 | [Owner : Media |Parent : 2940()] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.43.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
4568 | [Owner : Media |Parent : 2504(AsusTPLoader.exe)] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.9.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
4688 | [Owner : Media |Parent : 2504()] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.9.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
4836 | [Owner : SYSTEM |Parent : 632(csrss.exe)] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.23418) = C:\Windows\System32\conhost.exe
4860 | [Owner : SYSTEM |Parent : 4828()] - (.NoMachine - NoMachine Node Process.) - (5.1.26.0) = C:\Program Files (x86)\NoMachine\bin\nxnode.bin
4876 | [Owner : nx |Parent : 688(lsass.exe)] - (.NoMachine - NoMachine Server Process.) - (5.1.26.0) = C:\Program Files (x86)\NoMachine\bin\nxserver.bin
4896 | [Owner : nx |Parent : 552(csrss.exe)] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.23418) = C:\Windows\System32\conhost.exe
5280 | [Owner : Media |Parent : 2504()] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.79) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
5504 | [Owner : Media |Parent : 2504()] - (.ASUSTeK Computer Inc. - ASUS Remote Link.) - (1.0.1.12) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
5524 | [Owner : nx |Parent : 4876()] - (.NoMachine - NoMachine NX Server.) - (5.1.26.0) = C:\Program Files (x86)\NoMachine\bin\nxd.exe
5784 | [Owner : Media |Parent : 5756()] - (.NoMachine - NoMachine Tray Monitor.) - (5.1.26.0) = C:\Program Files (x86)\NoMachine\bin\nxclient.bin
5880 | [Owner : Media |Parent : 2504()] - (.ASUSTeK Computer Inc. - Asus Smart Gesture Detector.) - (1.0.0.3) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
6044 | [Owner : Media |Parent : 5280()] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.21.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
2336 | [Owner : Media |Parent : 1632(explorer.exe)] - (.Google Inc. - Google Chrome.) - (50.0.2661.102) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4236 | [Owner : Media |Parent : 2336(chrome.exe)] - (.Google Inc. - Google Chrome.) - (50.0.2661.102) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6928 | [Owner : NETWORK SERVICE |Parent : 5756()] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (6.1.7600.16385) = C:\Program Files\Windows Defender\MpCmdRun.exe
 
---------- | Tasks
 
Deleted successfully : iolo Process Governor
Deleted successfully : shutdown
Deleted successfully : IntegrationManager
 
 
---------- | Services
 
Deleted service : ioloSystemService : "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe"
 
---------- | AppCertDlls | AppInit_DLLs
 
 
---------- | DNSapi.dll
 
C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts
 
---------- | Hosts
 
 
---------- | SafeBoot
 
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService
 
---------- | Winsock
 
 
---------- | DNS
 
 
---------- | Register
 
Deleted successfully : HKLM\SOFTWARE\Classes\iolocowithdb.ioloChangeTool :
Deleted successfully : HKLM\SOFTWARE\Classes\ioloServiceManager.WipeTool : WipeTool     
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\ioloPIA.TioloPIAImpl : TioloPIAImpl     
Deleted successfully : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\301network.com
Deleted successfully : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ads.revjet.com
Deleted successfully : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\revjet.com
Deleted successfully : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\w.soundcloud.com
Deleted successfully : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.301network.com
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1DDF2B94-44C6-4E74-9C51-6757253E2DF7}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30C21488-5F00-4F77-BA34-38C6744BEBBB}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40310869-27A4-42B1-8AAD-E4CEFB3BE286} : C:\PROGRA~2\iolo\Common\Lib\IOLOSE~1.EXE
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E8B3177-3B8E-493E-9616-BA24E5DA7FD6} : C:\PROGRA~2\iolo\Common\Lib\IOLOSO~1.DLL # 
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C59B8820-B97D-467D-9787-68811ADBC288} : C:\PROGRA~2\iolo\Common\Lib\MESSAG~1.EXE
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CF74784C-28F7-4681-8CFA-2807AD09388D} : C:\PROGRA~2\iolo\Common\Lib\IOLOSE~1.EXE
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2CA5A83-7DE8-4DD7-9F9D-98550538C1C1}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{3A2E674C-52F9-41A0-A593-CE0E49E21434} : C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{6624F170-E89F-43F8-856E-DE0BF8A41414} : C:\Program Files (x86)\iolo\Common\Lib\iolopia.dll
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{C4DE0514-F644-487F-84DD-DD1038FF207A} : C:\Program Files (x86)\iolo\Common\Lib\MessageToaster.exe
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{0D209159-C208-44F6-A749-7644146A620F} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IRegistryHelpers
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{20F837DD-7478-4765-AA1F-D77F63B8C5BE} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IMessageDispatcher
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{21EE4B4D-2005-4881-948A-F45C9B42462C} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IFileInfoList2
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{4FC4D67F-2F00-437F-A1D3-D601201CBD49} : {C4DE0514-F644-487F-84DD-DD1038FF207A} # IMessageToaster
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{554B4C02-8C1E-4799-B21E-51C611AA2DC1} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IWipeTool
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{682C387C-C2A1-4F5F-B331-B03F2652CE85} : {C4DE0514-F644-487F-84DD-DD1038FF207A} # IToasterExternalHandler
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{7B57FA7F-9B0A-42F8-BD71-3BA1098E3FE3} : {6624F170-E89F-43F8-856E-DE0BF8A41414} # IPIAWorkIntf
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{A10E312F-612F-4B6D-BE4C-898BFC1D237B} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IWipeToolEvents
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{B4EFFA1A-C33C-4A08-8732-DD8901172FCA} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IFileInfoList
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{C1F12418-B8BF-4BAE-84C5-88662A89963A} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # ILaunchManager
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{F223E815-C27B-4779-9167-971A6D544690} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IFileInfoListEvents
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{FB3E4CCB-0215-45D3-AECC-1AA41BF7D6E4} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # ITimeKeeper
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D209159-C208-44F6-A749-7644146A620F} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IRegistryHelpers
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20F837DD-7478-4765-AA1F-D77F63B8C5BE} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IMessageDispatcher
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21EE4B4D-2005-4881-948A-F45C9B42462C} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IFileInfoList2
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4FC4D67F-2F00-437F-A1D3-D601201CBD49} : {C4DE0514-F644-487F-84DD-DD1038FF207A} # IMessageToaster
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{554B4C02-8C1E-4799-B21E-51C611AA2DC1} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IWipeTool
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{682C387C-C2A1-4F5F-B331-B03F2652CE85} : {C4DE0514-F644-487F-84DD-DD1038FF207A} # IToasterExternalHandler
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B57FA7F-9B0A-42F8-BD71-3BA1098E3FE3} : {6624F170-E89F-43F8-856E-DE0BF8A41414} # IPIAWorkIntf
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A10E312F-612F-4B6D-BE4C-898BFC1D237B} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IWipeToolEvents
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B4EFFA1A-C33C-4A08-8732-DD8901172FCA} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IFileInfoList
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1F12418-B8BF-4BAE-84C5-88662A89963A} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # ILaunchManager
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F223E815-C27B-4779-9167-971A6D544690} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # IFileInfoListEvents
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FB3E4CCB-0215-45D3-AECC-1AA41BF7D6E4} : {3A2E674C-52F9-41A0-A593-CE0E49E21434} # ITimeKeeper
Deleted successfully : HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\iolo
Deleted successfully : HKLM\SOFTWARE\iolo
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\iolo
Deleted successfully : [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Windows\system32\iolobtdfg.exe]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\Common\Lib\rawdsk3.sys]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\Common\Lib\Corvus.dll]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\Common\Lib\SNMPAPI.DLL]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\System Mechanic Professional\dvrupdr.dll]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\Common\Lib\EventMsg.dll]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\Common\Lib\ioloTTOL.dll]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\Common\Lib\ioloFILParser.exe]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]~[C:\Program Files (x86)\iolo\Common\Lib\iolopia.dll]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[iolo Startup] : "C:\Program Files (x86)\iolo\common\Lib\ioloLManager.exe" /lbstartup
 
