• Filed Under :
• September 10, 2015

What is Groover?

Skip this and learn how to remove Groover!

It is important to note that this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.

As you can see, there is no benefit to having this adware adware install on your computer. All it will do is display a constant stream of annoying ads and pop-ups that make it impossible to browse the web. Therefore, it is suggested that you uninstall Groover and any related adware using the following removal guide.

Self Help Guide

This guide contains advanced information, but has been written in such a way so that anyone can follow it. Please ensure your data is backed up before proceeding.

If you are uncomfortable making changes to your computer or following these steps, do not worry! Instead you can get free one-on-one help by asking in the forums.
1. This removal process may appear overwhelming due to the amount of the steps and the various programs used. Please do not be concerned as it is only written this way to give you clear and easy instructions so that anyone can use this guide. Before using this guide, you should print out these instructions and close any open programs and files as your web browser will need to be closed and your computer rebooted later in this fix.

2. Now we want to terminate any other adware or malware processes that may be running by downloading and running Rkill. Rkill will search your computer for active malware processes and attempt to terminate them so that they wont interfere with the removal process. To do this, please download RKill to your desktop from the following link.

Do not reboot your computer after running RKill as the malware programs will start again.

6. Double-click on the icon on your desktop named mb3-setup-1878.1878-3.0.6.1469.exe. This will start the installation of MBAM onto your computer.

7. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave Launch Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.

8. MBAM will now start and you will be at the main screen as shown below.

Please click on the Scan Now button to start the scan. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan.

9. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.

10. When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different than what is shown in the image below due to the guide being updated for newer versions of MBAM.

You should now click on the Remove Selected button to remove all the seleted malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

11. You can now exit the MBAM program.

13. When AdwCleaner has finished downloading, please double-click on the AdwCleaner.exe icon that now appears on your desktop. Once you double-click on the icon the AdwCleaner program will open and you will be presented with its start screen as shown below. If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.

14. Now click on the Scan button in AdwCleaner. The program will now start to search for known adware programs that may be installed on your computer. When it has finished it will display all of the items it has found in Results section of the screen above. Please look through the results and try to determine if the programs that are listed contain ones that you do not want installed. If you find programs that you need to keep, then uncheck the entries associated with them.

For most people, the contents of the Results section may appear confusing or as gibberish. Unless you see a program name that you know should not be removed, please continue with the next step.

16. When your computer reboots and you are logged in, AdwCleaner will automatically open a log file that contains the files, registry keys, and programs that were removed from your computer.

In order to remove Groover completely you will need to reset Chrome back to its initial settings. Doing these steps will erase all configuration information from Chrome such as your home page, tab settings, saved form information, browsing history, and cookies. This process will also disable any installed extensions. All of your bookmarks, though, will be preserved.

To reset Chrome, open the program and click on the Chrome menu button () in the top right-hand corner of the window. This will open the main menu for Chrome as shown below.

Now click on the menu option labeled Settings as shown by the arrow in the picture above, which will open the basic settings screen. Scroll down to the very bottom and you will see a Show advanced settings... option as shown in the image below.

Click on the Show advanced settings... option to open the advanced settings screen. Scroll to the very bottom until you see the reset button as shown in the image below.

Now click on the Reset settings button as shown in the image above. Chrome will now open a confirmation dialog asking if you are sure you wish to reset your browser.

To reset Chrome, click on the Reset button. Chrome will now erase all your personal data, browsing history, and disable all installed extensions. Your bookmarks, though, will remain intact and still be accessible. You can now close the Settings tab and continue with the rest of the instructions.

In order to remove Groover completely you will need to reset Internet Explorer back to its initial settings. Doing these steps will erase all configuration information from Internet Explorer such as your home page, saved form information, browsing history, and cookies. This process will also disable any installed toolbars and add-ons. All of your bookmarks, though, will be preserved.

To reset Internet Explorer, open the program and click on the Internet Explorer menu button () in the top right-hand corner of the window. This will open the main menu for Internet Explorer as shown below.

Now click on the menu option labeled Internet options as shown by the arrow in the picture above, which will open the Internet Options screen.

Now click on the Advanced tab as shown in the image above. This will open the Advanced Settings screen.

