Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i'M infected, browser redirects, cannot enter bios cause of password


  • This topic is locked This topic is locked
9 replies to this topic

#1 SeeknM

SeeknM

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 PM

Posted 06 November 2016 - 02:20 PM

I keep getting popups, also i cannot change policy, I am running 64 bit Windows 7. I see shopperPro, Search module by Groobzo, The Torntv v10, Browser Air, AllDay SavingsService64, GlobalUpdateUpdate Service, hzunyanhtn64, aND OTHERS. i Cannot run as administrator. My system is slow. 

Any help is appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by Keith (administrator) on MELISSAGLOVER (09-10-2016 07:21:13)
Running from C:\Users\Keith\Desktop
Loaded Profiles: Keith (Available Profiles: Melissa Glover & Keith & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
() C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2828072 2011-09-16] (Synaptics Incorporated)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-08-22] ()
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [fst_us_220] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.exe [3225088 2015-10-18] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2011-02-03] (Hewlett-Packard Company)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-06] (Client Connect LTD)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-08-21]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-08-21]
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Keith\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM-x32] => http=127.0.0.1:3128
AutoConfigURL: [HKLM] => http=127.0.0.1:3128
Winsock: Catalog9 01 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 02 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 03 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 04 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 16 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9-x64 01 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 02 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 03 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 04 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 16 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{14EBB45F-8C8B-49FB-BDCB-439A11475760}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{D08009B3-421A-4FA7-AE6A-59C9DCABD554}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
URLSearchHook: HKLM-x32 - (No Name) - {02edb56b-9b33-435b-b7df-b2843273a694} - No File
URLSearchHook: HKLM-x32 - (No Name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No File
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto4_14_31&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyE0EtB0CyDyByEyDyCyBzztN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V2Z2Y2Z1FyE1VtCyE1VtAtCtN1L1G1B1V1N2Y1L1Qzu2SyEyEzztA0BtCzzzytGtA0C0EtAtGtD0CzzyDtGyBtC0AtDtGyE0EtA0D0AyByC0FtBtBtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyEyD0BtDtCyBtG0A0FtD0AtGyE0C0FyCtGzytCzyzytG0CyDyCyB0D0B0D0BtCtAzy0A2Q&cr=821694722&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=3884089e-83c9-4643-a810-48559462dd88&searchtype=ds&q={searchTerms}&installDate=21/07/2013
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
BHO: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho64.dll => No File
BHO: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho64.dll => No File
BHO: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho64.dll => No File
BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll [2014-08-21] (esc)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.x64.dll [2014-07-27] ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-10-18] (Goobzo Ltd.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Fast Free Converter 4.1 -> {0267CB62-3A0A-4847-AA96-A338AD292E0F} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL => No File
BHO-x32: No Name -> {02edb56b-9b33-435b-b7df-b2843273a694} -> No File
BHO-x32: No Name -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> No File
BHO-x32: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho.dll => No File
BHO-x32: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho.dll => No File
BHO-x32: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho.dll => No File
BHO-x32: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll [2014-08-21] (esc)
BHO-x32: LyricsWoofer -> {1b3b6848-2fa2-4d87-a03a-bcbc4a8cee8c} -> C:\Program Files (x86)\LyricsWoofer\133.dll => No File
BHO-x32: SelectionLinks -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> C:\Program Files (x86)\OApps\SelectionLinks.dll => No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-25] (RealPlayer)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: LessTabs -> {3178A392-8963-471E-B7A2-969CB58D6496} -> C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll => No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-09] (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Show Lyrics -> {90609D82-77C3-4391-8915-CF5638CF4605} -> C:\Program Files (x86)\Show-Lyrics\slyrics.dll => No File
BHO-x32: No Name -> {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -> No File
BHO-x32: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.dll [2014-07-27] ()
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-10-18] (Goobzo Ltd.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll => No File
BHO-x32: M-Lyrics -> {C9AFAF70-F7EB-44B6-A334-0ED998D466E7} -> C:\Program Files (x86)\M-Lyrics\lfind.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-09] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.5\deltaTlbr.dll No File
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll [2014-01-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll [2014-01-29] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-10-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-10-25] (RealNetworks, Inc.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-21] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-21] (globalUpdate)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bakaaanikglogbgdnnkhieaaadpnkggc] - C:\Users\MELISS~1\AppData\Local\Temp\tbch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bdephonbpjofbmmhhlhiegdokbhhccch] - C:\Program Files (x86)\LyricsWoofer\133.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Users\Melissa Glover\AppData\Roaming\OpenCandy\DCDB5705B04C487E8DB0754E1A44B316\app.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kfpelfbdfajdjanfefecookocekcfkni] - C:\Program Files (x86)\OApps\chrome-sl.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [ogoocamnhedgmkaapmjkkioohkedbecm] - C:\Program Files (x86)\M-Lyrics\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [pkahcfoiapkaglphahjnnmojmlbhnidb] - C:\Program Files (x86)\Show-Lyrics\Chrome.crx <not found>
StartMenuInternet: Google Chrome - chrome.exe
StartMenuInternet: Google Chrome.Guest - C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllDaySavingsService64; C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 CFUACProxy_hddv2usb3; C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe [83792 2011-09-08] (Storage Appliance Corp.)
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S4 f592fff6; c:\Program Files (x86)\AppendMonitor\AppendMonitor.dll [2236928 1980-08-21] () [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
S4 hzunyanhtn64; C:\Program Files\005\hzunyanhtn64.exe [709120 2014-08-21] () [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S4 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] () [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-08-22] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S4 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [3001856 2015-10-28] (Search Module Ltd.) [File not signed]
S4 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-18] (ShopperPro) <==== ATTENTION
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update GrabRez; "C:\Program Files (x86)\GrabRez\updateGrabRez.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 1980-12-17] (Cherimoya Ltd) <==== ATTENTION
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2011-08-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2011-08-22] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [45728 2015-10-28] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-18] ()
S2 SPDRIVER_1.42.1.2687; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.sys [52384 2015-10-18] ()
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-08-03] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2011-08-03] (LG Electronics Inc.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-02-21] (StdLib)
S1 apcqaqmq; \??\C:\windows\system32\drivers\apcqaqmq.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
U2 wuaserv; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 07:21 - 2016-10-09 07:21 - 00031910 _____ C:\Users\Keith\Desktop\FRST.txt
2016-10-09 07:20 - 2016-10-09 07:21 - 00000000 ____D C:\FRST
2016-10-09 07:18 - 2016-10-09 00:57 - 02405376 _____ (Farbar) C:\Users\Keith\Desktop\FRST64.exe
2016-10-09 06:09 - 2016-10-09 06:19 - 00000000 ____D C:\Users\Keith\Documents\Bluetooth Folder
2016-10-09 06:09 - 2016-10-09 06:09 - 00000000 ____D C:\Users\Keith\AppData\Local\BMExplorer
2016-10-09 02:51 - 2016-10-09 02:51 - 00000000 __SHD C:\found.008
2016-09-29 22:26 - 2016-09-29 22:30 - 00000000 ___SD C:\32788R22FWJFW
2016-09-29 22:26 - 2016-09-29 22:26 - 00000000 ____D C:\windows\erdnt
2016-09-29 22:03 - 2016-09-29 22:03 - 00000000 ____D C:\Users\Keith\AppData\Local\VirtualStore
2016-09-29 22:02 - 2016-09-29 22:02 - 00002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-09-29 22:02 - 2016-09-29 22:02 - 00002080 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-09-29 22:02 - 2016-09-29 22:02 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-09-27 22:30 - 2016-09-27 22:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\SynthMaker
2016-09-27 22:30 - 2016-09-27 22:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Acoustica
2016-09-27 21:34 - 2016-09-29 20:23 - 00000000 ____D C:\windows\pss
2016-09-27 19:55 - 2016-09-27 20:34 - 00000332 _____ C:\windows\Tasks\HPCeeScheduleForKeith.job
2016-09-27 19:55 - 2016-09-27 19:55 - 00003186 _____ C:\windows\System32\Tasks\HPCeeScheduleForKeith
2016-09-27 19:55 - 2016-09-27 19:55 - 00000000 ____D C:\Users\Keith\AppData\Local\Hewlett-Packard_Developme
2016-09-27 19:55 - 2016-09-27 19:55 - 00000000 ____D C:\Users\Keith\AppData\Local\Hewlett-Packard
2016-09-27 19:54 - 2016-09-27 19:54 - 272784158 _____ C:\Users\Keith\Documents\RegistryBackup.reg
2016-09-27 19:35 - 2016-09-27 19:35 - 00262144 _____ C:\windows\Minidump\092716-98764-01.dmp
2016-09-27 19:31 - 2016-09-29 21:48 - 00000000 ____D C:\Users\Keith\AppData\Local\ElevatedDiagnostics
2016-09-27 18:49 - 2016-09-27 18:49 - 00000000 ____H C:\Users\Melissa Glover\BIT9A39.tmp
2016-09-27 18:48 - 2016-09-27 19:35 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForMelissa Glover.job
2016-09-27 18:48 - 2016-09-27 18:49 - 00003240 _____ C:\windows\System32\Tasks\HPCeeScheduleForMelissa Glover
2016-09-27 17:48 - 2016-09-27 17:48 - 00000000 ____D C:\Users\Keith\AppData\LocalLow\{A54D8AB7-B70F-79EA-C354-45C49260F762}
2016-09-27 17:46 - 2016-09-27 17:46 - 00000000 ____D C:\Users\Keith\AppData\Roaming\WinRAR
2016-09-27 16:00 - 2016-09-27 16:00 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Hewlett-Packard
2016-09-27 14:35 - 2016-09-27 14:35 - 00000000 ____D C:\Users\Keith\AppData\LocalLow\Sun
2016-09-27 14:34 - 2016-09-27 14:34 - 00000000 ____D C:\Users\Keith\Documents\Native Instruments
2016-09-27 14:33 - 2016-09-27 14:33 - 00000000 ____D C:\Users\Keith\AppData\Local\Native Instruments
2016-09-27 14:30 - 2016-09-27 14:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Intel Corporation