---------- | Folders | Files
 
Deleted successfully : C:\Program Files (x86)\iolo
Deleted successfully : C:\ProgramData\Start Menu\Software Updates.lnk     (.-.)     
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA\ALLDATA Software Updates.lnk     (.-.)     
Deleted successfully : C:\Users\Media\AppData\Local\Reasonable_Software_House
Deleted successfully : C:\Users\Media\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico     (.-.)     
Deleted successfully : C:\Users\Media\AppData\Roaming\Azureus\metasearch.config     (.-.)     
Deleted successfully : C:\Users\Media\AppData\Roaming\Azureus\metasearch.config.bak     (.-.)     
Deleted successfully : C:\Users\Media\AppData\Roaming\Reasonable Software House Ltd
Reboot : C:\ProgramData\Iolo\IOLODB.FDB     (.-.)     
Deleted successfully : C:\Windows\Syswow64\Config\Systemprofile\AppData\Local\assembly
Deleted successfully : C:\Windows\Syswow64\Config\Systemprofile\AppData\Roaming\iolo
Deleted successfully : C:\Users\Media\AppData\Roaming\ioloGovernor
Deleted successfully : C:\ProgramData\ioloGovernor
 
---------- | .LNK
 
 
---------- | opening unknown extension
 
 
---------- | Proxy
 
Deleted successfully : S-1-5-21-1176525809-4075488535-2378474212-1000 : Proxyserver -> localhost:21320
 
---------- | Internet Explorer
 
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm
Repaired : [HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Repaired : [HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Repaired : [HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Repaired : [HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1
Repaired : [HKU\S-1-5-21-1176525809-4075488535-2378474212-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0
 
---------- | Yandex
 
 
 
---------- | Google Chrome
 
Deleted successfully : HKLM\SOFTWARE\Policies\Google
Deleted successfully : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Web Data     (.-.)     Reseted successfully : SearchURL
Deleted successfully : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Preferences     (.-.)     Reseted successfully : Preferences 
Deleted successfully : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences     (.-.)     Reseted successfully : Preferences 
 
C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki =  :     Avast Browser Security and Web Reputation Plugin. -     Avast Online Security - https://clients2.google.com/service/update2/crx
C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
 
---------- | Chromium
 
 
 
---------- | Comodo Dragon
 
 
 
---------- | Firefox
 
Deleted successfully : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\3sb7aruv.default-1449445632004\sessionstore.js     (.-.)     
 
 
---------- | SeaMonkey
 
 
 
---------- | Pale moon
 
 
 
---------- | Opera
 
 
 
---------- | Spark
 
 
 
---------- | StartMenuInternet
 
 
---------- | Javascript
 
 
---------- | Firewall
 
 
---------- | ADS
 
 
---------- | Temporary files
 
[All Users] Temporary files deleted : 0 Ko
[Classic .NET AppPool] Temporary files deleted : 0 Ko
[Default] Temporary files deleted : 0 Ko
[DefaultAppPool] Temporary files deleted : 0 Ko
[Media] Temporary files deleted : 204 Ko
[nx] Temporary files deleted : 0 Ko
[Public] Temporary files deleted : 0 Ko
[C:\Windows\Temp] Temporary files deleted : 109 Ko
[C:\Temp] Temporary files deleted : 0 Ko
 
 
Other(s) report(s)
 
 
---------- | Listing 
 
 
---------- | C:\Program Files (x86)
 