Now click on the Reset... button as shown in the image above. Internet Explorer will now open a confirmation dialog asking you to confirm that you wish to reset your browser.

In the reset dialog shown above, please put a check mark in Delete personal settings and then click on the Reset button. Internet Explorer will now erase all your personal data, browsing history, and disable all add-ons and toolbars. Your favorites, though, will remain intact and still be accessible.

Once the Reset process has been completed, click on the Close button. You will now be prompted to restart Internet Explorer to complete the reset. Once you have restarted Internet Explorer, you can continue with the rest of the instructions.

In order to remove Groover completely you will need to refresh Firefox back to its initial settings. It does this by removing all add-ons and personalized configuration settings. All of your bookmarks, though, will be preserved.

To reset Firefox, open the program and click on the Firefox menu
button () in the top right-hand corner of the window. This will open the main menu for Firefox as shown below.

Now click on the question mark button () as indicated by the arrow in the image above. This will open up the Firefox help menu.

Next click on the Troubleshooting Information option as indicated by the arrow in the image above. This will bring you to a Troubleshooting page.

To begin the refresh process click on the Refresh Firefox.. button. When you do this a confirmation will be shown asking if you wish to perform a Firefox refresh.

To refresh Firefox, click on the Refresh Firefox button. When the refresh process is finished you will be shown an Import window that will automatically close. When that closes, Firefox will be open and state that it has been refreshed.

You can now click on the Let's go! button to start using Firefox again.

In order to completely remove Groover you will need to reset Safari back to its initial settings. Doing these steps will erase all configuration information from Safari such as your Top Sites, saved form information, browsing history, and cookies. This process will not erase your bookmarks or extensions, which will still be available after you reset Safari.

To reset Safari, open the program and click on the gear () in the top right-hand corner of the window. This will open the main menu for Safari as shown below.

Now click on the menu option labeled Reset Safari as shown by the arrow in the picture above. This will open a window that allows you to select all the items you wish to reset.

Keep the check marks in each option and then click on the Reset button. Safari will delete all of your personal data and then open a blank page, which means the process has finished.

It is important to note that this process does not delete your Bookmarks or any installed Safari Extensions. If you wish to remove your Safari Extensions as well, you can download this batch file, which will reset Safari and elete all installed extensions, while still retaining your bookmarks.

18. We now need to delete the certificates installed by Groover. To do this press the Windows keyboard key () and the R key at the same time to open the Run dialog box. When it opens, type certmgr.msc in the Open: field and press the Enter key. The Windows Certificate Manage will now open. Click on the little arrow next to Trusted Root Certification Authority category to expand it and then click on the Certificates folder. You should now see a list of certificates similar to the image below.

When the list of certificates open, scroll through the list and look for certificates whose Issued To identifier appears to be random and have a Friendly Name set to . Example certificates with random Issued To strings are Cyfbo Katif, Ijial Loovhi, and Qoin Toenly. Once you have identified these certificates, right-click on each one and select Delete as shown below. If you need help with this process, please feel free to ask in the forums.

Once you have deleted the associated certificates, you can close the Certificate Manager window and proceed with the rest of the steps.

19. As many malware and unwanted programs are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

Your computer should now be free of the Ads by Groover program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.