2016-09-27 14:29 - 2016-09-27 18:11 - 00001621 _____ C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2016-09-27 14:29 - 2016-09-27 14:31 - 00000000 ____D C:\Users\Keith\AppData\Roaming\hpqLog
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Synaptics
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Apple Computer
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Adobe
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Local\PDFC
2016-09-27 14:28 - 2016-09-27 17:30 - 00000258 __RSH C:\Users\Keith\ntuser.pol
2016-09-27 14:28 - 2016-09-27 17:30 - 00000000 ____D C:\Users\Keith
2016-09-27 14:28 - 2016-09-27 14:28 - 00109296 _____ C:\Users\Keith\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\My Documents
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Videos
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Pictures
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Music
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Systweak
2016-09-27 14:28 - 2012-01-22 21:52 - 00000000 ____D C:\Users\Keith\AppData\Local\Microsoft Help
2016-09-27 14:28 - 2009-07-27 10:09 - 00000020 ___SH C:\Users\Keith\ntuser.ini
2016-09-27 14:03 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-09-27 14:03 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-09-27 14:03 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-09-27 14:03 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-09-27 14:02 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-09-27 14:02 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-09-27 14:02 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-09-27 14:02 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-09-27 14:02 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-09-27 14:02 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-09-27 13:14 - 2016-09-27 13:15 - 00037954 _____ C:\Users\Keith\Documents\hardinfo_report.html
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 06:16 - 2009-07-14 00:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-09 06:16 - 2009-07-14 00:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-09 06:15 - 2011-08-06 07:01 - 00000000 ____D C:\Users\Public\Documents\Atheros
2016-10-09 06:09 - 2011-08-06 07:01 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-10-09 06:08 - 2011-05-04 20:54 - 00000000 ____D C:\ProgramData\PDFC
2016-10-09 06:08 - 2011-05-04 20:50 - 00000000 ____D C:\ProgramData\HPQLOG
2016-10-09 06:02 - 2014-03-01 01:54 - 00000000 ____D C:\Users\Melissa Glover\AppData\Roaming\Open Download Manager
2016-09-27 21:04 - 2014-08-21 19:59 - 00002168 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-6.job
2016-09-27 20:41 - 2009-07-14 01:13 - 00783234 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-27 20:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-09-27 20:38 - 2014-03-30 00:01 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup
2016-09-27 20:36 - 2014-08-21 19:59 - 00004160 _____ C:\windows\Tasks\6d83c2d0-7f9f-4d68-ab13-5715fd424552.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00002696 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-4.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00002220 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-7.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001788 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-1.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001698 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-5_user.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001678 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-5.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001408 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-2.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00004498 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-11.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00002792 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-3.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00000904 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2016-09-27 20:36 - 2014-03-23 21:41 - 00000458 ____H C:\windows\Tasks\SW-Booster-S-619517029.job
2016-09-27 20:36 - 2014-03-04 00:41 - 00001634 _____ C:\windows\Tasks\MediaPlayerEnhance-updater.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001590 _____ C:\windows\Tasks\MediaPlayerEnhance-codedownloader.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001526 _____ C:\windows\Tasks\Plus-HD-8.9-updater.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001488 _____ C:\windows\Tasks\MediaPlayerEnhance-enabler.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001380 _____ C:\windows\Tasks\Plus-HD-8.9-enabler.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00003474 _____ C:\windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00002434 _____ C:\windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00002344 _____ C:\windows\Tasks\Plus-HD-8.9-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00001482 _____ C:\windows\Tasks\Plus-HD-8.9-codedownloader.job
2016-09-27 20:36 - 2014-03-04 00:38 - 00003110 _____ C:\windows\Tasks\Plus-HD-8.9-chromeinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00003130 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-chromeinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00002610 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001556 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-updater.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001512 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001410 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-enabler.job
2016-09-27 20:36 - 2013-07-01 03:31 - 00000402 _____ C:\windows\Tasks\Show Lyrics Update.job
2016-09-27 20:36 - 2013-07-01 01:46 - 00000422 _____ C:\windows\Tasks\LyricsWoofer Update.job
2016-09-27 20:36 - 2013-05-11 03:37 - 00000392 _____ C:\windows\Tasks\M-Lyrics Update.job
2016-09-27 20:34 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-27 20:06 - 2014-08-21 20:06 - 00000316 _____ C:\windows\Tasks\Groovorio Updater.job
2016-09-27 20:03 - 2014-08-21 19:58 - 00000908 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2016-09-27 19:41 - 1980-11-23 22:37 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-09-27 19:35 - 2012-06-27 19:49 - 00000000 ____D C:\windows\Minidump
2016-09-27 19:34 - 2012-06-27 19:49 - 995515056 _____ C:\windows\MEMORY.DMP
2016-09-27 19:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-09-27 18:49 - 2011-08-18 23:12 - 00000000 ____D C:\Users\Melissa Glover
2016-09-27 17:48 - 2011-09-04 22:24 - 02537472 ___SH C:\Users\Melissa Glover\Downloads\Thumbs.db
2016-09-27 17:30 - 2014-08-21 20:00 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2016-09-27 16:00 - 2013-01-25 22:30 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-09-27 14:03 - 2014-08-21 20:01 - 00000000 ____D C:\Program Files\AllDaySavings
ZeroAccess:
C:\Users\Melissa Glover\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\nsd4A2B.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nse926.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nsf601D.exe
C:\Users\Guest\AppData\Local\Temp\nsg2790.exe
C:\Users\Guest\AppData\Local\Temp\nsg3D32.exe
C:\Users\Guest\AppData\Local\Temp\nskAC1A.exe
C:\Users\Guest\AppData\Local\Temp\nsm8DA.exe
C:\Users\Guest\AppData\Local\Temp\nsmFE7E.exe
C:\Users\Guest\AppData\Local\Temp\nso6FD4.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nst81ED.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nswAEE8.exe
C:\Users\Guest\AppData\Local\Temp\nsx2DF.tmp.exe
C:\Users\Guest\AppData\Local\Temp\playnowradio.exe
C:\Users\Guest\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Guest\AppData\Local\Temp\SPSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\0dmzsv3z.dll
C:\Users\Melissa Glover\AppData\Local\Temp\6C76_HiDefMedia-1.1.12-win32.exe
C:\Users\Melissa Glover\AppData\Local\Temp\air5A9D.exe
C:\Users\Melissa Glover\AppData\Local\Temp\air6C75.exe
C:\Users\Melissa Glover\AppData\Local\Temp\airAE87.exe
C:\Users\Melissa Glover\AppData\Local\Temp\BackupSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\chrome.exe
C:\Users\Melissa Glover\AppData\Local\Temp\dlLogic.exe
C:\Users\Melissa Glover\AppData\Local\Temp\dltr.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixPro.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixProSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\embededstub.exe
C:\Users\Melissa Glover\AppData\Local\Temp\GCVerifier.dll
C:\Users\Melissa Glover\AppData\Local\Temp\gkc.exe
C:\Users\Melissa Glover\AppData\Local\Temp\hq-video-pro-1-4.exe
C:\Users\Melissa Glover\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\LiveSupport_update.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsbB1D9.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsbB534.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsc350C.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsc9263.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nse39C.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsfC8BB.tmp.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsgAB41.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsh673A.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsh8257.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsjE5D3.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm1806.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm1AC5.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm63FE.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm641F.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm8EF8.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nso4E29.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nso5490.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsr9243.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nstEBDC.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nstF10B.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsw5E92.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsw9A01.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nswA7A8.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsx37FA.exe
C:\Users\Melissa Glover\AppData\Local\Temp\OfferBrokerage_14111.exe
C:\Users\Melissa Glover\AppData\Local\Temp\oprun28864.exe
C:\Users\Melissa Glover\AppData\Local\Temp\oprun9098.exe
C:\Users\Melissa Glover\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Melissa Glover\AppData\Local\Temp\setup_709.exe
C:\Users\Melissa Glover\AppData\Local\Temp\setup__6272.exe
C:\Users\Melissa Glover\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Melissa Glover\AppData\Local\Temp\SpOrder.dll
C:\Users\Melissa Glover\AppData\Local\Temp\SPSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\toparcupd.exe
C:\Users\Melissa Glover\AppData\Local\Temp\Tsu0672F4F3.dll
C:\Users\Melissa Glover\AppData\Local\Temp\uninst1.exe
C:\Users\Melissa Glover\AppData\Local\Temp\Uninstall.exe
C:\Users\Melissa Glover\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Melissa Glover\AppData\Local\Temp\verifier.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2011-08-19 14:48] - [2011-08-19 14:48] - 0357888 ____A (Microsoft Corporation) 7F451F275680080B057A3D41A5D34596
 
C:\windows\SysWOW64\dnsapi.dll
[2011-08-19 14:48] - [2011-08-19 14:48] - 0270336 ____A (Microsoft Corporation) FC4723F0CF1D8864430B4F9A398133F8
 
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2013-01-06 02:19
 
==================== End of FRST.txt ============================

Edited by hamluis, 06 November 2016 - 02:36 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 PM

Posted 08 November 2016 - 11:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run these progams and remove everything that will be found.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Run the Farbar tool one more time and post fresh FRST and Addition.txt files for my review.

