Groover Advertisements Removal Guide

  • September 10, 2015

Groover is an adware program that injects advertisements onto web pages while browsing the web. When you browse the web while this adware is installed, Groover will display intrusive and unwanted ads onto web sites that make it difficult to read the content of the site. These ads will be labeled as Ads by groover300820151711, brought by groover300820151711, or other seemingly random string. This adware will also display pop-up ads when you click on a web link that show misleading advertisements that state you have malware on your computer or that there is something wrong with it. To make matters worse, you will also find that this adware will cause your computer to act more sluggish or for your web browser to freeze.

  • Groover ads on

It is important to note that this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.

As you can see, there is no benefit to having this adware adware install on your computer. All it will do is display a constant stream of annoying ads and pop-ups that make it impossible to browse the web. Therefore, it is suggested that you uninstall Groover and any related adware using the following removal guide.

Self Help Guide

This guide contains advanced information, but has been written in such a way so that anyone can follow it. Please ensure your data is backed up before proceeding.

If you are uncomfortable making changes to your computer or following these steps, do not worry! Instead you can get free one-on-one help by asking in the forums.
  1. This removal process may appear overwhelming due to the amount of the steps and the various programs used. Please do not be concerned as it is only written this way to give you clear and easy instructions so that anyone can use this guide. Before using this guide, you should print out these instructions and close any open programs and files as your web browser will need to be closed and your computer rebooted later in this fix.

  2. Now we want to terminate any other adware or malware processes that may be running by downloading and running Rkill. Rkill will search your computer for active malware processes and attempt to terminate them so that they wont interfere with the removal process. To do this, please download RKill to your desktop from the following link.

    RKill Download Link - (Download page will open in a new tab or browser window.)

    When at the download page, click on the Download Now button labeled iExplore.exe. When you are prompted where to save it, please save it on your desktop.

  3. Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Groover and other malware. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and a log file will open. Please review the log file and then close so you can continue with the next step. If you have problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.

    Do not reboot your computer after running RKill as the malware programs will start again.

  4. At this point you should download Malwarebytes Anti-Malware, or MBAM, to scan your computer for any any infections or adware that may be present. Please download Malwarebytes from the following location and save it to your desktop:

    Malwarebytes Anti-Malware Download Link (Download page will open in a new window)

  5. Once downloaded, close all programs and Windows on your computer, including this one.

  6. Double-click on the icon on your desktop named mb3-setup-1878.1878- This will start the installation of MBAM onto your computer.

  7. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave Launch Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.

  8. MBAM will now start and you will be at the main screen as shown below.

    Malwarebytes Anti-Malware

    Please click on the Scan Now button to start the scan. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan.

  9. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.

    Malwarebytes Anti-Malware

  10. When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different than what is shown in the image below due to the guide being updated for newer versions of MBAM.

    MalwareBytes Scan Results

    You should now click on the Remove Selected button to remove all the seleted malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

  11. You can now exit the MBAM program.

  12. As final cleanup step, please download AdwCleaner and save it to your desktop. AdwCleaner will scan your computer for adware programs that may have been installed on your computer without your knowledge. You can download AdwCleaner from the following URL:

  13. When AdwCleaner has finished downloading, please double-click on the AdwCleaner.exe icon that now appears on your desktop. Once you double-click on the icon the AdwCleaner program will open and you will be presented with its start screen as shown below. If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.

    AdwCleaner Start Screen

  14. Now click on the Scan button in AdwCleaner. The program will now start to search for known adware programs that may be installed on your computer. When it has finished it will display all of the items it has found in Results section of the screen above. Please look through the results and try to determine if the programs that are listed contain ones that you do not want installed. If you find programs that you need to keep, then uncheck the entries associated with them.

    For most people, the contents of the Results section may appear confusing or as gibberish. Unless you see a program name that you know should not be removed, please continue with the next step.

  15. To remove the adware programs that were detected in the previous step, please click on the Clean button on the AdwCleaner screen. AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.