View Associated Groover Files

C:\Program Files\groover300820151711\Bodtykra.dll C:\Program Files\groover300820151711\Bodtykra64.dll C:\Program Files\groover300820151711\brwbl.bin C:\Program Files\groover300820151711\Colmugt.dll C:\Program Files\groover300820151711\Colmugt64.dll C:\Program Files\groover300820151711\csrcc.exe C:\Program Files\groover300820151711\dr_inst.exe C:\Program Files\groover300820151711\Euineis.bat C:\Program Files\groover300820151711\Firefox\chrome\content\libraries\DataExchangeScript.js C:\Program Files\groover300820151711\Firefox\chrome\content\main.js C:\Program Files\groover300820151711\Firefox\chrome\content\main.xul C:\Program Files\groover300820151711\Firefox\chrome\content\resources\LocalScript.js C:\Program Files\groover300820151711\Firefox\chrome\locale\en-US\overlay.dtd C:\Program Files\groover300820151711\Firefox\chrome\skin\overlay.css C:\Program Files\groover300820151711\Firefox\chrome.manifest C:\Program Files\groover300820151711\Firefox\defaults\preferences\defaults.js C:\Program Files\groover300820151711\Firefox\icon.png C:\Program Files\groover300820151711\Firefox\install.rdf C:\Program Files\groover300820151711\Firefox\{36D83219-421C-436D-87A7-0682A3781DE1}.xpi C:\Program Files\groover300820151711\freebl3.dll C:\Program Files\groover300820151711\gcpum.dll C:\Program Files\groover300820151711\Gujrijo.exe C:\Program Files\groover300820151711\KabgiPolu.exe C:\Program Files\groover300820151711\Kautumuu.dll C:\Program Files\groover300820151711\Kautumuu.EXE C:\Program Files\groover300820151711\Kautumuu64.dll C:\Program Files\groover300820151711\libnspr4.dll C:\Program Files\groover300820151711\libplc4.dll C:\Program Files\groover300820151711\libplds4.dll C:\Program Files\groover300820151711\libraries\DataExchangeScript.js C:\Program Files\groover300820151711\Lotbi.exe C:\Program Files\groover300820151711\Lotbi64.exe C:\Program Files\groover300820151711\Misnhl.dll C:\Program Files\groover300820151711\Misnhl64.dll C:\Program Files\groover300820151711\mispanjiu.exe C:\Program Files\groover300820151711\mispanjiu64.exe C:\Program Files\groover300820151711\nfregdrv64.exe C:\Program Files\groover300820151711\nss3.dll C:\Program Files\groover300820151711\nssckbi.dll C:\Program Files\groover300820151711\nssdbm3.dll C:\Program Files\groover300820151711\nssutil3.dll C:\Program Files\groover300820151711\prc.exe C:\Program Files\groover300820151711\prdt.bin C:\Program Files\groover300820151711\resources\LocalScript.js C:\Program Files\groover300820151711\rmvall.exe C:\Program Files\groover300820151711\Shbymqyl.dll C:\Program Files\groover300820151711\smime3.dll C:\Program Files\groover300820151711\softokn3.dll C:\Program Files\groover300820151711\sqlite3.dll C:\Program Files\groover300820151711\ssl3.dll C:\Program Files\groover300820151711\Teweg.dll C:\Program Files\groover300820151711\Teweg64.dll C:\Program Files\groover300820151711\tree.js C:\Program Files\groover300820151711\Ukoslu.dll C:\Program Files\groover300820151711\Ukoslu64.dll C:\Program Files\groover300820151711\unins000.dat C:\Program Files\groover300820151711\unins000.exe C:\Program Files\groover300820151711\wrapper.exe C:\Program Files\groover300820151711\Zhyyoqam.exe %Temp%\oprun24033.exe %Temp%\oprun30645.exe %Temp%\SpOrder.dll %Temp%folder\ortmp\freebl3.dll %Temp%folder\ortmp\libnspr4.dll %Temp%folder\ortmp\libplc4.dll %Temp%folder\ortmp\libplds4.dll %Temp%folder\ortmp\nss3.dll %Temp%folder\ortmp\nssckbi.dll %Temp%folder\ortmp\nssdbm3.dll %Temp%folder\ortmp\nssutil3.dll %Temp%folder\ortmp\orion.exe %Temp%folder\ortmp\smime3.dll %Temp%folder\ortmp\softokn3.dll %Temp%folder\ortmp\sqlite3.dll %Temp%folder\ortmp\ssl3.dll C:\Users\User\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt C:\Users\User\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\sts.js C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js C:\Users\User\AppData\Roaming\ortmp\uninstaller.exe C:\Windows\SysWOW64\Kautumuu.dll C:\Windows\SysWOW64\Kautumuu.ini C:\Windows\SysWOW64\KautumuuOff.ini C:\Windows\System32\drivers\bsdriver.sys C:\Windows\System32\drivers\cherimoya.sys C:\Windows\System32\Tasks\Pesdyhme C:\Windows\System32\Kautumuu64.dll C:\Windows\System32\KautumuuOff.ini C:\Windows\System32\kaxf\unia\ibu.dat C:\Windows\Temp\Kautumuu.log

File Location Notes:

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\<Current User>\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\<Current User>\AppData\Local\Temp in Windows Vista, Windows 7, and Windows 8.