Let me know what problem persists.

#3 SeeknM

SeeknM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 PM

Posted 12 November 2016 - 09:02 PM

I did nit realize that i was following your advice from my other post which was closed, for this same problem. I am posting the log after running frst with the fixlist.txt.

I am running AdwCleaner now,  per your instructions.I will post that log when it is complete.

My other was 

Keep seeing pop-ups and cannot install a printer
Started by SeeknMOct 09 2016 08:33 PM
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by Keith (12-11-2016 22:30:07) Run:1
Running from C:\Users\Keith\Desktop
Loaded Profiles: Keith (Available Profiles: Melissa Glover & Keith & Guest)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
 
Malware Response Team
33,828 posts
ONLINE
 
Gender:Male
Location:Montreal, QC. Canada
Local time:11:50 AM
Posted 11 October 2016 - 01:21 PM
Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Did you set this proxy?
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM-x32] => http=127.0.0.1:3128
AutoConfigURL: [HKLM] => http=127.0.0.1:3128
---
 
Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [fst_us_220] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.exe [3225088 2015-10-18] ()
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-06] (Client Connect LTD)
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-08-21]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-08-21]
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Keith\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
Winsock: Catalog9 01 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9 02 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9 03 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9 04 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9 16 C:\windows\system32\Nuyedf.dll No File
Winsock: Catalog9-x64 01 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 02 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 03 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 04 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 16 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
URLSearchHook: HKLM-x32 - (No Name) - {02edb56b-9b33-435b-b7df-b2843273a694} - No File
URLSearchHook: HKLM-x32 - (No Name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No File
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto4_14_31&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyE0EtB0CyDyByEyDyCyBzztN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V2Z2Y2Z1FyE1VtCyE1VtAtCtN1L1G1B1V1N2Y1L1Qzu2SyEyEzztA0BtCzzzytGtA0C0EtAtGtD0CzzyDtGyBtC0AtDtGyE0EtA0D0AyByC0FtBtBtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyEyD0BtDtCyBtG0A0FtD0AtGyE0C0FyCtGzytCzyzytG0CyDyCyB0D0B0D0BtCtAzy0A2Q&cr=821694722&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=3884089e-83c9-4643-a810-48559462dd88&searchtype=ds&q={searchTerms}&installDate=21/07/2013
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
BHO: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho64.dll => No File
BHO: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho64.dll => No File
BHO: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho64.dll => No File
BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll [2014-08-21] (esc)
BHO: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.x64.dll [2014-07-27] ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-10-18] (Goobzo Ltd.)
BHO-x32: Fast Free Converter 4.1 -> {0267CB62-3A0A-4847-AA96-A338AD292E0F} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL => No File
BHO-x32: No Name -> {02edb56b-9b33-435b-b7df-b2843273a694} -> No File
BHO-x32: No Name -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> No File
BHO-x32: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho.dll => No File
BHO-x32: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho.dll => No File
BHO-x32: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho.dll => No File
BHO-x32: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll [2014-08-21] (esc)
BHO-x32: LyricsWoofer -> {1b3b6848-2fa2-4d87-a03a-bcbc4a8cee8c} -> C:\Program Files (x86)\LyricsWoofer\133.dll => No File
BHO-x32: SelectionLinks -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> C:\Program Files (x86)\OApps\SelectionLinks.dll => No File
BHO-x32: LessTabs -> {3178A392-8963-471E-B7A2-969CB58D6496} -> C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll => No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Show Lyrics -> {90609D82-77C3-4391-8915-CF5638CF4605} -> C:\Program Files (x86)\Show-Lyrics\slyrics.dll => No File
BHO-x32: No Name -> {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -> No File
BHO-x32: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.dll [2014-07-27] ()
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-10-18] (Goobzo Ltd.)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll => No File
BHO-x32: M-Lyrics -> {C9AFAF70-F7EB-44B6-A334-0ED998D466E7} -> C:\Program Files (x86)\M-Lyrics\lfind.dll => No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.5\deltaTlbr.dll No File
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bakaaanikglogbgdnnkhieaaadpnkggc] - C:\Users\MELISS~1\AppData\Local\Temp\tbch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bdephonbpjofbmmhhlhiegdokbhhccch] - C:\Program Files (x86)\LyricsWoofer\133.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Users\Melissa Glover\AppData\Roaming\OpenCandy\DCDB5705B04C487E8DB0754E1A44B316\app.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kfpelfbdfajdjanfefecookocekcfkni] - C:\Program Files (x86)\OApps\chrome-sl.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [ogoocamnhedgmkaapmjkkioohkedbecm] - C:\Program Files (x86)\M-Lyrics\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [pkahcfoiapkaglphahjnnmojmlbhnidb] - C:\Program Files (x86)\Show-Lyrics\Chrome.crx <not found>
R2 AllDaySavingsService64; C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
S4 f592fff6; c:\Program Files (x86)\AppendMonitor\AppendMonitor.dll [2236928 1980-08-21] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
S4 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [3001856 2015-10-28] (Search Module Ltd.) [File not signed]
S4 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-18] (ShopperPro) <==== ATTENTION
S2 Update GrabRez; "C:\Program Files (x86)\GrabRez\updateGrabRez.exe" [X]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 1980-12-17] (Cherimoya Ltd) <==== ATTENTION
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [45728 2015-10-28] ()
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-18] ()
S2 SPDRIVER_1.42.1.2687; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.sys [52384 2015-10-18] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-02-21] (StdLib)
S1 apcqaqmq; \??\C:\windows\system32\drivers\apcqaqmq.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
U2 wuaserv; no ImagePath
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484
C:\Program Files (x86)\TheTorntv V10
C:\ProgramData\ReGulearDeals
C:\ProgramData\ShopperPro
C:\Program Files (x86)\BitComet
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\SearchProtect
c:\Program Files (x86)\AppendMonitor
C:\Program Files\Common Files\Goobzo
C:\Windows\System32\drivers\cherimoya.sys
C:\Windows\System32\drivers\netfilter64.sys
C:\Windows\System32\drivers\wStLibG64.sys
cmd: netsh winsock reset catalog
 
EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Clean everyting that this tool will find.
 
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.
IMPORTANT
If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===
 
Download to your Desktop the Junkware Removal Tool Download from this link.
 
Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======
 
CHR dev: Chrome dev build detected! <======= ATTENTION
 
Your copy of Chrome has been compromised
 
Re-install Chrome
 
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.
 
Clear your Chrome cache and cookies
 
===
 
Remove Chrome using the the instructions on this page.
 
Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
 
Re-install Chrome and the Bookmarks.
 
If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
<<<>>>
 
 
Please post the logs and let me know what problem persists. 
 Back to top
Report
#3  Keep seeing pop-ups and cannot install a printer: post #3 nasdaq
 
 
Malware Response Team
33,828 posts
ONLINE
 
Gender:Male
Location:Montreal, QC. Canada
Local time:11:50 AM
Posted 17 October 2016 - 10:07 AM
Due to the lack of feedback, this topic is now closed.
 
In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. 
 
Please include a link to your topic in the Private Message. Thank you. 
*****************
 