    AdwCleaner Reboot Prompt

    Please click on the OK button to let AdwCleaner reboot your computer.

  16. When your computer reboots and you are logged in, AdwCleaner will automatically open a log file that contains the files, registry keys, and programs that were removed from your computer.

    AdwCleaner Log

    Please review this log file and then close the Notepad Window.

  17. Ads by Groover can be stubborn to get rid of without fully resetting your web browsers. For each web browser that you have installed, please follow the appropriate instructions below on how to reset your browser to factory defaults. Please note that this method will remove all add-ons, extensions, toolbars and other customizations but will leave your bookmarks and favorites intact.

    In order to remove Groover completely you will need to reset Chrome back to its initial settings. Doing these steps will erase all configuration information from Chrome such as your home page, tab settings, saved form information, browsing history, and cookies. This process will also disable any installed extensions. All of your bookmarks, though, will be preserved.

    To reset Chrome, open the program and click on the Chrome menu button (Chrome Menu Buttonm) in the top right-hand corner of the window. This will open the main menu for Chrome as shown below.

    Chrome Menu Settings Option

    Now click on the menu option labeled Settings as shown by the arrow in the picture above, which will open the basic settings screen. Scroll down to the very bottom and you will see a Show advanced settings... option as shown in the image below.

    Advanced Settings Option

    Click on the Show advanced settings... option to open the advanced settings screen. Scroll to the very bottom until you see the reset button as shown in the image below.

    Advanced Settings Reset Button

    Now click on the Reset settings button as shown in the image above. Chrome will now open a confirmation dialog asking if you are sure you wish to reset your browser.

    Reset Chrome Confirmation

    To reset Chrome, click on the Reset button. Chrome will now erase all your personal data, browsing history, and disable all installed extensions. Your bookmarks, though, will remain intact and still be accessible. You can now close the Settings tab and continue with the rest of the instructions.

    In order to remove Groover completely you will need to reset Internet Explorer back to its initial settings. Doing these steps will erase all configuration information from Internet Explorer such as your home page, saved form information, browsing history, and cookies. This process will also disable any installed toolbars and add-ons. All of your bookmarks, though, will be preserved.

    To reset Internet Explorer, open the program and click on the Internet Explorer menu button (Tools Menu Button) in the top right-hand corner of the window. This will open the main menu for Internet Explorer as shown below.

    Internet Options Menu Item


    Now click on the menu option labeled Internet options as shown by the arrow in the picture above, which will open the Internet Options screen.

    General tab of the Internet Options

    Now click on the Advanced tab as shown in the image above. This will open the Advanced Settings screen.

    Advanced Settings Tab

    Now click on the Reset... button as shown in the image above. Internet Explorer will now open a confirmation dialog asking you to confirm that you wish to reset your browser.

    Reset Confirmation

    In the reset dialog shown above, please put a check mark in Delete personal settings and then click on the Reset button. Internet Explorer will now erase all your personal data, browsing history, and disable all add-ons and toolbars. Your favorites, though, will remain intact and still be accessible.

    Reset finished

    Once the Reset process has been completed, click on the Close button. You will now be prompted to restart Internet Explorer to complete the reset. Once you have restarted Internet Explorer, you can continue with the rest of the instructions.

    In order to remove Groover completely you will need to refresh Firefox back to its initial settings. It does this by removing all add-ons and personalized configuration settings. All of your bookmarks, though, will be preserved.

    To reset Firefox, open the program and click on the Firefox menu
    button (Firefox menu button) in the top right-hand corner of the window. This will open the main menu for Firefox as shown below.

    Firefox Menu


    Now click on the question mark button (Help button) as indicated by the arrow in the image above. This will open up the Firefox help menu.

    Help Menu

    Next click on the Troubleshooting Information option as indicated by the arrow in the image above. This will bring you to a Troubleshooting page.

    Troubleshooting Information Page

    To begin the refresh process click on the Refresh Firefox.. button. When you do this a confirmation will be shown asking if you wish to perform a Firefox refresh.