View Associated Groover Registry Information

HKCU\Software\Classes\Software\{78427AE8-76E6-4C75-8C84-CB84491D626C}\Name C:\Program Files\groover300820151711\Lotbi.exe HKCU\Software\{78427AE8-76E6-4C75-8C84-CB84491D626C} HKCU\Software\{78427AE8-76E6-4C75-8C84-CB84491D626C}\Name C:\Program Files\groover300820151711\Lotbi.exe HKLM\SOFTWARE\Classes\AppID\Colmugt.DLL HKLM\SOFTWARE\Classes\AppID\Kautumuu.EXE HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} HKLM\SOFTWARE\Classes\AppID\{457ABC5B-E6A7-451F-9102-52D78BE875F8} HKLM\SOFTWARE\Classes\AppID\{9C84BC47-0FEE-4F32-85E9-4C6E77846015} HKLM\SOFTWARE\Classes\AppID\{C7AE4248-ABE8-4EEF-9DB9-719ABBB1B498} HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A} HKLM\SOFTWARE\Classes\CLSID\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Classes\CLSID\{676BD830-F592-4A5D-8502-3B2CBD83A199} HKLM\SOFTWARE\Classes\CLSID\{93821D1D-1047-4239-AA97-40E028199390} HKLM\SOFTWARE\Classes\CLSID\{AF8B3E35-A68A-4788-BDDA-76D8AE1C4064} HKLM\SOFTWARE\Classes\Interface\{024FA984-B503-4E9B-87E8-16562DEF23D9} HKLM\SOFTWARE\Classes\Interface\{4DCA032D-5A6E-4592-AA58-832B9EFA1256} HKLM\SOFTWARE\Classes\Interface\{5172759D-F46E-4338-8F3A-65E01BB544E3} HKLM\SOFTWARE\Classes\Interface\{545A0A06-3DA4-41E1-BD2B-6F3604DD762B} HKLM\SOFTWARE\Classes\Interface\{61FE27E6-82A6-402E-BEC9-7DC46B9D139A} HKLM\SOFTWARE\Classes\Interface\{7A8293EC-43F2-4783-8888-C28BD2C2589A} HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} HKLM\SOFTWARE\Classes\Interface\{DF0FE672-DAB8-495E-9074-5405057BB9F2} HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} HKLM\SOFTWARE\Classes\Interface\{EC7FABCF-3CFB-4404-8BD0-9BC6D7044DA1} HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} HKLM\SOFTWARE\Classes\TypeLib\{13B77022-DB7B-4112-9B33-FA1F3F6D04B5} HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744} HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} HKLM\SOFTWARE\Classes\TypeLib\{DD196F04-8A5B-4355-A430-463AEB70FE31} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{022B36B1-878C-43EB-8801-172A81083ADF} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{26688F0C-58D6-46C5-83E0-0DFA4231AAE2} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{676BD830-F592-4A5D-8502-3B2CBD83A199} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{93821D1D-1047-4239-AA97-40E028199390} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97E0BD08-376C-4290-97AE-727AB0DB4BD1} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AF8B3E35-A68A-4788-BDDA-76D8AE1C4064} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BB03F9E5-E8F1-44AB-93A4-65D4E301EFBD} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DB021D91-1EE3-4CC0-80AF-85EEE0CE9C1B} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{024FA984-B503-4E9B-87E8-16562DEF23D9} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4DCA032D-5A6E-4592-AA58-832B9EFA1256} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5172759D-F46E-4338-8F3A-65E01BB544E3} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{545A0A06-3DA4-41E1-BD2B-6F3604DD762B} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{61FE27E6-82A6-402E-BEC9-7DC46B9D139A} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7A8293EC-43F2-4783-8888-C28BD2C2589A} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DF0FE672-DAB8-495E-9074-5405057BB9F2} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EC7FABCF-3CFB-4404-8BD0-9BC6D7044DA1} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\Colmugt.DLL HKLM\SOFTWARE\Classes\Wow6432Node\AppID\Kautumuu.EXE HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{457ABC5B-E6A7-451F-9102-52D78BE875F8} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{9C84BC47-0FEE-4F32-85E9-4C6E77846015} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C7AE4248-ABE8-4EEF-9DB9-719ABBB1B498} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{13B77022-DB7B-4112-9B33-FA1F3F6D04B5} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{DD196F04-8A5B-4355-A430-463AEB70FE31} HKLM\SOFTWARE\Classes\Extension.Maqyjam HKLM\SOFTWARE\Classes\Extension.Maqyjam.1 HKLM\SOFTWARE\Classes\KautumuuLib.FelEzoznoko HKLM\SOFTWARE\Classes\KautumuuLib.FelEzoznoko.1 HKLM\SOFTWARE\Classes\KautumuuLib.IchhEsyhjuwle HKLM\SOFTWARE\Classes\KautumuuLib.IchhEsyhjuwle.1 HKLM\SOFTWARE\Classes\KautumuuLib.KapTepcis HKLM\SOFTWARE\Classes\KautumuuLib.KapTepcis.1 HKLM\SOFTWARE\Classes\KautumuuLib.MeovVockeerboi HKLM\SOFTWARE\Classes\KautumuuLib.MeovVockeerboi.1 HKLM\SOFTWARE\Classes\KautumuuLib.TioEkootbuji HKLM\SOFTWARE\Classes\KautumuuLib.TioEkootbuji.