Malware Response Team => Error: No automatic fix found for this entry.
33,828 posts => Error: No automatic fix found for this entry.
ONLINE => Error: No automatic fix found for this entry.
Gender:Male => Error: No automatic fix found for this entry.
Location:Montreal, QC. Canada => Error: No automatic fix found for this entry.
Local time:11:50 AM => Error: No automatic fix found for this entry.
Posted 11 October 2016 - 01:21 PM => Error: No automatic fix found for this entry.
Hello, Welcome to BleepingComputer. => Error: No automatic fix found for this entry.
I'm nasdaq and will be helping you. => Error: No automatic fix found for this entry.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. => Error: No automatic fix found for this entry.
=== => Error: No automatic fix found for this entry.
Did you set this proxy? => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
--- => Error: No automatic fix found for this entry.
Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX. => Error: No automatic fix found for this entry.
Type Notepad and and click the OK key. => Error: No automatic fix found for this entry.
Please copy the entire contents of the code box below to the a new file. => Error: No automatic fix found for this entry.
Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe => No running process found
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_220 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IminentMessenger => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Iminent => value not found.
"c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value data not found.
C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => moved successfully
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => moved successfully
C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk => moved successfully
C:\Users\Keith\AppData\Roaming\TornTV.com\Torntv Downloader.exe => not found.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 => key not found. 
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016 => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{02edb56b-9b33-435b-b7df-b2843273a694} => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => key removed successfully
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. 
HKU\S-1-5-21-1010346940-739637343-2868352682-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1010346940-739637343-2868352682-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => key removed successfully
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}" => key removed successfully
"HKCR\CLSID\{11111111-1111-1111-1111-110411411150}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511281100}" => key removed successfully
"HKCR\CLSID\{11111111-1111-1111-1111-110511281100}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291120}" => key removed successfully
"HKCR\CLSID\{11111111-1111-1111-1111-110511291120}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111}" => key removed successfully
"HKCR\CLSID\{11111111-1111-1111-1111-110611331111}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A54D8AB7-B70F-79EA-C354-45C49260F762}" => key removed successfully
"HKCR\CLSID\{A54D8AB7-B70F-79EA-C354-45C49260F762}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => key removed successfully
"HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0267CB62-3A0A-4847-AA96-A338AD292E0F}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0267CB62-3A0A-4847-AA96-A338AD292E0F}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02edb56b-9b33-435b-b7df-b2843273a694}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02edb56b-9b33-435b-b7df-b2843273a694} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411411150}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511281100}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511281100}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291120}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511291120}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611331111}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b3b6848-2fa2-4d87-a03a-bcbc4a8cee8c}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{1b3b6848-2fa2-4d87-a03a-bcbc4a8cee8c}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3178A392-8963-471E-B7A2-969CB58D6496}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90609D82-77C3-4391-8915-CF5638CF4605}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{90609D82-77C3-4391-8915-CF5638CF4605}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}" => key removed successfully
HKCR\Wow6432Node\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A54D8AB7-B70F-79EA-C354-45C49260F762}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{A54D8AB7-B70F-79EA-C354-45C49260F762}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9AFAF70-F7EB-44B6-A334-0ED998D466E7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C9AFAF70-F7EB-44B6-A334-0ED998D466E7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => value removed successfully
"HKCR\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}" => key removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{350F8805-D431-4908-8701-57A62717BAF2} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{350F8805-D431-4908-8701-57A62717BAF2} => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.21.2 => key not found. 
C:\windows\SysWOW64\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2" => key removed successfully
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bakaaanikglogbgdnnkhieaaadpnkggc" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bdephonbpjofbmmhhlhiegdokbhhccch" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cekmkdkefndbeciggfanobcemjnppbbb" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => key removed successfully
C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj" => key removed successfully
C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iofmibpjgjjfhliohjkfgndkjliadbje" => key removed successfully
C:\Users\Melissa Glover\AppData\Roaming\OpenCandy\DCDB5705B04C487E8DB0754E1A44B316\app.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfpelfbdfajdjanfefecookocekcfkni" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => key removed successfully
C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogoocamnhedgmkaapmjkkioohkedbecm" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => key removed successfully
C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkahcfoiapkaglphahjnnmojmlbhnidb" => key removed successfully
AllDaySavingsService64 => service removed successfully
BackupStack => service removed successfully
CltMngSvc => service not found.
f592fff6 => service removed successfully
globalUpdate => service removed successfully
globalUpdatem => service removed successfully
SMUpd => service removed successfully
SPBIUpd => service removed successfully
Update GrabRez => service removed successfully
cherimoya => Unable to stop service.
cherimoya => service removed successfully
netfilter64 => Service stopped successfully.
netfilter64 => service removed successfully
SMUpdd => service removed successfully
SPBIUpdd => service removed successfully
SPDRIVER_1.42.1.2687 => service removed successfully
wStLibG64 => Service stopped successfully.
wStLibG64 => service removed successfully
apcqaqmq => service removed successfully
STHDA => service removed successfully
swsedrvr_vt_1_10_0_25 => service removed successfully
wuaserv => service removed successfully
C:\Program Files (x86)\globalUpdate => moved successfully
C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484 => moved successfully
C:\Program Files (x86)\TheTorntv V10 => moved successfully
C:\ProgramData\ReGulearDeals => moved successfully
C:\ProgramData\ShopperPro => moved successfully
C:\Program Files (x86)\BitComet => moved successfully
C:\Program Files (x86)\Common Files\Spigot => moved successfully
C:\Program Files (x86)\MyPC Backup => moved successfully
"C:\Program Files (x86)\SearchProtect" => not found.
c:\Program Files (x86)\AppendMonitor => moved successfully
C:\Program Files\Common Files\Goobzo => moved successfully
C:\Windows\System32\drivers\cherimoya.sys => moved successfully
C:\Windows\System32\drivers\netfilter64.sys => moved successfully
C:\Windows\System32\drivers\wStLibG64.sys => moved successfully
 
========= netsh winsock reset catalog =========
 
 
========= End of CMD: =========
 
EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from. => Error: No automatic fix found for this entry.
The location is listed in the 3rd line of the Farbar log you have submitted. => Error: No automatic fix found for this entry.
Run FRST and click Fix only once and wait. => Error: No automatic fix found for this entry.
Restart the computer normally to reset the registry. => Error: No automatic fix found for this entry.
The tool will create a log (Fixlog.txt) please post it to your reply. => Error: No automatic fix found for this entry.
=== => Error: No automatic fix found for this entry.
Clean everyting that this tool will find. => Error: No automatic fix found for this entry.
Please download AdwCleaner by Xplode onto your Desktop. => Error: No automatic fix found for this entry.
Close all open programs and internet browsers. => Error: No automatic fix found for this entry.
Double click on AdwCleaner.exe to run the tool. => Error: No automatic fix found for this entry.
Click the Scan button and wait for the process to complete. => Error: No automatic fix found for this entry.
Click the LogFile button and the report will open in Notepad. => Error: No automatic fix found for this entry.
IMPORTANT => Error: No automatic fix found for this entry.
If you click the Clean button all items listed in the report will be removed. => Error: No automatic fix found for this entry.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. => Error: No automatic fix found for this entry.
Close all open programs and internet browsers. => Error: No automatic fix found for this entry.
Double click on AdwCleaner.exe to run the tool. => Error: No automatic fix found for this entry.
Click the Scan button and wait for the process to complete. => Error: No automatic fix found for this entry.
Check off the element(s) you wish to keep. => Error: No automatic fix found for this entry.
Click on the Clean button follow the prompts. => Error: No automatic fix found for this entry.
A log file will automatically open after the scan has finished. => Error: No automatic fix found for this entry.
Please post the content of that log file with your next answer. => Error: No automatic fix found for this entry.
You can find the log file at C:\AdwCleanerCx.txt (x is a number). => Error: No automatic fix found for this entry.
=== => Error: No automatic fix found for this entry.
Download to your Desktop the Junkware Removal Tool Download from this link. => Error: No automatic fix found for this entry.
http://www.bleepingcomputer.com/download/junkware-removal-tool/ => Error: No automatic fix found for this entry.
Shutdown your antivirus to avoid any conflicts. => Error: No automatic fix found for this entry.
Right click the icon - disable for say 20 mins. => Error: No automatic fix found for this entry.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.) => Error: No automatic fix found for this entry.
The tool will open and start scanning your system. => Error: No automatic fix found for this entry.
Please be patient as this can take a while to complete. => Error: No automatic fix found for this entry.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open. => Error: No automatic fix found for this entry.
Post the contents of JRT.txt into your next message. => Error: No automatic fix found for this entry.
====== => Error: No automatic fix found for this entry.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Your copy of Chrome has been compromised => Error: No automatic fix found for this entry.
Re-install Chrome => Error: No automatic fix found for this entry.
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. => Error: No automatic fix found for this entry.
Clear your Chrome cache and cookies => Error: No automatic fix found for this entry.
https://support.google.com/chromebook/answer/183083?hl=en => Error: No automatic fix found for this entry.
=== => Error: No automatic fix found for this entry.
Remove Chrome using the the instructions on this page. => Error: No automatic fix found for this entry.
https://support.google.com/chrome/answer/95319?hl=en => Error: No automatic fix found for this entry.
Before you do Export your Bookmarks => Error: No automatic fix found for this entry.
Chrome will export your bookmarks as a HTML file, which you can then import into another browser. => Error: No automatic fix found for this entry.
Re-install Chrome and the Bookmarks. => Error: No automatic fix found for this entry.
If you want to save all your settings refer to this page. => Error: No automatic fix found for this entry.
Follow the instructions before removing Chrome. => Error: No automatic fix found for this entry.
<<<>>> => Error: No automatic fix found for this entry.
Please post the logs and let me know what problem persists. => Error: No automatic fix found for this entry.
Back to top => Error: No automatic fix found for this entry.
Report => Error: No automatic fix found for this entry.
#3  Keep seeing pop-ups and cannot install a printer: post #3 nasdaq => Error: No automatic fix found for this entry.
Malware Response Team => Error: No automatic fix found for this entry.
33,828 posts => Error: No automatic fix found for this entry.
ONLINE => Error: No automatic fix found for this entry.
Gender:Male => Error: No automatic fix found for this entry.
Location:Montreal, QC. Canada => Error: No automatic fix found for this entry.
Local time:11:50 AM => Error: No automatic fix found for this entry.
Posted 17 October 2016 - 10:07 AM => Error: No automatic fix found for this entry.
Due to the lack of feedback, this topic is now closed. => Error: No automatic fix found for this entry.
In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. => Error: No automatic fix found for this entry.
Please include a link to your topic in the Private Message. Thank you. => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11596015 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 348588261 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 14363878347 B
systemprofile32 => 709062 B
LocalService => 256022 B
NetworkService => 84442 B
Melissa Glover => 943079698 B
Keith => 308674974 B
Guest => 253858164 B
 
RecycleBin => 687323 B
EmptyTemp: => 15.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:50:05 ====


#4 SeeknM

SeeknM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 PM

Posted 12 November 2016 - 10:00 PM

This is the AdwCleaner tool log.

Also I am trying to run JRT and I am unable to run it as Administrator.

