Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible trojan with outbound traffic detected?


  • Please log in to reply
13 replies to this topic

#1 zor_tan

zor_tan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 21 August 2017 - 05:49 PM

Hello,

 

Yesterday I was browsing when suddenly I got a pop-up, I immediately exited and after that I received a message from norton telling me a large amount of suspicious outbound traffic was detected and recommended I run norton power eraser, in the logs there was also an entry for a blocked intrusion attempt but I don't remember being notified of it. Anyways, I ran the power eraser and it didn't find anything special, a few false positives, some registry options for internet explorer which I don't even use, and something called task.vbs which I found out to be related to intel drivers update. I also ran several other quick scans with tdss killer, mbam, and superantispyware which didn't find anything other than tracking cookies and a pup but they weren't very thorough and I'm still a bit spooked since I've never received this message from norton before. Other weird norton logs included an ips submission detailing a "local or remote attacker", dated from about a week ago.

 

My machine runs Windows 7 Home Premium SP1 x64 bit.

 

Any help would be appreciated,

Thanks.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:44 PM

Posted 21 August 2017 - 07:50 PM

Welcome to BC...

Do you have an ad blocker installed in your browsers?

 

Use the programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 JoshRoss

JoshRoss

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:44 PM

Posted 22 August 2017 - 07:50 AM

In addition to this, you can also scan with Hitman Pro and Malwarebytes to ensure that malware was cleaned thoroughly. Also, please do not skip out on full scan with your anti-virus; otherwise it might not work out. After the scans, restart your PC and try a couple of the scans once more, just to ensure elimination of malicious software.



#4 zor_tan

zor_tan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 22 August 2017 - 10:39 PM

 

Welcome to BC...

Do you have an ad blocker installed in your browsers?

 

Use the programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

 

Thanks!

And no I don't have an adblocker installed. Is that something I should look into?

 

I also ran CCleaner and all it found were some temp files too.

Here are the rest of the logs as requested, I noticed an awful lot of registry keys were removed. Is this safe normally and could I restore some of them if needed in the future?

 

# AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 22 20:38:05 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-17-2017.2
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, YahooAUService


***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\Yahoo! Companion
PUP.Optional.Legacy, C:\ProgramData\Application Data\Yahoo! Companion
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy, C:\Users\All Users\Yahoo! Companion
PUP.Optional.Legacy, C:\Users\Richard\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\Software Update Utility
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\Companion
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy, C:\Users\Richard\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy, C:\Users\Richard\AppData\Roaming\Yahoo!\Companion
PUP.Adware.Heuristic, C:\ProgramData\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
PUP.Adware.Heuristic, C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}


***** [ Files ] *****

PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\Common\unyt.exe
PUP.Optional.Legacy, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\jjj4u52q.default\searchplugins\safesearch.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AIM Toolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AIM Toolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1551484582-1298501380-2346242808-1001\Software\AIM Toolbar
PUP.Optional.Legacy, [Key] - HKCU\Software\AIM Toolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1551484582-1298501380-2346242808-1001\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKCU\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1551484582-1298501380-2346242808-1001\Software\Bitberry
PUP.Optional.Legacy, [Key] - HKCU\Software\Bitberry
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1551484582-1298501380-2346242808-1001\Software\YahooPartnerToolbar
PUP.Optional.Legacy, [Key] - HKCU\Software\YahooPartnerToolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1551484582-1298501380-2346242808-1001\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1551484582-1298501380-2346242808-1001\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1551484582-1298501380-2346242808-1001\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | {21FA44EF-376D-4D53-9B0F-8A89D3229068}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\dnu.EXE
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-1551484582-1298501380-2346242808-1001\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit


***** [ Firefox (and derivatives) ] *****

SearchProvider found: slirsredirect.search.aol.com - AIM Search
SearchProvider found: nortonsafe.search.ask.com - Norton Safe Search


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Richard (Administrator) on Tue 08/22/2017 at 17:42:22.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 295

Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (File)
Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt (File)
Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (File)
Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt (File)
Successfully deleted: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\jjj4u52q.default\aimToolbarData\opensearch.xml (File)
Successfully deleted: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\jjj4u52q.default\searchplugins\aim-search.xml (File)
Successfully deleted: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\jjj4u52q.default\user.js (File)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\065NO4ZW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\085KI5YD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DOXYRV3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GBQ21A8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JE5ELNX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AC4B56K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IRZX2QR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JOZFFW5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KJJ83DW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MBY5OZY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZX206WG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22MEKQA1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22ROYOJS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A3KC01J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T4HJ6M4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T9LG7HY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XA0CHLF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30ZIEWH1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39K9MFLK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EHLAM12 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4719YN9B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48APFIUJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AP6NGX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JY2DJ9N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XVCRLXY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E7CQY9P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HBL446Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RORLWKI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5U0KEE31 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\601GSR8B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61VIT8YD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KB3FO2F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BMNGN1X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MQI6YBD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T22W4XL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93Y4XHFE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CCK61MA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB1M1ZSH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHXWDHET (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZZ95S4F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1RWXGVR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFZDEC4P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG1GODA9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKS2Y7WJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUX8C9BZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1HMMCWQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB6FWHL1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJDAZ1RZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMHEVQDC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNE8Q570 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPKHHI51 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ0JBX0L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM929SDD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E73KNS76 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAHNZWRJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBTF37FD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2X4FN18 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHXFI62L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIV44UCM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM9O9HP2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRC7O4WY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTZILMBD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8SU0NSJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GCYQ51X6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHSUD70P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOL0ZJE4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXGHWC2H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0KDMMJE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZC1CBB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZQVHZE1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7OWFMN8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLGG49EX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUJ6BSAO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGQ294OZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIP95XQO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNNM4SPI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0ALJ5Z8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEQ4Q2B1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMJ2DZXB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LR4AR8RA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ21I2CL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFW3SJBH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTTQCW83 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1SMOR2V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4RKW9C0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHAP6K0E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMYQ0VQS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW3BQYCU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P39YNIKA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PA58PL8Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNW96P8J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1JEM5UY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBPSCW3Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGLPWDFJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHZPTQXR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QKUJ1PWT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOC8EPNG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ4SM9EE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RA0I817H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDA73WEY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFIJAUEY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGHDNRXC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGI4EDOV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RY600517 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S081LTRN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S26OBISJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB7SFBWC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCJVG5J1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU1UU3LD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXGVBHWN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2IOAYPB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T55HRSEQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOGK2D7M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TY6J929Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5㦖RVU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5H33XUP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UG5BP4IT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGAUPDY2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVNY7UQM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1MR38HZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNH1FCFS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQEU20Y1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W014439K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5VC2O4P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKSRKHR4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WO6CG72H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0LZJLAV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XEOK3IEZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHFFN4UE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJE7Z71Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLDKN5Y3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMNYGAS2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YE11RW8I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEAI06UY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKSJVBZZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRW4A5BU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYCZLKE9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7ZUVGP3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP8FEPGD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZRRT86R7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\065NO4ZW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\085KI5YD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DOXYRV3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GBQ21A8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JE5ELNX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AC4B56K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IRZX2QR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JOZFFW5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KJJ83DW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MBY5OZY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZX206WG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22MEKQA1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22ROYOJS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A3KC01J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T4HJ6M4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T9LG7HY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XA0CHLF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30ZIEWH1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39K9MFLK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EHLAM12 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4719YN9B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48APFIUJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AP6NGX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JY2DJ9N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XVCRLXY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E7CQY9P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HBL446Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RORLWKI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5U0KEE31 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\601GSR8B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61VIT8YD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KB3FO2F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BMNGN1X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MQI6YBD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T22W4XL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93Y4XHFE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CCK61MA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB1M1ZSH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHXWDHET (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZZ95S4F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1RWXGVR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFZDEC4P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG1GODA9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKS2Y7WJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUX8C9BZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1HMMCWQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB6FWHL1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJDAZ1RZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMHEVQDC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNE8Q570 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPKHHI51 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ0JBX0L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM929SDD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E73KNS76 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAHNZWRJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBTF37FD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2X4FN18 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHXFI62L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIV44UCM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM9O9HP2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRC7O4WY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTZILMBD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8SU0NSJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GCYQ51X6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHSUD70P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOL0ZJE4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXGHWC2H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0KDMMJE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZC1CBB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZQVHZE1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7OWFMN8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLGG49EX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUJ6BSAO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGQ294OZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIP95XQO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNNM4SPI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0ALJ5Z8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEQ4Q2B1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMJ2DZXB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LR4AR8RA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ21I2CL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFW3SJBH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTTQCW83 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1SMOR2V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4RKW9C0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHAP6K0E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMYQ0VQS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW3BQYCU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P39YNIKA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PA58PL8Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNW96P8J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1JEM5UY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBPSCW3Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGLPWDFJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHZPTQXR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QKUJ1PWT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOC8EPNG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ4SM9EE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RA0I817H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDA73WEY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFIJAUEY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGHDNRXC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGI4EDOV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RY600517 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S081LTRN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S26OBISJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB7SFBWC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCJVG5J1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU1UU3LD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXGVBHWN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2IOAYPB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T55HRSEQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOGK2D7M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TY6J929Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5㦖RVU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5H33XUP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UG5BP4IT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGAUPDY2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVNY7UQM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1MR38HZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNH1FCFS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQEU20Y1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W014439K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5VC2O4P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKSRKHR4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WO6CG72H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0LZJLAV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XEOK3IEZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHFFN4UE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJE7Z71Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLDKN5Y3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMNYGAS2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YE11RW8I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEAI06UY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKSJVBZZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRW4A5BU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYCZLKE9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7ZUVGP3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP8FEPGD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZRRT86R7 (Temporary Internet Files Folder)