    Firefox Refresh Confirmation

    To refresh Firefox, click on the Refresh Firefox button. When the refresh process is finished you will be shown an Import window that will automatically close. When that closes, Firefox will be open and state that it has been refreshed.

    Refresh Complete

    You can now click on the Let's go! button to start using Firefox again.

    In order to completely remove Groover you will need to reset Safari back to its initial settings. Doing these steps will erase all configuration information from Safari such as your Top Sites, saved form information, browsing history, and cookies. This process will not erase your bookmarks or extensions, which will still be available after you reset Safari.

    To reset Safari, open the program and click on the gear (Safari Options Gear) in the top right-hand corner of the window. This will open the main menu for Safari as shown below.

    Safari Options Menu


    Now click on the menu option labeled Reset Safari as shown by the arrow in the picture above. This will open a window that allows you to select all the items you wish to reset.

    Reset Options Window

    Keep the check marks in each option and then click on the Reset button. Safari will delete all of your personal data and then open a blank page, which means the process has finished.

    It is important to note that this process does not delete your Bookmarks or any installed Safari Extensions. If you wish to remove your Safari Extensions as well, you can download this batch file, which will reset Safari and elete all installed extensions, while still retaining your bookmarks.

  18. We now need to delete the certificates installed by Groover. To do this press the Windows keyboard key (Windows Key) and the R key at the same time to open the Run dialog box. When it opens, type certmgr.msc in the Open: field and press the Enter key. The Windows Certificate Manage will now open. Click on the little arrow next to Trusted Root Certification Authority category to expand it and then click on the Certificates folder. You should now see a list of certificates similar to the image below.

    Certificate Manager

    When the list of certificates open, scroll through the list and look for certificates whose Issued To identifier appears to be random and have a Friendly Name set to . Example certificates with random Issued To strings are Cyfbo Katif, Ijial Loovhi, and Qoin Toenly. Once you have identified these certificates, right-click on each one and select Delete as shown below. If you need help with this process, please feel free to ask in the forums.

    Delete certificate

    Once you have deleted the associated certificates, you can close the Certificate Manager window and proceed with the rest of the steps.

  19. As many malware and unwanted programs are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:

    How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector


Your computer should now be free of the Ads by Groover program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.