 

# AdwCleaner v6.030 - Logfile created 13/11/2016 at 01:10:33
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Keith - MELISSAGLOVER
# Running from : C:\Users\Keith\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Level Quality Watcher
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\638c6515065f55e6
[-] Folder deleted: C:\ProgramData\cconntinuetioSave
[-] Folder deleted: C:\ProgramData\CoupExttensioon
[-] Folder deleted: C:\ProgramData\Fun2aSoaVe
[-] Folder deleted: C:\ProgramData\MMiniMumPrice
[-] Folder deleted: C:\ProgramData\YoutubeAdblocker
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\Birds
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\Birds365
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\BrowserAir
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\cool_mirage
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\DeskBar
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\genienext
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\globalUpdate
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\Media Get LLC
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\MediaGet2
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\Mobogenie
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\StormAlerts
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\torch
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Local\WeatherAlerts
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\BabylonToolbar
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\FreePriceAlerts
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\incredibar.com
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\Industriya
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\internethelper3.1
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\PriceGong
[-] Folder deleted: C:\Users\Melissa Glover\AppData\LocalLow\TheTorntv V10
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\Babylon
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\DealPly
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\dvdvideosoftiehelpers
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\file scout
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\FreePriceAlerts
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\GroovorioUpdater
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\HoolappforAndroid
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\iWin
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\Media Get LLC
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\newnext.me
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\OpenCandy
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\Strongvault
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\System Speedup
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\Systweak
[#] Folder deleted on reboot: C:\Users\Melissa Glover\AppData\Roaming\Systweak\Advanced System Protector
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
[-] Folder deleted: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[-] Folder deleted: C:\Users\Melissa Glover\Documents\Mobogenie
[#] Folder deleted on reboot: C:\Users\Keith\AppData\Local\Systweak
[#] Folder deleted on reboot: C:\Users\Keith\AppData\Local\Systweak\Advanced System Protector
[-] Folder deleted: C:\Users\Keith\AppData\Roaming\Systweak
[-] Folder deleted: C:\Users\Guest\AppData\Local\Mobogenie
[-] Folder deleted: C:\Users\Guest\AppData\Local\torch
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\BabylonToolbar
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\DVDVideoSoftTB
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\FreePriceAlerts
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\GutscheinCodes
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\incredibar.com
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\Industriya
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\internethelper3.1
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\PriceGong
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\Search Settings
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\TheTorntv V10
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\24x7 help
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\iWin
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\PCFixSpeed
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\playnowradio
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\Systweak
[#] Folder deleted on reboot: C:\Users\Guest\AppData\Roaming\24x7 Help
[#] Folder deleted on reboot: C:\Users\Guest\AppData\Roaming\Systweak\Advanced System Protector
[-] Folder deleted: C:\Program Files\AllDaySavings
[-] Folder deleted: C:\Program Files\Level Quality Watcher
[-] Folder deleted: C:\Program Files\Common Files\ShopperPro
[-] Folder deleted: C:\ProgramData\Babylon
[-] Folder deleted: C:\ProgramData\BabylonUpdater
[-] Folder deleted: C:\ProgramData\Media Get LLC
[-] Folder deleted: C:\ProgramData\MovieDeaConfig
[-] Folder deleted: C:\ProgramData\Premium
[-] Folder deleted: C:\ProgramData\SearchModule
[-] Folder deleted: C:\ProgramData\StarApp
[-] Folder deleted: C:\ProgramData\Systweak
[-] Folder deleted: C:\ProgramData\Tarma Installer
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Babylon
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BabylonUpdater
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Media Get LLC
[#] Folder deleted on reboot: C:\ProgramData\Application Data\MovieDeaConfig
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Premium
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SearchModule
[#] Folder deleted on reboot: C:\ProgramData\Application Data\StarApp
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Systweak
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Tarma Installer
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
[-] Folder deleted: C:\Users\Public\Documents\ShopperPro
[-] Folder deleted: C:\Program Files (x86)\ASP
[-] Folder deleted: C:\Program Files (x86)\Bench
[-] Folder deleted: C:\Program Files (x86)\Exploremedia
[-] Folder deleted: C:\Program Files (x86)\predm
[-] Folder deleted: C:\Program Files (x86)\ShopperPro
[-] Folder deleted: C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB
[-] Folder deleted: C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
[-] Folder deleted: C:\windows\SysWOW64\SearchProtect
[-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\24x7 help
[#] Folder deleted on reboot: C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\24x7 Help
[-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
[-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder deleted: C:\uninst
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Melissa Glover\daemonprocess.txt
[-] File deleted: C:\Users\Melissa Glover\AppData\LocalLow\SkwConfig.bin
[-] File deleted: C:\Users\Melissa Glover\AppData\Roaming\aps.scan.quick.results
[-] File deleted: C:\Users\Melissa Glover\AppData\Roaming\LiveSupport.exe_log.txt
[-] File deleted: C:\Users\Melissa Glover\AppData\Roaming\regsvr32.exe_log.txt
[-] File deleted: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
[-] File deleted: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] File deleted: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BrowserAir.lnk
[-] File deleted: C:\Users\Melissa Glover\Desktop\MyPC Backup.lnk
[-] File deleted: C:\Users\Melissa Glover\Desktop\BrowserAir.lnk
[-] File deleted: C:\Users\Keith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] File deleted: C:\Users\Guest\daemonprocess.txt
[-] File deleted: C:\Users\Guest\AppData\LocalLow\SkwConfig.bin
[-] File deleted: C:\windows\SysNative\roboot64.exe
[-] File deleted: C:\windows\SysNative\sasnative64.exe
[-] File deleted: C:\Users\Public\Desktop\Advanced System~Protector.lnk
[-] File deleted: C:\windows\efix.ini
[-] File deleted: C:\user.js
[-] File deleted: C:\prefs.js
 
 
***** [ DLL ] *****
 
[!] File not disinfected:  C:\windows\System32\dnsapi.dll
[!] File not disinfected:  C:\windows\SysWOW64\dnsapi.dll
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[!] Shortcut not deleted: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet-Explorer.lnk
[-] Shortcut disinfected: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
[!] Shortcut not deleted: C:\Users\Keith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Keith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet-Explorer.lnk
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: APSnotifierCA
[-] Task deleted: Dealply
[-] Task deleted: DTReg
[-] Task deleted: globalUpdateUpdateTaskMachineCore
[-] Task deleted: globalUpdateUpdateTaskMachineUA
[-] Task deleted: Groovorio Updater
[-] Task deleted: Hoolapp For Android
[-] Task deleted: LaunchApp
[-] Task deleted: LaunchSignup
[-] Task deleted: ShopperPro
[-] Task deleted: ShopperProJSUpd
[-] Task deleted: Smp
[-] Task deleted: SPDriver
[-] Task deleted: Registry Optimizer_UPDATES
[-] Task deleted: Registry Optimizer
[-] Task deleted: Registry Optimizer_DEFAULT
[-] Task deleted: Advanced System~Protector
[-] Task deleted: Advanced System~Protector_startup
[!] Task not deleted: DealPly
 