Deleted the following from C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\jjj4u52q.default\prefs.js
user_pref(aim_toolbar.search.searchtype, web);
user_pref(aol_toolbar.surf.date, 6);
user_pref(aol_toolbar.surf.lastDate, 17);
user_pref(aol_toolbar.surf.lastMonth, 5);
user_pref(aol_toolbar.surf.lastYear, 2012);
user_pref(aol_toolbar.surf.month, 900);
user_pref(aol_toolbar.surf.prevMonth, 792);
user_pref(aol_toolbar.surf.total, 287458);
user_pref(aol_toolbar.surf.week, 6);
user_pref(aol_toolbar.surf.year, 14782);
user_pref(browser.search.defaulturl, hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us);
user_pref(keyword.URL, hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=);



Registry: 10

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ecd-cc67-4437-a03c-9aaccbd14326} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{61539ecd-cc67-4437-a03c-9aaccbd14326} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/22/2017 at 17:46:56.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

I ran additional scans with malwarebytes which only found a false positive pup, and a full scan with my antivirus which aside from the scan time being wrong only found 2 tracking cookies.

 

Edit: Got a weird message when I tried to post this the first time:

"Sorry, you don't have permission for that! [#20310]. Your secure key, used to verify you are posting the topic, did not match the one submitted. Please go back, reload the form, and try again."

Do these sessions expire quickly or something?


Edited by zor_tan, 23 August 2017 - 12:53 AM.


#5 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:44 PM

Posted 23 August 2017 - 06:42 AM

Did Eset Online Scan find anything?

 

Rerun AdwCleaner and be sure to click on Clean after scan finishes.

 

I suggest you install Adblock Plus in your browsers. Once installed click on the ABP icon at the top of the browsers and

choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.

Adblock Plus - Chrome Web Store   Adblock Plus :: Add-ons for Firefox  Adblock Plus for IE

 

The registry items removed were adware related.

 

Block the Third Party cookies from installing in your browsers. Those are the ad and tracking cookies. Once you have blocked them,

run CCleaner to remove the existing ones. How to disable third-party cookies in all major web browsers

 

  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

I don't know why you saw that "weird message". If it happens again...let me know and I will ask the admin about it.


Edited by buddy215, 23 August 2017 - 06:50 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 zor_tan

zor_tan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 24 August 2017 - 01:25 AM

Yep, sorry I forgot to mention eset in the previous post. It found 3 threats, 2 of which were toolbar addons and the other was a realplayer component marked as "Win32/Realplayer.a" I believe. I ran adwcleaner again and cleaned more registry keys. I think I'll definitely be installing adblock or something like that after this.

 

 

# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 24 03:43:58 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [13471 B] - [2017/8/22 21:5:57]
C:/AdwCleaner/AdwCleaner[S0].txt - [15081 B] - [2017/8/22 20:38:5]
C:/AdwCleaner/AdwCleaner[S1].txt - [3775 B] - [2017/8/24 2:53:39]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

 

 

 

I was unable to get security check to work for some reason, when I tried to install it I got a message from windows telling me it couldn't access the specified device, path, or file. In addition to that, norton apparently thought it was malicious and removed it automatically. Should I try downloading it from another source?



#7 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:44 PM

Posted 24 August 2017 - 05:35 AM

You can try disabling Norton...shutting its realtime protection down and then download and run the security check. Reenable Norton after the JRT scan finishes.

It is a safe tool to use.