[03/06/2016 23:29:14] - |D| - [7.86 Ko] - C:\Program Files (x86)\Adware Removal Tool by TSA
[26/11/2015 13:45:45] - |D| - [213.11 Ko] - C:\Program Files (x86)\AMD
[30/12/2015 18:29:42] - |D| - [79150.06 Ko] - C:\Program Files (x86)\ASUS
[26/11/2015 13:44:26] - |D| - [97012.37 Ko] - C:\Program Files (x86)\ATI Technologies
[26/11/2015 15:08:39] - |D| - [29324.52 Ko] - C:\Program Files (x86)\Auslogics
[26/11/2015 16:18:10] - |D| - [41270.59 Ko] - C:\Program Files (x86)\BlueStacks
[13/07/2009 22:20:08] - |D| - [76390.21 Ko] - C:\Program Files (x86)\Common Files
[13/07/2009 23:54:24] - |ASH| - [0.17 Ko] - C:\Program Files (x86)\desktop.ini
[26/11/2015 18:32:52] - |D| - [313960.71 Ko] - C:\Program Files (x86)\Entropia Universe
[13/12/2015 15:00:23] - |D| - [757852.21 Ko] - C:\Program Files (x86)\Google
[30/11/2015 19:14:08] - |D| - [18039.69 Ko] - C:\Program Files (x86)\i2p
[26/11/2015 13:57:48] - |HD| - [41824.33 Ko] - C:\Program Files (x86)\InstallShield Installation Information
[13/07/2009 22:20:08] - |D| - [10057.59 Ko] - C:\Program Files (x86)\Internet Explorer
[30/11/2015 19:11:58] - |D| - [160408.66 Ko] - C:\Program Files (x86)\Java
[27/11/2015 16:11:39] - |D| - [151709.5 Ko] - C:\Program Files (x86)\K-Lite Codec Pack
[26/11/2015 16:14:03] - |D| - [1060.8 Ko] - C:\Program Files (x86)\MagicDisc
[26/11/2015 16:06:03] - |D| - [3053.18 Ko] - C:\Program Files (x86)\MagicISO
[13/12/2015 12:15:34] - |D| - [47568.3 Ko] - C:\Program Files (x86)\Microsoft SQL Server
[26/11/2015 13:55:17] - |D| - [23.37 Ko] - C:\Program Files (x86)\Microsoft.NET
[14/07/2009 00:32:38] - |D| - [25.15 Ko] - C:\Program Files (x86)\MSBuild
[29/11/2015 01:46:50] - |D| - [108000.11 Ko] - C:\Program Files (x86)\MSI
[05/02/2016 02:29:46] - |D| - [32494.73 Ko] - C:\Program Files (x86)\MusicBrainz Picard
[17/12/2015 01:41:45] - |D| - [228580.62 Ko] - C:\Program Files (x86)\NoMachine
[26/11/2015 18:40:55] - |D| - [325078.25 Ko] - C:\Program Files (x86)\OpenOffice 4
[13/12/2015 13:46:19] - |D| - [10749.07 Ko] - C:\Program Files (x86)\PRTG Network Monitor
[26/11/2015 13:57:51] - |D| - [8020.37 Ko] - C:\Program Files (x86)\Realtek
[05/02/2016 23:24:41] - |D| - [0 Ko] - C:\Program Files (x86)\Reasonable NoClone 2014
[14/07/2009 00:32:38] - |D| - [36075.75 Ko] - C:\Program Files (x86)\Reference Assemblies
[30/11/2015 21:26:30] - |D| - [600.21 Ko] - C:\Program Files (x86)\Robert
[29/11/2015 01:54:16] - |D| - [9096.86 Ko] - C:\Program Files (x86)\Setup Files
[13/12/2015 12:23:42] - |D| - [325130.95 Ko] - C:\Program Files (x86)\SolarWinds
[26/11/2015 13:45:54] - |D| - [3316.56 Ko] - C:\Program Files (x86)\Spybot - Search & Destroy 2
[26/11/2015 13:57:53] - |HD| - [0 Ko] - C:\Program Files (x86)\Temp
[13/07/2009 23:57:06] - |HD| - [0 Ko] - C:\Program Files (x86)\Uninstall Information
[03/06/2016 23:03:40] - |D| - [6675.95 Ko] - C:\Program Files (x86)\VS Revo Group
[12/04/2016 20:51:48] - |D| - [2.97 Ko] - C:\Program Files (x86)\Western Digital Corporation
[05/02/2016 02:05:23] - |D| - [34088.11 Ko] - C:\Program Files (x86)\Winamp
[14/07/2009 00:32:38] - |D| - [500 Ko] - C:\Program Files (x86)\Windows Defender
[13/07/2009 22:20:08] - |D| - [5972.5 Ko] - C:\Program Files (x86)\Windows Mail
[13/07/2009 22:20:08] - |D| - [11779.68 Ko] - C:\Program Files (x86)\Windows NT
[14/07/2009 00:32:38] - |D| - [4291.26 Ko] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 00:32:38] - |D| - [185.5 Ko] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 00:32:38] - |D| - [5849.75 Ko] - C:\Program Files (x86)\Windows Sidebar
 