 
***** [ Registry ] *****
 
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [HQ-Video-Pro-1.4-bg.exe]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Plus-HD-8.9-bg.exe]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [MediaPlayerEnhance-bg.exe]
[#] Key deleted on reboot: HKLM\SOFTWARE\5a4ddddb13aeb49
[#] Key deleted on reboot: HKLM\SOFTWARE\5dd37fe8-0d06-490c-97cb-dffaad32cb15
[#] Key deleted on reboot: HKLM\SOFTWARE\d49044cd-661b-4de0-b386-44a0d17b5262
[#] Key deleted on reboot: HKLM\SOFTWARE\d4f9fe39-7d1b-b583-6bc8-5af6ec2a7401
[#] Key deleted on reboot: HKLM\SOFTWARE\Clients\StartMenuInternet\BrowserAir.WFO4CJNCFOJLUHNL7DVCZZCTLM
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0052800.BHO
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0052800.BHO.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0052800.Sandbox
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0052800.Sandbox.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0052920.BHO
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0052920.BHO.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0052920.Sandbox
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0052920.Sandbox.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0063311.BHO
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0063311.BHO.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0063311.Sandbox
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CrossriderApp0063311.Sandbox.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Toolbar.CT2269050
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Toolbar.CT3007394
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Toolbar.CT3289663
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Toolbar.CT3291326
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72174dac-041a-4579-a370-fbb37c86e589}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{931d2b27-fdc6-4fe0-803a-a2a1c42194c0}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c95b251b-7567-4d60-abbc-8abfcade4bb0}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{daf7e0a7-c1ef-4f95-856f-ae568128a39f}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e026e8ab-8076-4aa7-acf0-35e9171b0cf9}
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AllDaySavingsService64
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BackupStack
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\globalUpdate
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\globalUpdatem
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Level Quality Watcher
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SMUpd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SPBIUpd
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\DefaultTabToolbarBHO.DefaultTabToolbar
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\DefaultTabToolbarBHO.DefaultTabToolbar.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Iminent
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\speedupmypc
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TornTvDownloader.File
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\DefaultTabToolbarBHO.DefaultTabToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\DefaultTabToolbarBHO.DefaultTabToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Iminent
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\speedupmypc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TornTvDownloader.File
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90609D82-77C3-4391-8915-CF5638CF4605}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90609D82-77C3-4391-8915-CF5638CF4605}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{90609D82-77C3-4391-8915-CF5638CF4605}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A8720491-9558-4C0D-9E35-30EED15DFB2B}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{F791D8AE-47E8-40A5-A913-EB2D2AF29602}]
[#] Key deleted on reboot: HKU\.DEFAULT\Software\24x7help
[#] Key deleted on reboot: HKU\.DEFAULT\Software\DefaultTab
[#] Key deleted on reboot: HKU\.DEFAULT\Software\ImInstaller
[#] Key deleted on reboot: HKU\.DEFAULT\Software\SweetIM
[#] Key deleted on reboot: HKU\.DEFAULT\Software\WNLT
[#] Key deleted on reboot: HKU\.DEFAULT\Software\24x7HELP
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\Software\MediaPlayerEnhance
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\Software\TheTorntv V10
[#] Key deleted on reboot: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\MediaPlayerEnhance
[#] Key deleted on reboot: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
[#] Key deleted on reboot: HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\GlobalUpdate
[#] Key deleted on reboot: HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\ShopperPro
[#] Key deleted on reboot: HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\systweak
[#] Key deleted on reboot: HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\AppDataLow\Software\Crossrider
[#] Key deleted on reboot: HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\AppDataLow\Software\TheTorntv V10
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1010346940-739637343-2868352682-1006\Software\ShopperPro
[#] Key deleted on reboot: HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
[#] Key deleted on reboot: HKU\S-1-5-18\Software\24x7help
[#] Key deleted on reboot: HKU\S-1-5-18\Software\DefaultTab
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller
[#] Key deleted on reboot: HKU\S-1-5-18\Software\SweetIM
[#] Key deleted on reboot: HKU\S-1-5-18\Software\WNLT
[#] Key deleted on reboot: HKU\S-1-5-18\Software\24x7HELP
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\DefaultTab
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\MediaPlayerEnhance
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\TheTorntv V10
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\MediaPlayerEnhance
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
[#] Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: HKCU\Software\ShopperPro
[#] Key deleted on reboot: HKCU\Software\systweak
[#] Key deleted on reboot: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\TheTorntv V10
[#] Key deleted on reboot: HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[#] Key deleted on reboot: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[#] Key deleted on reboot: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[#] Key deleted on reboot: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[#] Key deleted on reboot: HKLM\SOFTWARE\AdvertisingSupport
[#] Key deleted on reboot: HKLM\SOFTWARE\AllDaySavings
[#] Key deleted on reboot: HKLM\SOFTWARE\Babylon
[#] Key deleted on reboot: HKLM\SOFTWARE\Coupon Server
[#] Key deleted on reboot: HKLM\SOFTWARE\DataMngr
[#] Key deleted on reboot: HKLM\SOFTWARE\FreeSoftToday
[#] Key deleted on reboot: HKLM\SOFTWARE\GlobalUpdate
[#] Key deleted on reboot: HKLM\SOFTWARE\IB Updater
[#] Key deleted on reboot: HKLM\SOFTWARE\InstalledBrowserExtensions
[#] Key deleted on reboot: HKLM\SOFTWARE\MediaPlayerEnhance
[#] Key deleted on reboot: HKLM\SOFTWARE\MovieDea
[#] Key deleted on reboot: HKLM\SOFTWARE\SavingsBullFilter
[#] Key deleted on reboot: HKLM\SOFTWARE\SearchModule
[#] Key deleted on reboot: HKLM\SOFTWARE\ShopperPro
[#] Key deleted on reboot: HKLM\SOFTWARE\SP Global
[#] Key deleted on reboot: HKLM\SOFTWARE\SProtector
[#] Key deleted on reboot: HKLM\SOFTWARE\SW-Booster
[#] Key deleted on reboot: HKLM\SOFTWARE\SwiftSearch_1.10.0.25
[#] Key deleted on reboot: HKLM\SOFTWARE\Taronja
[#] Key deleted on reboot: HKLM\SOFTWARE\TheTorntv V10
[#] Key deleted on reboot: HKLM\SOFTWARE\torch
[#] Key deleted on reboot: HKLM\SOFTWARE\Tutorials
[#] Key deleted on reboot: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: HKLM\SOFTWARE\systweak
[#] Key deleted on reboot: HKLM\SOFTWARE\delta
[#] Key deleted on reboot: HKLM\SOFTWARE\Datamngr
[#] Key deleted on reboot: HKLM\SOFTWARE\NICO MAK COMPUTING\WinZip Registry Optimizer
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TheTorntv V10
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1010346940-739637343-2868352682-1006\Software\ShopperPro
[#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\ShopperPro
[#] Key deleted on reboot: [x64] HKCU\Software\systweak
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\TheTorntv V10
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\AllDaySavings
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\BubbleSound
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\eFix
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\IB Updater
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\LevelQualityWatcher
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\SearchModule
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\ShopperPro
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Tarma Installer
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
[-] Data restored: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [Default] 
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\3D BubbleSound
[-] Value deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
[#] Value deleted on reboot: [x64] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Iminent
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\IminentMessenger
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\mobilegeni daemon
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SPDriver
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[#] Key deleted on reboot: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreMedia.exe]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [MovieDea.exe]
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\D830B6B8939ACB4928401060203BB648456BB4F8
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\F53E693DDABF57A88A9B12B608B09B26C0608B74
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BrowserAir.exe
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[#] Key deleted on reboot: HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[#] Key deleted on reboot: HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6
[#] Value deleted on reboot: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [MovieDea.exe]
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [48517 Bytes] - [13/11/2016 01:10:33]
C:\AdwCleaner\AdwCleaner[S0].txt - [42693 Bytes] - [13/11/2016 00:59:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [48665 Bytes] ##########


#5 SeeknM

SeeknM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 PM

Posted 13 November 2016 - 02:03 AM

Below is the JRT log  that I was able to get.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Keith (Limited) on Sun 11/13/2016 at  1:55:48.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 45 
 
Failed to delete: C:\Users\Keith\AppData\Local\systweak (Folder) 
Failed to delete: C:\Program Files\005 (Folder) 
Successfully deleted: C:\ai_recyclebin (Folder) 
Successfully deleted: C:\windows\System32\ai_recyclebin (Folder) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-1.job (Task) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-11.job (Task) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-2.job (Task) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-3.job (Task) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-4.job (Task) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-5.job (Task) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-5_user.job (Task) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-6.job (Task) 
Successfully deleted: C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-7.job (Task) 
Successfully deleted: C:\windows\Tasks\HQ-Video-Pro-1.4-chromeinstaller.job (Task) 
Successfully deleted: C:\windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job (Task) 
Successfully deleted: C:\windows\Tasks\HQ-Video-Pro-1.4-enabler.job (Task) 
Successfully deleted: C:\windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job (Task) 
Successfully deleted: C:\windows\Tasks\HQ-Video-Pro-1.4-updater.job (Task) 
Successfully deleted: C:\windows\Tasks\LyricsWoofer Update.job (Task) 
Successfully deleted: C:\windows\Tasks\M-Lyrics Update.job (Task) 
Successfully deleted: C:\windows\Tasks\MediaPlayerEnhance-chromeinstaller.job (Task) 
Successfully deleted: C:\windows\Tasks\MediaPlayerEnhance-codedownloader.job (Task) 
Successfully deleted: C:\windows\Tasks\MediaPlayerEnhance-enabler.job (Task) 
Successfully deleted: C:\windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job (Task) 
Successfully deleted: C:\windows\Tasks\MediaPlayerEnhance-updater.job (Task) 
Successfully deleted: C:\windows\Tasks\Plus-HD-8.9-chromeinstaller.job (Task) 
Successfully deleted: C:\windows\Tasks\Plus-HD-8.9-codedownloader.job (Task) 
Successfully deleted: C:\windows\Tasks\Plus-HD-8.9-enabler.job (Task) 
Successfully deleted: C:\windows\Tasks\Plus-HD-8.9-firefoxinstaller.job (Task) 
Successfully deleted: C:\windows\Tasks\Plus-HD-8.9-updater.job (Task) 
Successfully deleted: C:\windows\Tasks\Show Lyrics Update.job (Task) 
Successfully deleted: C:\Program Files\groover121120151836 (Folder) 
Successfully deleted: C:\windows\System32\sho1A94.tmp (File) 
Successfully deleted: C:\windows\System32\sho1DCB.tmp (File) 
Successfully deleted: C:\windows\System32\sho429B.tmp (File) 
Successfully deleted: C:\windows\System32\sho481.tmp (File) 
Successfully deleted: C:\windows\System32\sho52B3.tmp (File) 
Successfully deleted: C:\windows\System32\sho5433.tmp (File) 
Successfully deleted: C:\windows\System32\sho6CF5.tmp (File) 
Successfully deleted: C:\windows\System32\sho6E89.tmp (File) 
Successfully deleted: C:\windows\System32\sho84CA.tmp (File) 
Successfully deleted: C:\windows\System32\sho8867.tmp (File) 
Successfully deleted: C:\windows\System32\shoCA9C.tmp (File) 
Successfully deleted: C:\windows\System32\shoE9F8.tmp (File) 
Successfully deleted: C:\windows\System32\shoFE4B.tmp (File) 
 
 
 
Registry: 7 
 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Iminent (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\IminentMessenger (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/13/2016 at  1:57:30.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 PM

Posted 13 November 2016 - 10:36 AM

What problem is persisting on this computer?

#7 SeeknM

SeeknM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 PM

Posted 14 November 2016 - 08:28 PM

I am still getting popups. Software updater in on my computer. In internet explorer I am getting redirected. I cannot go to the bleeping computer site.I have been downloading the software on another computer an then installing it to the infected computer. I am blocked from reading Windows install disk.I get please insert a disc. I have tried another install disc and it reads it fine.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 PM

Posted 15 November 2016 - 10:12 AM

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

If the problem persists run this tool.
Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

p.s.
If you have other browsers installed do you still have the popups?