View Associated Groover Files

C:\Program Files\groover300820151711\Bodtykra.dll C:\Program Files\groover300820151711\Bodtykra64.dll C:\Program Files\groover300820151711\brwbl.bin C:\Program Files\groover300820151711\Colmugt.dll C:\Program Files\groover300820151711\Colmugt64.dll C:\Program Files\groover300820151711\csrcc.exe C:\Program Files\groover300820151711\dr_inst.exe C:\Program Files\groover300820151711\Euineis.bat C:\Program Files\groover300820151711\Firefox\chrome\content\libraries\DataExchangeScript.js C:\Program Files\groover300820151711\Firefox\chrome\content\main.js C:\Program Files\groover300820151711\Firefox\chrome\content\main.xul C:\Program Files\groover300820151711\Firefox\chrome\content\resources\LocalScript.js C:\Program Files\groover300820151711\Firefox\chrome\locale\en-US\overlay.dtd C:\Program Files\groover300820151711\Firefox\chrome\skin\overlay.css C:\Program Files\groover300820151711\Firefox\chrome.manifest C:\Program Files\groover300820151711\Firefox\defaults\preferences\defaults.js C:\Program Files\groover300820151711\Firefox\icon.png C:\Program Files\groover300820151711\Firefox\install.rdf C:\Program Files\groover300820151711\Firefox\{36D83219-421C-436D-87A7-0682A3781DE1}.xpi C:\Program Files\groover300820151711\freebl3.dll C:\Program Files\groover300820151711\gcpum.dll C:\Program Files\groover300820151711\Gujrijo.exe C:\Program Files\groover300820151711\KabgiPolu.exe C:\Program Files\groover300820151711\Kautumuu.dll C:\Program Files\groover300820151711\Kautumuu.EXE C:\Program Files\groover300820151711\Kautumuu64.dll C:\Program Files\groover300820151711\libnspr4.dll C:\Program Files\groover300820151711\libplc4.dll C:\Program Files\groover300820151711\libplds4.dll C:\Program Files\groover300820151711\libraries\DataExchangeScript.js C:\Program Files\groover300820151711\Lotbi.exe C:\Program Files\groover300820151711\Lotbi64.exe C:\Program Files\groover300820151711\Misnhl.dll C:\Program Files\groover300820151711\Misnhl64.dll C:\Program Files\groover300820151711\mispanjiu.exe C:\Program Files\groover300820151711\mispanjiu64.exe C:\Program Files\groover300820151711\nfregdrv64.exe C:\Program Files\groover300820151711\nss3.dll C:\Program Files\groover300820151711\nssckbi.dll C:\Program Files\groover300820151711\nssdbm3.dll C:\Program Files\groover300820151711\nssutil3.dll C:\Program Files\groover300820151711\prc.exe C:\Program Files\groover300820151711\prdt.bin C:\Program Files\groover300820151711\resources\LocalScript.js C:\Program Files\groover300820151711\rmvall.exe C:\Program Files\groover300820151711\Shbymqyl.dll C:\Program Files\groover300820151711\smime3.dll C:\Program Files\groover300820151711\softokn3.dll C:\Program Files\groover300820151711\sqlite3.dll C:\Program Files\groover300820151711\ssl3.dll C:\Program Files\groover300820151711\Teweg.dll C:\Program Files\groover300820151711\Teweg64.dll C:\Program Files\groover300820151711\tree.js C:\Program Files\groover300820151711\Ukoslu.dll C:\Program Files\groover300820151711\Ukoslu64.dll C:\Program Files\groover300820151711\unins000.dat C:\Program Files\groover300820151711\unins000.exe C:\Program Files\groover300820151711\wrapper.exe C:\Program Files\groover300820151711\Zhyyoqam.exe %Temp%\oprun24033.exe %Temp%\oprun30645.exe %Temp%\SpOrder.dll %Temp%folder\ortmp\freebl3.dll %Temp%folder\ortmp\libnspr4.dll %Temp%folder\ortmp\libplc4.dll %Temp%folder\ortmp\libplds4.dll %Temp%folder\ortmp\nss3.dll %Temp%folder\ortmp\nssckbi.dll %Temp%folder\ortmp\nssdbm3.dll %Temp%folder\ortmp\nssutil3.dll %Temp%folder\ortmp\orion.exe %Temp%folder\ortmp\smime3.dll %Temp%folder\ortmp\softokn3.dll %Temp%folder\ortmp\sqlite3.dll %Temp%folder\ortmp\ssl3.dll C:\Users\User\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt C:\Users\User\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\sts.js C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js C:\Users\User\AppData\Roaming\ortmp\uninstaller.exe C:\Windows\SysWOW64\Kautumuu.dll C:\Windows\SysWOW64\Kautumuu.ini C:\Windows\SysWOW64\KautumuuOff.ini C:\Windows\System32\drivers\bsdriver.sys C:\Windows\System32\drivers\cherimoya.sys C:\Windows\System32\Tasks\Pesdyhme C:\Windows\System32\Kautumuu64.dll C:\Windows\System32\KautumuuOff.ini C:\Windows\System32\kaxf\unia\ibu.dat C:\Windows\Temp\Kautumuu.log

File Location Notes:

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\<Current User>\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\<Current User>\AppData\Local\Temp in Windows Vista, Windows 7, and Windows 8.