---------- | C:\Program Files
 
[26/11/2015 13:45:45] - |D| - [241.11 Ko] - C:\Program Files\AMD
[26/11/2015 13:43:22] - |D| - [26819.94 Ko] - C:\Program Files\ATI
[26/11/2015 13:43:25] - |D| - [5462.28 Ko] - C:\Program Files\ATI Technologies
[26/11/2015 14:03:52] - |D| - [1237780.01 Ko] - C:\Program Files\AVAST Software
[13/07/2009 22:20:08] - |D| - [91373.4 Ko] - C:\Program Files\Common Files
[29/11/2015 01:32:18] - |D| - [3991.28 Ko] - C:\Program Files\CPUID
[13/07/2009 23:54:24] - |ASH| - [0.17 Ko] - C:\Program Files\desktop.ini
[30/12/2015 18:30:23] - |D| - [2048.06 Ko] - C:\Program Files\DIFX
[14/07/2009 00:32:38] - |D| - [4775.68 Ko] - C:\Program Files\DVD Maker
[14/03/2016 22:47:20] - |D| - [499.87 Ko] - C:\Program Files\EaseUS
[13/07/2009 22:20:08] - |D| - [29547.74 Ko] - C:\Program Files\Internet Explorer
[10/04/2016 09:00:35] - |D| - [61223.34 Ko] - C:\Program Files\Logitech
[14/07/2009 00:32:38] - |D| - [145686.05 Ko] - C:\Program Files\Microsoft Games
[04/12/2015 03:08:45] - |D| - [74923.98 Ko] - C:\Program Files\MKVToolNix
[14/07/2009 00:32:38] - |D| - [25.15 Ko] - C:\Program Files\MSBuild
[29/11/2015 02:16:24] - |D| - [44531.57 Ko] - C:\Program Files\Realtek
[14/07/2009 00:32:38] - |D| - [33789.67 Ko] - C:\Program Files\Reference Assemblies
[06/02/2016 02:56:21] - |D| - [12065.51 Ko] - C:\Program Files\Similarity
[14/07/2009 00:09:26] - |HD| - [0 Ko] - C:\Program Files\Uninstall Information
[29/11/2015 09:13:57] - |D| - [42771.81 Ko] - C:\Program Files\WinAutomation
[14/07/2009 00:32:38] - |D| - [3922.5 Ko] - C:\Program Files\Windows Defender
[14/07/2009 02:46:55] - |D| - [9012.12 Ko] - C:\Program Files\Windows Journal
[13/07/2009 22:20:08] - |D| - [6447.5 Ko] - C:\Program Files\Windows Mail
[14/07/2009 00:32:38] - |D| - [0 Ko] - C:\Program Files\Windows Media Player
[13/07/2009 22:20:08] - |D| - [12199.68 Ko] - C:\Program Files\Windows NT
[14/07/2009 00:32:38] - |D| - [5363.77 Ko] - C:\Program Files\Windows Photo Viewer
[14/07/2009 00:32:38] - |D| - [239 Ko] - C:\Program Files\Windows Portable Devices
[14/07/2009 00:32:38] - |D| - [6570.61 Ko] - C:\Program Files\Windows Sidebar
[29/11/2015 12:12:10] - |D| - [5133.08 Ko] - C:\Program Files\WinRAR
 
---------- | C:\Program Files (x86)\Common Files
 
[12/03/2016 21:25:10] - |D| - [0.37 Ko] - C:\Program Files (x86)\Common Files\Aladdin Shared
[12/03/2016 21:24:43] - |D| - [528 Ko] - C:\Program Files (x86)\Common Files\ALLDATA Shared
[03/12/2015 08:44:19] - |D| - [1500.88 Ko] - C:\Program Files (x86)\Common Files\AV
[26/11/2015 13:57:47] - |D| - [0 Ko] - C:\Program Files (x86)\Common Files\InstallShield
[13/03/2016 02:33:38] - |D| - [1912.64 Ko] - C:\Program Files (x86)\Common Files\Java
[13/07/2009 22:20:08] - |D| - [17663.01 Ko] - C:\Program Files (x86)\Common Files\microsoft shared
[05/02/2016 02:05:26] - |D| - [4668.3 Ko] - C:\Program Files (x86)\Common Files\PX Storage Engine
[13/07/2009 22:20:08] - |D| - [2.64 Ko] - C:\Program Files (x86)\Common Files\Services
[13/12/2015 12:29:22] - |D| - [16.98 Ko] - C:\Program Files (x86)\Common Files\SolarWinds
[13/07/2009 22:20:08] - |D| - [40140.41 Ko] - C:\Program Files (x86)\Common Files\SpeechEngines
[13/07/2009 22:20:08] - |D| - [9956.99 Ko] - C:\Program Files (x86)\Common Files\System
 
---------- | C:\Program Files\Common Files
 
[26/11/2015 13:44:29] - |D| - [1610.86 Ko] - C:\Program Files\Common Files\ATI Technologies
[26/11/2015 14:15:33] - |D| - [3297.08 Ko] - C:\Program Files\Common Files\AV
[10/04/2016 09:00:04] - |D| - [32020.32 Ko] - C:\Program Files\Common Files\Logishrd
[13/07/2009 22:20:08] - |D| - [41987.01 Ko] - C:\Program Files\Common Files\Microsoft Shared
[13/07/2009 22:20:08] - |D| - [2.64 Ko] - C:\Program Files\Common Files\Services
[13/07/2009 22:20:08] - |D| - [594.5 Ko] - C:\Program Files\Common Files\SpeechEngines
[13/07/2009 22:20:08] - |D| - [11860.99 Ko] - C:\Program Files\Common Files\System
 