 

If you are still unable to run the security check then do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 zor_tan

zor_tan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 25 August 2017 - 03:58 AM

Tried to get it to work again and it wouldn't with windows, I turned on Norton again and it detected two items this time. Not sure why it's doing that. But here's the ccleaner log as requested:

 

Yes    HKCU:Run    Akamai NetSession Interface    Akamai Technologies, Inc.    "C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe"
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Google Update    Google Inc.    C:\Users\Richard\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
No    HKCU:Run    Messenger (Yahoo!)    Yahoo! Inc.    "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Yes    HKCU:Run    msnmsgr    Microsoft Corporation    "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
No    HKCU:Run    Vidalia        "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
Yes    HKLM:Run    amd_dc_opt    AMD    C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
Yes    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
No    HKLM:Run    EzPrint    Lexmark International Inc.    "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    IntelliPoint    Microsoft Corporation    "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
No    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
No    HKLM:Run    lxdnmon.exe    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
Yes    HKLM:Run    RealDownloader    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Yes    HKLM:Run    RunAIShell    ASUSTeK Computer Inc.    C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
Yes    HKLM:Run    SKDaemon.exe        C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
Yes    HKLM:Run    Skytel    Realtek Semiconductor Corp.    C:\Program Files\Realtek\Audio\HDA\Skytel.exe
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    HKLM:Run    TkBellExe    RealNetworks, Inc.    "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Yes    Startup Common    RealTimes.lnk    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe

 

 

 

7-Zip 16.04 (x64)    Igor Pavlov    3/1/2017    4.75 MB    16.04
Acoustica Effects Pack    Acoustica, Inc    1/14/2011        3.0
Acoustica Mixcraft 5    Acoustica    1/14/2011       
Acrobat.com    Adobe Systems Incorporated    1/20/2010    1.60 MB    1.6.65
Adobe Acrobat Reader DC    Adobe Systems Incorporated    8/12/2017    259 MB    17.012.20095
Adobe AIR    Adobe Systems Inc.    1/14/2011        1.5.0.7220
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    1/14/2011        10.0.42.34
Adobe Flash Player 26 NPAPI    Adobe Systems Incorporated    8/24/2017    19.6 MB    26.0.0.151
Age of Chivalry    Team Chivalry    1/14/2011       
AI Manager    ASUSTeK    1/14/2011        1.08.05
AIM 7        1/14/2011       
Akamai NetSession Interface    Akamai Technologies, Inc    6/22/2012       
Apple Application Support    Apple Inc.    8/12/2016    64.0 MB    2.3.6
Apple Mobile Device Support    Apple Inc.    4/23/2010    19.9 MB    3.0.0.102
Apple Software Update    Apple Inc.    8/12/2016    2.38 MB    2.1.3.127
Arma 2 Demo    Bohemia Interactive    1/14/2011       
ARMA 2: Free    Bohemia Interactive    11/28/2011       
ARMA 2: Operation Arrowhead Demo    Bohemia Interactive    11/5/2011       
ASUSUpdate        1/14/2011       
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver %


Edited by zor_tan, 26 August 2017 - 02:57 AM.


#9 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:44 PM

Posted 25 August 2017 - 07:04 AM

What info does Norton give you on the two items it found?

 

The Scheduled Tasks list is missing. The formatting is okay.

 

Disable these Windows Startups: Click on each one and choose Disable on the right.

Yes    HKCU:Run    Akamai NetSession Interface    Akamai Technologies, Inc.    "C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe"
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Google Update    Google Inc.    C:\Users\Richard\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe

Yes    HKCU:Run    msnmsgr    Microsoft Corporation    "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent

Yes    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe

Yes    HKLM:Run    RealDownloader    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    HKLM:Run    TkBellExe    RealNetworks, Inc.    "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Yes    Startup Common    RealTimes.lnk    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe

 

Uninstall these programs:

Acrobat.com    Adobe Systems Incorporated    1/20/2010    1.60 MB    1.6.65

Adobe AIR    Adobe Systems Inc.    1/14/2011        1.5.0.7220
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    1/14/2011        10.0.42.34 (Use this uninstaller Uninstall Flash Player for Windows

AIM 7        1/14/2011   

Akamai NetSession Interface    Akamai Technologies, Inc    6/22/2012   

Bing Bar    Microsoft Corporation    3/25/2016    26.8 MB    7.0.850.0

Bonjour    Apple Inc.    4/23/2010    1.14 MB    2.0.0.34

ESET Online Scanner v3        1/14/2011

HiJackThis    Trend Micro    1/14/2011    369 KB    1.0.0

Java 8 Update 121    Oracle Corporation    3/18/2017    94.4 MB    8.0.1210.13

qBittorrent 3.3.10    The qBittorrent project    3/1/2017    93.4 MB    3.3.10 (Dangerous to use to download free stuff..more than half contain malware...may be illegal downloads)
QuickTime 7    Apple Inc.    8/12/2016    69.1 MB    7.79.80.95 (No longer supported)
RealPlayer (RealTimes)    RealNetworks    5/14/2016    91.7 MB    18.1.3 (Ad intensive and uses a lot of computer's resources)