View Associated Groover Registry Information

HKCU\Software\Classes\Software\{78427AE8-76E6-4C75-8C84-CB84491D626C}\Name C:\Program Files\groover300820151711\Lotbi.exe HKCU\Software\{78427AE8-76E6-4C75-8C84-CB84491D626C} HKCU\Software\{78427AE8-76E6-4C75-8C84-CB84491D626C}\Name C:\Program Files\groover300820151711\Lotbi.exe HKLM\SOFTWARE\Classes\AppID\Colmugt.DLL HKLM\SOFTWARE\Classes\AppID\Kautumuu.EXE HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} HKLM\SOFTWARE\Classes\AppID\{457ABC5B-E6A7-451F-9102-52D78BE875F8} HKLM\SOFTWARE\Classes\AppID\{9C84BC47-0FEE-4F32-85E9-4C6E77846015} HKLM\SOFTWARE\Classes\AppID\{C7AE4248-ABE8-4EEF-9DB9-719ABBB1B498} HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A} HKLM\SOFTWARE\Classes\CLSID\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Classes\CLSID\{676BD830-F592-4A5D-8502-3B2CBD83A199} HKLM\SOFTWARE\Classes\CLSID\{93821D1D-1047-4239-AA97-40E028199390} HKLM\SOFTWARE\Classes\CLSID\{AF8B3E35-A68A-4788-BDDA-76D8AE1C4064} HKLM\SOFTWARE\Classes\Interface\{024FA984-B503-4E9B-87E8-16562DEF23D9} HKLM\SOFTWARE\Classes\Interface\{4DCA032D-5A6E-4592-AA58-832B9EFA1256} HKLM\SOFTWARE\Classes\Interface\{5172759D-F46E-4338-8F3A-65E01BB544E3} HKLM\SOFTWARE\Classes\Interface\{545A0A06-3DA4-41E1-BD2B-6F3604DD762B} HKLM\SOFTWARE\Classes\Interface\{61FE27E6-82A6-402E-BEC9-7DC46B9D139A} HKLM\SOFTWARE\Classes\Interface\{7A8293EC-43F2-4783-8888-C28BD2C2589A} HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} HKLM\SOFTWARE\Classes\Interface\{DF0FE672-DAB8-495E-9074-5405057BB9F2} HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} HKLM\SOFTWARE\Classes\Interface\{EC7FABCF-3CFB-4404-8BD0-9BC6D7044DA1} HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} HKLM\SOFTWARE\Classes\TypeLib\{13B77022-DB7B-4112-9B33-FA1F3F6D04B5} HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744} HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} HKLM\SOFTWARE\Classes\TypeLib\{DD196F04-8A5B-4355-A430-463AEB70FE31} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{022B36B1-878C-43EB-8801-172A81083ADF} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{26688F0C-58D6-46C5-83E0-0DFA4231AAE2} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{676BD830-F592-4A5D-8502-3B2CBD83A199} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{93821D1D-1047-4239-AA97-40E028199390} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97E0BD08-376C-4290-97AE-727AB0DB4BD1} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AF8B3E35-A68A-4788-BDDA-76D8AE1C4064} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BB03F9E5-E8F1-44AB-93A4-65D4E301EFBD} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DB021D91-1EE3-4CC0-80AF-85EEE0CE9C1B} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{024FA984-B503-4E9B-87E8-16562DEF23D9} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4DCA032D-5A6E-4592-AA58-832B9EFA1256} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5172759D-F46E-4338-8F3A-65E01BB544E3} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{545A0A06-3DA4-41E1-BD2B-6F3604DD762B} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{61FE27E6-82A6-402E-BEC9-7DC46B9D139A} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7A8293EC-43F2-4783-8888-C28BD2C2589A} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DF0FE672-DAB8-495E-9074-5405057BB9F2} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EC7FABCF-3CFB-4404-8BD0-9BC6D7044DA1} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\Colmugt.DLL HKLM\SOFTWARE\Classes\Wow6432Node\AppID\Kautumuu.EXE HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{457ABC5B-E6A7-451F-9102-52D78BE875F8} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{9C84BC47-0FEE-4F32-85E9-4C6E77846015} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C7AE4248-ABE8-4EEF-9DB9-719ABBB1B498} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{13B77022-DB7B-4112-9B33-FA1F3F6D04B5} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{DD196F04-8A5B-4355-A430-463AEB70FE31} HKLM\SOFTWARE\Classes\Extension.Maqyjam HKLM\SOFTWARE\Classes\Extension.Maqyjam.1 HKLM\SOFTWARE\Classes\KautumuuLib.FelEzoznoko HKLM\SOFTWARE\Classes\KautumuuLib.FelEzoznoko.1 HKLM\SOFTWARE\Classes\KautumuuLib.IchhEsyhjuwle HKLM\SOFTWARE\Classes\KautumuuLib.IchhEsyhjuwle.1 HKLM\SOFTWARE\Classes\KautumuuLib.KapTepcis HKLM\SOFTWARE\Classes\KautumuuLib.KapTepcis.1 HKLM\SOFTWARE\Classes\KautumuuLib.MeovVockeerboi HKLM\SOFTWARE\Classes\KautumuuLib.MeovVockeerboi.1 HKLM\SOFTWARE\Classes\KautumuuLib.TioEkootbuji HKLM\SOFTWARE\Classes\KautumuuLib.TioEkootbuji.