---------- | C:\Users\Media
 
[04/12/2015 23:26:21] - |D| - [2.37 Ko] - C:\Users\Media\.android
[17/12/2015 01:45:13] - |HD| - [2369.08 Ko] - C:\Users\Media\.nx
[27/11/2015 19:00:12] - |D| - [0.28 Ko] - C:\Users\Media\.oracle_jre_usage
[27/11/2015 19:02:22] - |D| - [724 Ko] - C:\Users\Media\.swt
[26/11/2015 13:39:47] - |HD| - [13643213.75 Ko] - C:\Users\Media\AppData
[26/11/2015 13:39:47] - |SHD| - [1945197.7 Ko] - C:\Users\Media\Application Data
[26/11/2015 13:39:47] - |SHD| - [501.3 Ko] - C:\Users\Media\Cookies
[26/11/2015 13:39:47] - |RD| - [304896.73 Ko] - C:\Users\Media\Desktop
[12/03/2016 21:30:11] - |RD| - [0.39 Ko] - C:\Users\Media\Documents
[12/03/2016 21:30:12] - |RD| - [0.96 Ko] - C:\Users\Media\Downloads
[26/11/2015 13:39:47] - |RD| - [6.27 Ko] - C:\Users\Media\Favorites
[06/04/2016 21:14:23] - |RD| - [0.42 Ko] - C:\Users\Media\Google Drive
[26/11/2015 13:39:47] - |RD| - [4.92 Ko] - C:\Users\Media\Links
[26/11/2015 13:39:47] - |SHD| - [11230900.98 Ko] - C:\Users\Media\Local Settings
[12/03/2016 21:30:11] - |RD| - [0.66 Ko] - C:\Users\Media\Music
[26/11/2015 13:39:47] - |SHD| - [0.39 Ko] - C:\Users\Media\My Documents
[26/11/2015 13:39:47] - |SHD| - [0 Ko] - C:\Users\Media\NetHood
[26/11/2015 13:39:47] - |ASH| - [8192 Ko] - C:\Users\Media\NTUSER.DAT
[26/11/2015 13:39:47] - |ASH| - [256 Ko] - C:\Users\Media\ntuser.dat.LOG1
[26/11/2015 13:39:47] - |ASH| - [0 Ko] - C:\Users\Media\ntuser.dat.LOG2
[26/11/2015 13:39:47] - |ASH| - [64 Ko] - C:\Users\Media\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[26/11/2015 13:39:47] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[26/11/2015 13:39:47] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[10/02/2016 03:09:27] - |ASH| - [64 Ko] - C:\Users\Media\NTUSER.DAT{3fc9a9ba-cf03-11e5-b2c3-d8cb8a1b1b17}.TM.blf
[10/02/2016 03:09:27] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{3fc9a9ba-cf03-11e5-b2c3-d8cb8a1b1b17}.TMContainer00000000000000000001.regtrans-ms
[10/02/2016 03:09:27] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{3fc9a9ba-cf03-11e5-b2c3-d8cb8a1b1b17}.TMContainer00000000000000000002.regtrans-ms
[09/03/2016 03:10:55] - |ASH| - [64 Ko] - C:\Users\Media\NTUSER.DAT{589c352b-e5ce-11e5-b111-d8cb8a1b1b17}.TM.blf
[09/03/2016 03:10:55] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{589c352b-e5ce-11e5-b111-d8cb8a1b1b17}.TMContainer00000000000000000001.regtrans-ms
[09/03/2016 03:10:55] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{589c352b-e5ce-11e5-b111-d8cb8a1b1b17}.TMContainer00000000000000000002.regtrans-ms
[13/01/2016 03:08:10] - |ASH| - [64 Ko] - C:\Users\Media\NTUSER.DAT{b050003f-b9cc-11e5-8332-d8cb8a1b1b17}.TM.blf
[13/01/2016 03:08:10] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{b050003f-b9cc-11e5-8332-d8cb8a1b1b17}.TMContainer00000000000000000001.regtrans-ms
[13/01/2016 03:08:10] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{b050003f-b9cc-11e5-8332-d8cb8a1b1b17}.TMContainer00000000000000000002.regtrans-ms
[20/12/2015 13:23:53] - |ASH| - [64 Ko] - C:\Users\Media\NTUSER.DAT{bc892d6a-a746-11e5-8d4f-d8cb8a1b1b17}.TM.blf
[20/12/2015 13:23:53] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{bc892d6a-a746-11e5-8d4f-d8cb8a1b1b17}.TMContainer00000000000000000001.regtrans-ms
[20/12/2015 13:23:53] - |ASH| - [512 Ko] - C:\Users\Media\NTUSER.DAT{bc892d6a-a746-11e5-8d4f-d8cb8a1b1b17}.TMContainer00000000000000000002.regtrans-ms
[26/11/2015 13:39:47] - |ASH| - [0.02 Ko] - C:\Users\Media\ntuser.ini
[03/06/2016 20:29:18] - |RASH| - [0.64 Ko] - C:\Users\Media\ntuser.pol
[12/03/2016 21:30:11] - |RD| - [0.66 Ko] - C:\Users\Media\Pictures
[26/11/2015 13:39:47] - |SHD| - [0 Ko] - C:\Users\Media\PrintHood
[26/11/2015 13:39:47] - |SHD| - [11.11 Ko] - C:\Users\Media\Recent
[26/11/2015 13:39:47] - |RD| - [0.28 Ko] - C:\Users\Media\Saved Games
[26/11/2015 15:13:17] - |RD| - [1 Ko] - C:\Users\Media\Searches
[01/12/2015 21:13:07] - |A| - [0.02 Ko] - C:\Users\Media\SeaWeedcookies.lwp
[26/11/2015 13:39:47] - |SHD| - [1.77 Ko] - C:\Users\Media\SendTo
[26/11/2015 13:39:47] - |SHD| - [32.91 Ko] - C:\Users\Media\Start Menu
[26/11/2015 13:39:47] - |SHD| - [0 Ko] - C:\Users\Media\Templates
[12/03/2016 21:30:11] - |RD| - [0.49 Ko] - C:\Users\Media\Videos
 