Safari    Apple Inc.    4/23/2010    36.8 MB    5.31.22.7

Skype Toolbars    Skype Technologies S.A.    3/30/2010    5.23 MB    1.0.4051

SUPERAntiSpyware    SUPERAntiSpyware.com    8/23/2011    63.6 MB    5.0.1108 (not as good as once was...use MBAM )

Tor 0.2.1.26        1/14/2011     (out dated)

Vidalia 0.2.9        1/14/2011    (Out dated)

Windows Live Essentials    Microsoft Corporation    3/15/2011        14.0.8117.0416

Windows Live Sync    Microsoft Corporation    3/15/2011    2.78 MB    14.0.8117.416
Windows Live Upload Tool    Microsoft Corporation    1/20/2010    224 KB    14.0.8014.1029

Yahoo! Messenger    Yahoo! Inc.    1/14/2011       
Yahoo! Software Update        1/14/2011     

 

Many other old programs. Suggest you look through them and uninstall the ones you no longer use


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 zor_tan

zor_tan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 26 August 2017 - 03:09 AM

Norton tried to label it as a SAPE.Heur.9C747, after I tried downloading it again and it didn't work it labeled it the same in addition to a secondary download with a bunch of random characters located in the cache2\entries directory.

 

My bad, I could've sworn I included it in there, guess not. I hope this is the correct log before I start uninstalling programs.

 

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskUserS-1-5-21-1551484582-1298501380-2346242808-1001Core    Google Inc.    C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-1551484582-1298501380-2346242808-1001UA    Google Inc.    C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    Installation App Launcher    Lexmark International Inc.    "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
Yes    Task    RealDownloader Update Check    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe /scheduler
Yes    Task    RealDownloaderDownloaderScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
Yes    Task    RealDownloaderRealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck
Yes    Task    RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck
Yes    Task    RealPlayerRealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealPlayerRealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes    Task    RealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
No    Task    USER_ESRV_SVC_WILLAMETTE    Microsoft Corporation    "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Yes    Task    {E44D63E9-F068-446F-BCA0-9B37F04CEC3A}    Skype Technologies S.A.    C:\Program Files (x86)\Skype\Phone\Skype.exe
Yes    Task    {F868F7D9-F7F8-4A0F-BB1A-289035C684A3}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/12890
 

 

Not sure this is relevant but I got a message from google that it detected unusual traffic from my network. Could rapid clicking cause something like that?



#11 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:44 PM

Posted 26 August 2017 - 05:18 AM

Disable these Tasks:

Yes    Task    GoogleUpdateTaskUserS-1-5-21-1551484582-1298501380-2346242808-1001UA    Google Inc.    C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    Installation App Launcher    Lexmark International Inc.    "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
Yes    Task    RealDownloader Update Check    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe /scheduler
Yes    Task    RealDownloaderDownloaderScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
Yes    Task    RealDownloaderRealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck
Yes    Task    RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck
Yes    Task    RealPlayerRealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealPlayerRealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes    Task    RealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck

Yes    Task    GoogleUpdateTaskUserS-1-5-21-1551484582-1298501380-2346242808-1001UA    Google Inc.    C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    Installation App Launcher    Lexmark International Inc.    "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
Yes    Task    RealDownloader Update Check    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe /scheduler
Yes    Task    RealDownloaderDownloaderScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
Yes    Task    RealDownloaderRealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck
Yes    Task    RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck
Yes    Task    RealPlayerRealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealPlayerRealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes    Task    RealUpgradeLogonTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealUpgradeScheduledTaskS-1-5-21-1551484582-1298501380-2346242808-1001    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:44 PM

Posted 26 August 2017 - 05:31 AM

Once you get all the above completed, installed Adblock Plus and blocked Third Party cookies.....let me know of

any other warnings/ alerts from Google or Norton. The Google "unusual traffic" is too vague for comment.

 

"Unusual Traffic" Google Messages Explained


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 zor_tan

zor_tan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 28 August 2017 - 11:44 AM

Will do. Thanks for all your help!

 

The Norton message was bizarre though, if it wasn't a trojan what could've triggered that message?

Apologies for the late reply.


Edited by zor_tan, 28 August 2017 - 11:44 AM.


#14 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:44 PM

Posted 28 August 2017 - 12:26 PM

Could be one or more of the tasks or other that I've asked to be disabled/ uninstalled. That's why I asked to complete all that, reboot and then let me know

later if the messages/ alerts popup again. Give it a couple of days. Read the info at "Unusual Traffic" Google Messages Explained


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users