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\groover300820151711 C:\Program Files\groover300820151711\Lotbi.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\groover30082015171164 C:\Program Files\groover300820151711\Lotbi64.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36D83219-421C-436D-87A7-0682A3781DE1}_is1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FA9542A-D3E4-4EE8-9FD7-C4C8454B199F} HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pesdyhme HKLM\SOFTWARE\Mozilla\Firefox HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cmdrun cmd.exe /C ipconfig /flushdns HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{022B36B1-878C-43EB-8801-172A81083ADF} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{15EF9606-13BC-4E64-8581-E534ADE68205} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26688F0C-58D6-46C5-83E0-0DFA4231AAE2} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{676BD830-F592-4A5D-8502-3B2CBD83A199} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{93821D1D-1047-4239-AA97-40E028199390} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97E0BD08-376C-4290-97AE-727AB0DB4BD1} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF8B3E35-A68A-4788-BDDA-76D8AE1C4064} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB03F9E5-E8F1-44AB-93A4-65D4E301EFBD} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB021D91-1EE3-4CC0-80AF-85EEE0CE9C1B} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{024FA984-B503-4E9B-87E8-16562DEF23D9} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4DCA032D-5A6E-4592-AA58-832B9EFA1256} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5172759D-F46E-4338-8F3A-65E01BB544E3} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{545A0A06-3DA4-41E1-BD2B-6F3604DD762B} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{61FE27E6-82A6-402E-BEC9-7DC46B9D139A} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7A8293EC-43F2-4783-8888-C28BD2C2589A} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF0FE672-DAB8-495E-9074-5405057BB9F2} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EC7FABCF-3CFB-4404-8BD0-9BC6D7044DA1} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\Colmugt.DLL HKLM\SOFTWARE\Wow6432Node\Classes\AppID\Kautumuu.EXE HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{457ABC5B-E6A7-451F-9102-52D78BE875F8} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{9C84BC47-0FEE-4F32-85E9-4C6E77846015} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{C7AE4248-ABE8-4EEF-9DB9-719ABBB1B498} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{13B77022-DB7B-4112-9B33-FA1F3F6D04B5} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{DD196F04-8A5B-4355-A430-463AEB70FE31} HKLM\SOFTWARE\Wow6432Node\groover300820151711 HKLM\SOFTWARE\groover300820151711 HKLM\SYSTEM\CurrentControlSet\services\21C49BB6-7CDB-478F-8D05-44C6F236D73A HKLM\SYSTEM\CurrentControlSet\services\bsdriver HKLM\SYSTEM\CurrentControlSet\services\cherimoya HKLM\SYSTEM\CurrentControlSet\services\csrcc HKLM\SYSTEM\CurrentControlSet\services\GakmHerk HKLM\SYSTEM\CurrentControlSet\services\groover300820151711 Updater HKLM\SYSTEM\CurrentControlSet\services\Kautumuu

This is a self-help guide. Use at your own risk. can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus,Trojan,Spyware, and Malware Removal Logs forum.

If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you.


Remember Me
Sign in anonymously