---------- | C:\Users\Media\AppData\Roaming
 
[06/02/2016 00:08:34] - |D| - [0.07 Ko] - C:\Users\Media\AppData\Roaming\AC1
[26/11/2015 17:23:09] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Adobe
[26/11/2015 15:33:49] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\ATI
[26/11/2015 15:09:22] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Auslogics
[26/11/2015 14:05:01] - |D| - [8348.67 Ko] - C:\Users\Media\AppData\Roaming\AVAST Software
[27/11/2015 19:01:57] - |D| - [46801.49 Ko] - C:\Users\Media\AppData\Roaming\Azureus
[06/12/2015 02:48:06] - |D| - [8.23 Ko] - C:\Users\Media\AppData\Roaming\DameWare Development
[06/02/2016 02:38:23] - |D| - [9.2 Ko] - C:\Users\Media\AppData\Roaming\EasyDuplicateFinder
[12/03/2016 21:26:06] - |D| - [19.36 Ko] - C:\Users\Media\AppData\Roaming\FLEXnet
[30/11/2015 19:15:05] - |D| - [12084.41 Ko] - C:\Users\Media\AppData\Roaming\I2P
[26/11/2015 13:39:51] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Identities
[30/05/2016 23:15:36] - |D| - [1498651.35 Ko] - C:\Users\Media\AppData\Roaming\iolo
[10/04/2016 08:57:44] - |D| - [89.64 Ko] - C:\Users\Media\AppData\Roaming\Logishrd
[10/04/2016 08:57:44] - |D| - [0.04 Ko] - C:\Users\Media\AppData\Roaming\Logitech
[26/11/2015 17:29:33] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Macromedia
[26/11/2015 13:39:47] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Media Center Programs
[26/11/2015 13:39:47] - |SD| - [1126.94 Ko] - C:\Users\Media\AppData\Roaming\Microsoft
[05/02/2016 23:24:50] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Microsoft Corporation
[27/11/2015 22:21:09] - |D| - [30280.16 Ko] - C:\Users\Media\AppData\Roaming\Mozilla
[27/11/2015 17:15:22] - |D| - [0.11 Ko] - C:\Users\Media\AppData\Roaming\MPC-HC
[05/02/2016 02:30:33] - |D| - [10468.09 Ko] - C:\Users\Media\AppData\Roaming\MusicBrainz
[30/11/2015 09:18:24] - |D| - [26089.42 Ko] - C:\Users\Media\AppData\Roaming\OpenOffice
[06/02/2016 02:56:37] - |D| - [278873.61 Ko] - C:\Users\Media\AppData\Roaming\Similarity
[13/12/2015 12:53:11] - |D| - [221.13 Ko] - C:\Users\Media\AppData\Roaming\SolarWinds
[30/11/2015 19:12:43] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Sun
[28/03/2016 19:00:57] - |D| - [3520.45 Ko] - C:\Users\Media\AppData\Roaming\U3
[05/02/2016 02:05:23] - |D| - [25910.54 Ko] - C:\Users\Media\AppData\Roaming\Winamp
[29/11/2015 12:13:00] - |D| - [0.01 Ko] - C:\Users\Media\AppData\Roaming\WinRAR
[03/06/2016 23:48:05] - |D| - [2694.81 Ko] - C:\Users\Media\AppData\Roaming\ZHP
 
---------- | C:\Users\Media\AppData\Local
 
[26/11/2015 17:28:28] - |D| - [0 Ko] - C:\Users\Media\AppData\Local\Adobe
[26/11/2015 15:34:00] - |D| - [0.01 Ko] - C:\Users\Media\AppData\Local\AMD
[26/11/2015 13:39:47] - |SHD| - [10346632.31 Ko] - C:\Users\Media\AppData\Local\Application Data
[27/05/2016 08:10:16] - |A| - [163.89 Ko] - C:\Users\Media\AppData\Local\ars.cache
[26/11/2015 15:33:49] - |D| - [94.83 Ko] - C:\Users\Media\AppData\Local\ATI
[04/12/2015 17:02:35] - |D| - [4.04 Ko] - C:\Users\Media\AppData\Local\Bluestacks
[04/12/2015 03:09:06] - |D| - [2.32 Ko] - C:\Users\Media\AppData\Local\bunkus.org
[26/03/2016 21:51:04] - |D| - [0 Ko] - C:\Users\Media\AppData\Local\CEF
[27/05/2016 08:10:24] - |A| - [532.74 Ko] - C:\Users\Media\AppData\Local\census.cache
[14/12/2015 09:20:02] - |D| - [11183.27 Ko] - C:\Users\Media\AppData\Local\Diagnostics
[29/11/2015 02:21:30] - |D| - [129.05 Ko] - C:\Users\Media\AppData\Local\ElevatedDiagnostics
[03/06/2016 20:28:50] - |D| - [953.83 Ko] - C:\Users\Media\AppData\Local\Fast Browser
[26/11/2015 13:48:08] - |A| - [62.52 Ko] - C:\Users\Media\AppData\Local\GDIPFONTCACHEV1.DAT
[13/12/2015 14:59:38] - |D| - [502373.7 Ko] - C:\Users\Media\AppData\Local\Google
[21/12/2015 17:58:23] - |D| - [0.07 Ko] - C:\Users\Media\AppData\Local\GWX
[26/11/2015 13:39:47] - |SHD| - [0.28 Ko] - C:\Users\Media\AppData\Local\History
[27/05/2016 07:57:48] - |A| - [0.04 Ko] - C:\Users\Media\AppData\Local\housecall.guid.cache
[14/03/2016 01:00:07] - |AH| - [3175.65 Ko] - C:\Users\Media\AppData\Local\IconCache.db
[26/11/2015 15:10:08] - |D| - [893 Ko] - C:\Users\Media\AppData\Local\III
[29/11/2015 09:12:48] - |D| - [893 Ko] - C:\Users\Media\AppData\Local\IIIQ
[03/06/2016 20:30:12] - |D| - [0 Ko] - C:\Users\Media\AppData\Local\intmanager
[13/12/2015 12:42:38] - |D| - [0 Ko] - C:\Users\Media\AppData\Local\IsolatedStorage
[27/11/2015 22:30:34] - |D| - [0 Ko] - C:\Users\Media\AppData\Local\Macromedia
[26/11/2015 13:39:47] - |D| - [391792.4 Ko] - C:\Users\Media\AppData\Local\Microsoft
[06/02/2016 02:47:27] - |D| - [0 Ko] - C:\Users\Media\AppData\Local\MindGems
[27/11/2015 22:21:09] - |D| - [302.26 Ko] - C:\Users\Media\AppData\Local\Mozilla
[05/02/2016 02:30:33] - |D| - [39603.63 Ko] - C:\Users\Media\AppData\Local\MusicBrainz
[26/11/2015 13:45:24] - |D| - [0 Ko] - C:\Users\Media\AppData\Local\Programs
[29/11/2015 01:29:21] - |A| - [7.43 Ko] - C:\Users\Media\AppData\Local\Resmon.ResmonCfg
[26/11/2015 15:11:08] - |D| - [10.98 Ko] - C:\Users\Media\AppData\Local\Softomotive
[27/05/2016 08:06:16] - |A| - [0.01 Ko] - C:\Users\Media\AppData\Local\sponge.last.runtime.cache
[26/11/2015 13:39:47] - |D| - [0 Ko] - C:\Users\Media\AppData\Local\Temp
[26/11/2015 13:39:47] - |SHD| - [125.46 Ko] - C:\Users\Media\AppData\Local\Temporary Internet Files
[26/11/2015 13:39:49] - |D| - [1242.85 Ko] - C:\Users\Media\AppData\Local\VirtualStore
 