#9 SeeknM

SeeknM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 PM

Posted 17 November 2016 - 09:50 AM

When I went to run Zoek the computer shut down and restarted, I'm not sure why. When the computer restarted i ran the Zoek tool. I clicked on run-as administrator, however I'm not sure if it ran in administrator mode.

 I am  getting an error on restart which says, "A driver supporting Solution Menu EX is not installed."

When I look at the properties for the command prompt shortcut I get %windir%\sysytem32\cmd.exe specified in the Target box is not valid. Make sure the path and filename are correct.
 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Keith on Wed 11/16/2016 at 17:56:25.77.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Keith\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/16/2016 5:58:41 PM Zoek.exe System Restore Point Created Successfully.
 
==== Possible Rootkit Infection ======================
 
C:\Users\Melissa Glover\AppData\Local\Google\Desktop\Install
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Desktop\Install
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\005 deleted successfully
C:\Program Files\Vuze deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\Corel PDF Fusion deleted successfully
C:\PROGRA~3\PCSettings deleted successfully
C:\PROGRA~3\ReguulaarDeealse deleted successfully
C:\PROGRA~3\saafEWEb deleted successfully
C:\PROGRA~3\Validity deleted successfully
C:\PROGRA~3\WinZip deleted successfully
C:\Users\Guest\AppData\Roaming\SynthMaker deleted successfully
C:\Users\Keith\AppData\Roaming\SynthMaker deleted successfully
C:\Users\Melissa Glover\AppData\Roaming\Nico Mak Computing deleted successfully
C:\Users\Melissa Glover\AppData\Roaming\redsn0w deleted successfully
C:\Users\Melissa Glover\AppData\Roaming\SynthMaker deleted successfully
C:\Users\Melissa Glover\AppData\Roaming\TP deleted successfully
C:\Users\Guest\AppData\Local\PDFC deleted successfully
C:\Users\Keith\AppData\Local\PDFC deleted successfully
C:\Users\Keith\AppData\Local\VirtualStore deleted successfully
C:\Users\Melissa Glover\AppData\Local\Adobe deleted successfully
C:\Users\Melissa Glover\AppData\Local\cache deleted successfully
C:\Users\Melissa Glover\AppData\Local\PDFC deleted successfully
C:\Users\Melissa Glover\AppData\Local\{0AFA85C4-9929-47E7-821E-98D1EF02EFCC} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{14C5BA32-9315-4064-8676-C635461475F2} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{15FD1B9F-F6DE-41EE-8FCB-30703D762173} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{1A388787-B56D-4C0E-9F1A-3239FE4185C8} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{21655541-307B-424E-8095-F88960F3667E} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{29631B51-6E52-4EA7-94C6-7EE6195B2809} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{31606E44-F807-497F-BC5F-0CDF32A209FE} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{32D87F04-B785-4D77-8157-DF1DC083E950} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{341BBB72-C7AD-48F8-9B64-909E674DF67B} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{35D7FB73-9D0B-4354-A4F7-6524E48A7F04} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{3BB21CF0-3081-44D7-8C88-AD777370B953} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{46483C0D-76B0-498C-BB5C-0239934F43A7} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{48C4AC8A-33EE-442A-B35B-9B4188C8DAAF} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{5039C818-C87A-4C80-9398-8E673F3CE1C8} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{6288062D-FBBA-400E-8F24-58586D79FB35} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{68E4339A-78AA-445E-87D1-6C9E69AD9B9C} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{694561CB-45E6-4DB4-BE9F-F2DC40CB22F3} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{6D41A155-33BC-4496-8F90-DD921B6EDCB5} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{6D4602B7-25EF-47DA-909F-7983EE89CC88} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{7379B671-D956-4464-A513-2BE550A27AB2} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{76ECD769-808A-4498-8065-FABF77E4D0A2} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{7B92BC90-08CB-4C34-81EF-4E0F4D0B64CE} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{81F752BD-8002-4CA4-99F0-2D1F4F03258F} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{830C4AE4-D445-40A9-A9A3-F2FB3FC050E2} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{8D76D62B-CAF9-43CA-B827-ED43A614EDB4} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{8D9C19FF-155F-4B10-B328-780B135D4765} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{8DF13E04-CB0E-4B4A-B2B4-227DE256B4B2} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{BA1EAD56-8203-406C-8462-4CA28D6D0452} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{BAE0C970-F034-4A9E-B615-9CE91721BC72} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{BEBDE54F-DEC7-4C51-932C-3258B29C5C3A} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{BF124EC0-3E98-4764-9F07-452AF24B40C1} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{BFE8114D-6762-4DAE-91C6-54D3911FACD6} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{C4F90007-D9AF-43A3-AB06-54AB6E9548A9} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{C71A651C-2104-4FB1-AF0E-83A4AA197BBF} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{D44E9F7C-1E5B-4876-931D-0492FB76EA6A} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{E7591C6B-DB0F-485C-B288-D6CEE0EBB772} deleted successfully
C:\Users\Melissa Glover\AppData\Local\{F68BC240-132B-47DB-BF20-1FE3BBE37268} deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1204E8B-7343-41B1-AB28-AF9BA1DCF29} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1456224A-929-4A97-9344-BDCFC6FD82} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16DECEE2-D272-4BFF-B85A-B11B8FC7B263} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17D92A05-9E33-424F-9AD9-5B55E8F2C356} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186E8854-85C1-481E-8893-6DA2BBC7AC95} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D36E767-C365-4D1D-9723-EC804326DC} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EB74AD0-CDF6-41A4-A5FD-E36BF5B8D17} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2143F135-CE46-4BBC-B69E-E6D13EE29D24} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23A7A68-FE55-4E09-A418-415466B6A05C} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2423552F-95CF-4F20-997-301373C642CB} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2570ADC5-595C-4695-858D-7ADBFCA0B47} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B8F8E3A-F47C-439E-AB88-FBA8EE0BEBC} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BA50F50-8452-4074-B540-2A8DD116CF7E} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DBB0884-D23-4C02-956B-2CA01F9CC176} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F31A103-1D4F-4AB5-A484-3B6713660FF} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33B6FD4-E209-41D7-BD71-A9A49C5452FD} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F542941-6524-4D64-8727-F141329F78} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4402D593-A032-46C7-80E8-E56B7823E9D4} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C375943-60C2-45F1-914B-C7AB64B97116} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D4F2AB9-A0F-4921-8C38-C2F158BC6C3} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DAAEB8-6CC8-466F-9A0-C7EBAB161F15} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FB8C8A1-99E2-47ED-A4D2-FC26677D14CD} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51D8E5D6-4CEA-4CC6-A445-644C4AD6EC8} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59852BA3-DBBE-4DCD-8068-807768136EB} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5ABF6D0A-7323-4A73-87B3-11E072258BE} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61F0198A-DF1F-4145-897C-8F601076E9D} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6256751F-73B5-46F7-BAA4-144D3B3AA4A} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{676F7E74-DCFC-4B7C-B216-C651F4ED29D} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F58D9E0-2D6-4E2E-98C8-4F6DA5B2F8C} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71EACFF7-6215-4BA2-88E6-474382A9A5D} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7348B130-E37B-498B-A1FF-D7CFB9C0F41A} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76BF1DB-588B-4E39-B6D0-201CF0C58CB1} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8425F6A1-5E66-4D29-8572-5FF4C3FB170} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84566C74-477E-4ABE-89AF-EE279343397} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8893AC02-B7B-4313-BA13-60B0A21F9DEF} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E172A64-5527-41D8-88A4-216EBA13165B} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97A175E4-6BA4-47E2-A524-E19861B750E0} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99AA8144-C9EF-4D14-913E-60EE3FC4C711} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EAA1BF9-76C9-425B-9BA6-17C472FDC6A} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A288CE1D-6A8A-4B93-A139-301E87CBE85} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC4FF04F-6ED8-4F17-BD2E-D8ACBCD7985} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1488A93-50D6-4F3D-8817-27BF669D954D} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B402C910-7A10-423D-90B-64642F9B3D39} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B99A525B-C0F1-49CC-93B7-CAA4B09A474A} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDC01C79-5794-4DF4-900-F8524C6F65} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEB4807F-F05A-471B-8011-C1ECDDF5791} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D92DB1F4-4527-4EC2-A467-BD9D23BDA8B5} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0EBBEBB-62E2-4B7A-BC10-357996302262} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E172E9F4-FE73-4EA2-973C-4434C7297AF} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E565C917-B09B-45D4-9B6A-F03EC4C9363C} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6AA7031-5FBB-4604-9928-606CA75E4C6A} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6EDA91-6228-40D6-9F9F-E840B3CADAA} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF426F51-B167-4689-A6B4-2CD656AF83A0} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7F493D9-F1E4-410B-B1FF-14DFFFB9AF8} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FABC0EA1-1A2A-4911-B63E-79D2F22252B4} deleted successfully
HKEY_USERS\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD0FBFB4-5EC1-4D51-A1D5-B73363735F5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\MELISS~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
 
Added to C:\Users\MELISS~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
ProfilePath: C:\Users\MELISS~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
 