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\groover300820151711 C:\Program Files\groover300820151711\Lotbi.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\groover30082015171164 C:\Program Files\groover300820151711\Lotbi64.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36D83219-421C-436D-87A7-0682A3781DE1}_is1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FA9542A-D3E4-4EE8-9FD7-C4C8454B199F} HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pesdyhme HKLM\SOFTWARE\Mozilla\Firefox HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cmdrun cmd.exe /C ipconfig /flushdns HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{022B36B1-878C-43EB-8801-172A81083ADF} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{15EF9606-13BC-4E64-8581-E534ADE68205} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26688F0C-58D6-46C5-83E0-0DFA4231AAE2} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{36D83219-421C-436D-87A7-0682A3781DE1} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{676BD830-F592-4A5D-8502-3B2CBD83A199} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{93821D1D-1047-4239-AA97-40E028199390} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97E0BD08-376C-4290-97AE-727AB0DB4BD1} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF8B3E35-A68A-4788-BDDA-76D8AE1C4064} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB03F9E5-E8F1-44AB-93A4-65D4E301EFBD} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB021D91-1EE3-4CC0-80AF-85EEE0CE9C1B} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{024FA984-B503-4E9B-87E8-16562DEF23D9} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4DCA032D-5A6E-4592-AA58-832B9EFA1256} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5172759D-F46E-4338-8F3A-65E01BB544E3} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{545A0A06-3DA4-41E1-BD2B-6F3604DD762B} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{61FE27E6-82A6-402E-BEC9-7DC46B9D139A} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7A8293EC-43F2-4783-8888-C28BD2C2589A} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF0FE672-DAB8-495E-9074-5405057BB9F2} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EC7FABCF-3CFB-4404-8BD0-9BC6D7044DA1} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\Colmugt.DLL HKLM\SOFTWARE\Wow6432Node\Classes\AppID\Kautumuu.EXE HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{457ABC5B-E6A7-451F-9102-52D78BE875F8} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{9C84BC47-0FEE-4F32-85E9-4C6E77846015} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{C7AE4248-ABE8-4EEF-9DB9-719ABBB1B498} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{13B77022-DB7B-4112-9B33-FA1F3F6D04B5} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{DD196F04-8A5B-4355-A430-463AEB70FE31} HKLM\SOFTWARE\Wow6432Node\groover300820151711 HKLM\SOFTWARE\groover300820151711 HKLM\SYSTEM\CurrentControlSet\services\21C49BB6-7CDB-478F-8D05-44C6F236D73A HKLM\SYSTEM\CurrentControlSet\services\bsdriver HKLM\SYSTEM\CurrentControlSet\services\cherimoya HKLM\SYSTEM\CurrentControlSet\services\csrcc HKLM\SYSTEM\CurrentControlSet\services\GakmHerk HKLM\SYSTEM\CurrentControlSet\services\groover300820151711 Updater HKLM\SYSTEM\CurrentControlSet\services\Kautumuu

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus,Trojan,Spyware, and Malware Removal Logs forum.