---------- | C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu
 
[03/06/2016 20:28:52] - |A| - [2.15 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
[04/12/2015 17:12:23] - |A| - [1.66 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
[26/11/2015 16:43:58] - |ASH| - [0.17 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[26/11/2015 13:39:47] - |RD| - [28.93 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
---------- | C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
[26/11/2015 13:39:47] - |RD| - [14.28 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[26/11/2015 16:43:58] - |RD| - [0.17 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[26/11/2015 13:40:51] - |ASH| - [0.46 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[05/01/2016 19:59:54] - |D| - [0.19 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[26/11/2015 13:40:51] - |A| - [1.38 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[26/11/2015 16:14:15] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[26/11/2015 16:06:05] - |D| - [0 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[26/11/2015 13:39:47] - |RD| - [0.57 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[03/06/2016 23:03:40] - |D| - [4.85 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[06/02/2016 02:56:21] - |D| - [2.09 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Similarity
[30/11/2015 19:29:33] - |A| - [0.81 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[26/11/2015 16:43:58] - |RD| - [0.17 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[29/11/2015 12:12:14] - |D| - [3.96 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
 
---------- | C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 
[26/11/2015 16:43:58] - |ASH| - [0.17 Ko] - C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
 
---------- | C:\ProgramData
 
[26/11/2015 13:45:15] - |D| - [1.22 Ko] - C:\ProgramData\AMD
[14/07/2009 00:08:56] - |SHD| - [385893982.1 Ko] - C:\ProgramData\Application Data
[30/12/2015 18:32:43] - |D| - [1.88 Ko] - C:\ProgramData\ASUS Smart Gesture
[26/11/2015 15:33:49] - |D| - [0.3 Ko] - C:\ProgramData\ATI
[26/11/2015 15:08:43] - |D| - [639.06 Ko] - C:\ProgramData\Auslogics
[26/11/2015 13:48:08] - |D| - [421493.57 Ko] - C:\ProgramData\AVAST Software
[26/11/2015 16:18:10] - |D| - [15381743.16 Ko] - C:\ProgramData\BlueStacks
[04/12/2015 17:12:07] - |D| - [110164.08 Ko] - C:\ProgramData\BlueStacksGameManager
[26/11/2015 16:17:29] - |D| - [3390.6 Ko] - C:\ProgramData\BlueStacksSetup
[14/07/2009 00:08:56] - |SHD| - [9.63 Ko] - C:\ProgramData\Desktop
[14/07/2009 00:08:56] - |SHD| - [171145.63 Ko] - C:\ProgramData\Documents
[26/11/2015 13:59:16] - |AH| - [0 Ko] - C:\ProgramData\DP45977C.lfl
[06/02/2016 02:38:23] - |D| - [0.01 Ko] - C:\ProgramData\Easy Duplicate Finder
[26/11/2015 18:32:53] - |D| - [16585428.47 Ko] - C:\ProgramData\entropia universe
[14/07/2009 00:08:56] - |SHD| - [0 Ko] - C:\ProgramData\Favorites
[12/03/2016 21:24:33] - |D| - [3874.2 Ko] - C:\ProgramData\FLEXnet
[05/03/2010 17:48:20] - |D| - [135.38 Ko] - C:\ProgramData\Hewlett-Packard
[30/05/2016 23:15:36] - |D| - [90240.99 Ko] - C:\ProgramData\iolo
[01/05/2016 13:51:18] - |A| - [4.82 Ko] - C:\ProgramData\iqrjmdeq.fak
[13/12/2015 13:56:15] - |D| - [0.47 Ko] - C:\ProgramData\Licenses
[10/04/2016 09:00:48] - |D| - [22790.21 Ko] - C:\ProgramData\Logishrd
[13/12/2015 13:56:16] - |D| - [0.26 Ko] - C:\ProgramData\Logs
[12/03/2016 21:30:08] - |D| - [2424.41 Ko] - C:\ProgramData\Macrovision
[27/05/2016 08:12:21] - |D| - [22412.74 Ko] - C:\ProgramData\Malwarebytes
[03/06/2016 22:21:35] - |D| - [52.8 Ko] - C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[19/12/2015 19:45:34] - |D| - [20.59 Ko] - C:\ProgramData\McAfee
[13/07/2009 22:20:08] - |SD| - [542319.55 Ko] - C:\ProgramData\Microsoft
[05/02/2016 23:24:54] - |A| - [0.11 Ko] - C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[13/12/2015 12:52:07] - |A| - [0.62 Ko] - C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[17/12/2015 01:41:45] - |D| - [6974.69 Ko] - C:\ProgramData\NoMachine
[03/06/2016 20:29:50] - |D| - [17 Ko] - C:\ProgramData\Npackd
[03/06/2016 20:28:13] - |RASH| - [2.58 Ko] - C:\ProgramData\ntuser.pol
[30/11/2015 19:12:04] - |D| - [0 Ko] - C:\ProgramData\Oracle
[26/11/2015 13:44:15] - |D| - [30409.89 Ko] - C:\ProgramData\Package Cache
[13/12/2015 13:56:28] - |D| - [5552.21 Ko] - C:\ProgramData\Paessler
[26/11/2015 15:10:25] - |D| - [5302.05 Ko] - C:\ProgramData\Softomotive
[26/11/2015 13:45:58] - |D| - [3005.4 Ko] - C:\ProgramData\Spybot - Search & Destroy
[14/07/2009 00:08:56] - |SHD| - [206.35 Ko] - C:\ProgramData\Start Menu
[13/12/2015 13:56:16] - |AD| - [0 Ko] - C:\ProgramData\TEMP
[14/07/2009 00:08:56] - |SHD| - [30.65 Ko] - C:\ProgramData\Templates
[27/05/2016 08:00:14] - |D| - [14245.33 Ko] - C:\ProgramData\Trend Micro
[29/11/2015 09:13:52] - |DC| - [66660.95 Ko] - C:\ProgramData\{A75EBE19-57F9-4557-9FA6-6FB59C306155}
 