---- FireFox user.js and prefs.js backups ---- 
 
user_20161116_0618_.backup
prefs_20161116_0618_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\Guest\AppData\LocalLow\{39D5F413-B719-01B0-F44C-9DE544C2DF8C} deleted
C:\Users\Guest\AppData\LocalLow\{A54D8AB7-B70F-79EA-C354-45C49260F762} deleted
C:\Users\Guest\AppData\LocalLow\{E48C6546-E147-6F4F-02E6-DE81B6177D29} deleted
C:\Users\Keith\AppData\LocalLow\{A54D8AB7-B70F-79EA-C354-45C49260F762} deleted
C:\Users\Melissa Glover\AppData\LocalLow\{688B2F3A-29FA-9875-1099-E9A91DE95F4E} deleted
C:\Users\Melissa Glover\AppData\LocalLow\{89C75AAE-AE36-2AAE-FDE9-5BE6DEA8C088} deleted
C:\Users\Melissa Glover\AppData\LocalLow\{A54D8AB7-B70F-79EA-C354-45C49260F762} deleted
C:\Users\Melissa Glover\AppData\LocalLow\{CE1C3C5D-AE2E-C381-0411-0CE2A29E768E} deleted
C:\Users\Melissa Glover\AppData\LocalLow\{FE9B9906-0134-4717-2911-486CA19F5BAE} deleted
C:\Users\Melissa Glover\AppData\Local\Packages\windows_ie_ac_001\AC\{688B2F3A-29FA-9875-1099-E9A91DE95F4E} deleted
C:\Users\Melissa Glover\AppData\Local\Packages\windows_ie_ac_001\AC\{89C75AAE-AE36-2AAE-FDE9-5BE6DEA8C088} deleted
C:\Users\Melissa Glover\AppData\Local\Packages\windows_ie_ac_001\AC\{A54D8AB7-B70F-79EA-C354-45C49260F762} deleted
C:\Users\Melissa Glover\AppData\Local\Packages\windows_ie_ac_001\AC\{CE1C3C5D-AE2E-C381-0411-0CE2A29E768E} deleted
C:\Users\Melissa Glover\AppData\Local\Packages\windows_ie_ac_001\AC\{FE9B9906-0134-4717-2911-486CA19F5BAE} deleted
C:\Users\Melissa Glover\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\OpenDownloaderManager deleted
C:\extensions.sqlite deleted
C:\mixcraft5.exe deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\found.004 deleted
C:\found.005 deleted
C:\found.006 deleted
C:\found.007 deleted
C:\found.008 deleted
C:\Users\Melissa Glover\AppData\Roaming\WB.CFG deleted
C:\Users\Melissa Glover\AppData\Roaming\Open Download Manager deleted
C:\Users\Melissa Glover\AppData\Roaming\dlg deleted
C:\Users\Keith\BIT4900.tmp deleted
C:\Users\Keith\BIT54E3.tmp deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} deleted
C:\PROGRA~3\{C78336EC-F2EB-4640-99A4-DFE96581B90B} deleted
C:\PROGRA~3\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} deleted
C:\PROGRA~3\{DDB686B4-4F6B-46EB-B3F0-E73DAF04B8F0} deleted
C:\PROGRA~3\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} deleted
C:\Users\Guest\AppData\Local\avgchrome deleted
C:\Users\Melissa Glover\AppData\Local\avgchrome deleted
C:\Users\Melissa Glover\AppData\Local\Installer deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager deleted
C:\Users\Guest\AppData\LocalLow\store-pp.jbs deleted
C:\Users\Guest\AppData\LocalLow\Protect deleted
C:\Users\Guest\AppData\LocalLow\wbtooltb deleted
C:\Users\Guest\AppData\LocalLow\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} deleted
C:\Users\Guest\AppData\LocalLow\cconntinuetioSave deleted
C:\Users\Guest\AppData\LocalLow\Delta deleted
C:\Users\Melissa Glover\AppData\LocalLow\Company deleted
C:\Users\Melissa Glover\AppData\LocalLow\Protect deleted
C:\Users\Melissa Glover\AppData\LocalLow\{39D5F413-B719-01B0-F44C-9DE544C2DF8C} deleted
C:\Users\Melissa Glover\AppData\LocalLow\{E48C6546-E147-6F4F-02E6-DE81B6177D29} deleted
C:\Users\Melissa Glover\AppData\LocalLow\cconntinuetioSave deleted
C:\Users\Melissa Glover\AppData\LocalLow\Delta deleted
C:\windows\tasks\6d83c2d0-7f9f-4d68-ab13-5715fd424552.job deleted
C:\windows\SysNative\tasks\6d83c2d0-7f9f-4d68-ab13-5715fd424552 deleted
C:\windows\Syswow64\shoFA59.tmp deleted
C:\windows\SysWow64\searchplugins deleted
C:\windows\SysWow64\Extensions deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\MELISS~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [09/19/2012 10:37 PM]
 
==== Firefox Extensions ======================
 
ExtDir: C:\Users\Melissa Glover\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- GoPhotoIt - %ExtDir%\gophoto@gophoto.it.xpi
- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi
 
==== Firefox Plugins ======================
 
 
==== Deleted Firefox Extensions ======================
 
C:\Users\Melissa Glover\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted
C:\Users\Melissa Glover\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi deleted
 
==== Fake Chromium Profiles Check ======================
 
Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Melissa Glover\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Melissa Glover\AppData\Local\Comodo\Dragon deleted
Fake profile C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[10/25/2011 08:47 PM]
 
Docs - Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
RealPlayer HTML5Video Downloader Extension - Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
 
==== Chromium Fix ======================
 
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_alerts.conduit-services.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_alerts.conduit-services.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bing.conduit-services.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bing.conduit-services.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_conduit.anybodyoutthere.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_conduitapp.s3.amazonaws.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.incredibar-search.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.incredibar-search.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tags.toolbarsmedia.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tags.toolbarsmedia.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.toolbar-ads.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_latestvideolyrics.blogspot.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.live-lyrics.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.live-lyrics.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.elyrics.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hiphopsonglyrics.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ciuvo.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ciuvo.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pckeeperapp.zeobit.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pckeeperapp.zeobit.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.yahoo.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.local.smartshopping.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.local.smartshopping.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_banners.adultfriendfinder.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_banners.asiafriendfinder.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_banners.seniorfriendfinder.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastservicefinder.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastservicefinder.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ww3.instafinder.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_esavefile.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_file-save.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savethechildren.we-care.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savethechildren.we-care.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.clickansave.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.clickansave.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.addtoany.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ak.facebook.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ak.facebook.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ak.fbcdn.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.cdnsrv.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.cdnsrv.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.gamepost.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.icmwebserv.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.icmwebserv.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.lesstabs.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.lesstabs.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.liftdna.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ny.us.criteo.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ny.us.criteo.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.woolik.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.woolik.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static1.pornative.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.sureonlinefind.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.sureonlinefind.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastdailyfind.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastdailyfind.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_onlinewebfind.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_onlinewebfind.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.find.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.find.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.wajam.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.wajam.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1qqddufal4d58.cloudfront.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1qqddufal4d58.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d15vtg97aygy3q.cloudfront.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d15vtg97aygy3q.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d1ifs8qw16jnff.cloudfront.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d1ifs8qw16jnff.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2c3g8zasxphdx.cloudfront.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d37x6ru616myg2.cloudfront.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d37x6ru616myg2.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ddts0bzupd01y.cloudfront.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ddts0bzupd01y.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dmjkno2oqfvz5.cloudfront.net_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dmjkno2oqfvz5.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_f.dealply.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_f.dealply.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_m.dealply.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_m.dealply.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby.dealply.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby.dealply.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_answers.ask.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_webservices.tempworks.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_webservices.tempworks.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_geo.messenger.services.live.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.socialservices.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.socialservices.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_getpricepeep.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_getpricepeep.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service2.pricegong.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service2.pricegong.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service6.pricegong.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service6.pricegong.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service7.pricegong.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service7.pricegong.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service8.pricegong.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service8.pricegong.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_img2.adbabylon.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_img2.adbabylon.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.babylon.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dailysuperbdeals.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dailysuperbdeals.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zendeals.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zendeals.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ox.jisearch.me_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ox.jisearch.me_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ox.konisearch.me_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ox.konisearch.me_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_displaytosearch.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_displaytosearch.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_us.aolsearch.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_us.aolsearch.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.allcollegesearch.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.allcollegesearch.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dnsrsearch.com_0.localstorage deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dnsrsearch.com_0.localstorage-journal deleted successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.myonlinedegreesearch.com_0.localstorage deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
 
==== Reset Google Chrome ======================
 
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\chromepreferences was reset successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Preferences.13017890707278964 was reset successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Web Data.temp was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully
 
==== Empty IE Cache ======================
 
C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Melissa Glover\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Melissa Glover\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache is not empty, a reboot is needed
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=820 folders=153 263577388 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Keith\AppData\Local\Temp will be emptied at reboot
C:\Users\Melissa Glover\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Keith\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Melissa Glover\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NYZUZ9Q8\cfiles.5min.com"  not found
"C:\Users\Melissa Glover\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NYZUZ9Q8\speed.pointroll.com"  not found
"C:\Users\Melissa Glover\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NYZUZ9Q8\synd.travelplus.tv"  not found
"C:\Users\Melissa Glover\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NYZUZ9Q8\vplayerf.dailyrx.com"  not found
 
==== EOF on Thu 11/17/2016 at 12:38:59.46 ======================
 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 PM

Posted 17 November 2016 - 10:08 AM


Reinstall your Canon printer.

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)


Any remaining issues?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users