---------- | C:\Windows\Tasks
 
[13/12/2015 15:00:24] - |A| - [0.87 Ko] - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[13/12/2015 15:00:24] - |A| - [0.88 Ko] - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[14/07/2009 00:08:49] - |AH| - [0.01 Ko] - C:\Windows\Tasks\SA.DAT
[14/07/2009 00:08:49] - |A| - [31.83 Ko] - C:\Windows\Tasks\SCHEDLGU.TXT
 
---------- | C:\Windows\System32\Tasks
 
[13/07/2009 22:20:14] - |D| - [0 Ko] - C:\Windows\System32\Tasks\Microsoft
 
[X] : [104336 Ko]
 
Analyzed : 545058 | Modified : 6 | Deleted : 90
 
---------- |EOF| ---------- | 03:35:49 | [49 Ko]
 
Will have to continue efforts tonight around 6 pm cst


#14 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 04 June 2016 - 07:31 PM

Zemana AntiMalware 2.20.2.911 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/4
Operating System       : Windows 7 64-bit
Processor              : 2X AMD A6-6400K APU with Radeon™ HD Graphics
BIOS Mode              : Legacy
CUID                   : 129BEBF0DAAAB10AD7F9DD
Scan Type              : Deep Scan
Duration               : 15m 58s
Scanned Objects        : 175196
Detected Objects       : 7
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Chrome Shortcut
Status             : Scanned
Object             : http://www.fastshortcut.com/amazon.php
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 5508E1B1443711E8ACE4097341371265
Publisher          : -
Size               : 450831
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - Hosts file is hidden
                File - %systemroot%\system32\drivers\etc\hosts
 
_isusres.dll
Status             : Scanned
Object             : %programdata%\macrovision\flexnet connect\6\_isusres.dll
MD5                : 0662D4BC1F1BB607BF0978D1C1DC4891
Publisher          : Macrovision
Size               : 394512
Version            : 6.1.100.61372
Detection          : Adware:Win32/BulkHeur.5f6a7f!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programdata%\macrovision\flexnet connect\6\_isusres.dll
 
isusweb.dll
Status             : Scanned
Object             : %programdata%\macrovision\flexnet connect\6\isusweb.dll
MD5                : 8D9130D26FAAE0BD22E009A063CB946C
Publisher          : Macrovision
Size               : 492816
Version            : 6.1.100.64909
Detection          : Adware:Win32/BulkHeur.5f6a7f!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programdata%\macrovision\flexnet connect\6\isusweb.dll
 
issch.exe
Status             : Scanned
Object             : %programdata%\macrovision\flexnet connect\6\issch.exe
MD5                : DF29A23CBB24E5070FA1CD00DC945ED1
Publisher          : Macrovision
Size               : 87312
Version            : 6.1.100.61372
Detection          : Adware:Win32/BulkHeur.5f6a7f!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programdata%\macrovision\flexnet connect\6\issch.exe
 
ISDM.exe
Status             : Scanned
Object             : %programdata%\macrovision\flexnet connect\6\isdm.exe
MD5                : 9C7DE0DE31A6414C535C3DCB598CF49D
Publisher          : Macrovision
Size               : 275728
Version            : 6.1.100.64909
Detection          : Adware:Win32/BulkHeur.5f6a7f!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programdata%\macrovision\flexnet connect\6\isdm.exe
 
agent.exe
Status             : Scanned
Object             : %programdata%\macrovision\flexnet connect\6\agent.exe
MD5                : 59C3836F5143FA3C583FB19977BEC675
Publisher          : Macrovision
Size               : 996624
Version            : 6.1.100.64909
Detection          : Adware:Win32/BulkHeur.5f6a7f!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programdata%\macrovision\flexnet connect\6\agent.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 7
Reported as safe      : 0
Failed                : 0
 
sort of mad about this one.... Flexnet is part of alldata package for my vehicle automotive Shop and is difficult to install second time over. I had to re install os last time. I tried to exclude the items but the log is showing it fiwed them by quarantining them anyway. I hope this has not f'd up the alldata install.

Edited by morganjeff7272, 04 June 2016 - 07:33 PM.


#15 morganjeff7272

morganjeff7272
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 04 June 2016 - 07:35 PM

-|x| RstHosts v2.0 - Rapport créé le 04/06/2016 à 19:34:50
-|x| Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
-|x| Nom d'utilisateur : Media - MEDIA-PC (Administrateur)
 
-|x|- Informations -|x|-
 
Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 13/07/2009 - 21:34:48
Date de modification : 04/06/2016 - 19:34:45
Date de dernier accès : 04/06/2016 - 19:34:45
 
-|x|- Contenu du fichier -|x|-
 
# Fichier Hosts créé par RstHosts
 
127.0.0.1       localhost
::1             localhost
 
-|x|- E.O.F - C:\RstHosts.txt - 620 bytes -|x|-
I had over 250 lines of host blocks from a black list I created and with the help of spybot like 10k lines of blocked sites anyone got a ready list?

Edited by morganjeff7272, 04 June 2016 - 08:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users