Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please please help - you guys are the best & our computer is a me

malware virus ValueApps Shopper-pro

  • This topic is locked This topic is locked

#31
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Let it finish. I know it may take countless hours. Be patient :)

 

Naat


  • 0

Advertisements


#32
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
It's been 23 hrs and 12 min and still scanning? Is this normal ?
  • 0

#33
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
It's on heuristic analysis
  • 0

#34
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
OK, let's turn it off. Move on for the ESET scan.
  • 0

#35
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Ok I started the eset scan yesterday.. It's still running and has been at 99% complete since yesterday. There are 268 threats.. It seems to be stuck on scanning the zoek program.. I mean, it's running but it's said 99% since yesterday. Don't think this is normal and should I stop it?!
Thanks
  • 0

#36
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

It's really strange. Let's try a different scanner.


aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and select C:\.
  • Select scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!


  • 0

#37
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-28 23:28:15
-----------------------------
23:28:15.093    OS Version: Windows x64 6.1.7601 Service Pack 1
23:28:15.093    Number of processors: 2 586 0x170A
23:28:15.093    ComputerName: STEPHEN-PC  UserName: Stephen
23:28:17.572    Initialize success
23:28:17.572    VM: initialized successfully
23:28:17.723    VM: Intel CPU supported 
23:28:19.932    VM: supported disk I/O iaStor.sys
23:28:39.220    AVAST engine defs: 14072802
23:28:43.274    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:28:43.277    Disk 0 Vendor: Hitachi_ STDO Size: 610480MB BusType: 3
23:28:43.652    VM: Disk 0 MBR read successfully
23:28:43.654    Disk 0 MBR scan
23:28:43.686    Disk 0 Windows 7 default MBR code
23:28:43.742    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14000 MB offset 2048
23:28:43.778    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 28674048
23:28:43.783    Disk 0 default boot code
23:28:43.856    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       596378 MB offset 28878848
23:28:44.374    Disk 0 scanning C:\Windows\system32\drivers
23:29:23.165    Service scanning
23:29:52.890    Modules scanning
23:29:52.897    Disk 0 trace - called modules:
23:29:52.923    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
23:29:52.928    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057b5060]
23:29:52.934    3 CLASSPNP.SYS[fffff880013af43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ce050]
23:29:54.023    AVAST engine scan C:\
23:29:59.664    File: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MgAssist.exe.vir  **INFECTED** Win32:Mobogenie-R [Adw]
23:30:56.826    File: C:\FRST\Quarantine\C\Users\Stephen\Downloads\javatr625.exe.xBAD  **INFECTED** Win32:Adware-gen [Adw]
00:40:21.222    File: C:\Users\Stephen\Downloads\Flash Player 12 (3).exe  **INFECTED** Win32:Adware-gen [Adw]
00:40:25.742    File: C:\Users\Stephen\Downloads\FLVPlayerSetup.exe  **INFECTED** Win32:Adware-gen [Adw]
00:43:01.471    File: C:\Users\Stephen\Downloads\Minecraft-Download (1).exe  **INFECTED** Win32:Dropper-gen [Drp]
00:43:10.481    File: C:\Users\Stephen\Downloads\Minecraft-Download.exe  **INFECTED** Win32:Dropper-gen [Drp]
00:44:56.488    File: C:\Users\Stephen\Downloads\zoek (1).exe  **INFECTED** Win32:Malware-gen
00:44:59.130    File: C:\Users\Stephen\Downloads\zoek (4).exe  **INFECTED** Win32:Malware-gen
00:45:00.493    File: C:\Users\Stephen\Downloads\zoek.exe  **INFECTED** Win32:Malware-gen
02:34:07.209    File: C:\zoek_backup\C_PROGRA~2_BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\SupraSavingsService64.exe  **INFECTED** Win64:Adware-C [Adw]
02:34:07.473    File: C:\zoek_backup\C_PROGRA~2_BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\uninstall_l.exe  **INFECTED** Win32:Dropper-gen [Drp]
02:35:44.507    File: C:\zoek_backup\C_Users_Stephen_AppData_Local_Temp_file_to_run551976.exe.vir  **INFECTED** Win32:Adware-gen [Adw]
02:37:17.936    File: C:\zoek_backup\C_Users_Stephen_AppData_Local_Temp_Minecraft (1).exe\cf213051b29e4088a264d24bad564de3\1\globalKeyChecker.exe  **INFECTED** Win32:Malware-gen
02:37:33.197    File: C:\zoek_backup\C_Users_Stephen_AppData_Local_Temp_Minecraft (1).exe\cf213051b29e4088a264d24bad564de3\globalKeyChecker.exe  **INFECTED** Win32:Malware-gen
02:42:19.396    File: C:\zoek_backup\C_Users_Stephen_Downloads_java_installer.exe.vir  **INFECTED** Win32:Rootkit-gen [Rtk]
02:42:51.794    Scan finished successfully
07:03:00.966    Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
07:03:00.972    The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR2.txt"

Edited by ztastorm, 29 July 2014 - 05:04 AM.

  • 0

#38
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Please do not edit your posts. It makes me difficult to determine what was added/removed. In any case just post a new reply, I don't mind multiple posting if necessary.

Another one to go, due to MBAM & ESET issues.



grayhitmanpro_16px.png Scan with HitmanPro

In any case don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download HitmanPro by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on grayhitmanpro_16px.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button. You must agree with the terms of EULA (if asked).
  • Check the box beside No, I only want to perform a one-time scan to check this computer.
  • Click on the Next button.
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore.
    • If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!
      Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.
  • Click on the Next button.
  • Click on the Save Log button.
  • Save that file to your desktop.
Please include that logfile in your next reply.
Don't forget to re-enable your previously switched-off protection software!
  • 0

#39
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Hi there-

I edited bc I realized that I posted an incomplete scan logfile..so I reposted the complete logfile so you would have accurate info  :thumbsup: !

Here's the Hitman Log:

 

HitmanPro 3.7.9.221
www.hitmanpro.com
 
   Computer name . . . . : STEPHEN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Stephen-PC\Stephen
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-07-29 16:15:05
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 38m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 15
   Traces  . . . . . . . : 158
 
   Objects scanned . . . : 1,997,809
   Files scanned . . . . : 83,654
   Remnants scanned  . . : 600,526 files / 1,313,629 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\xpcomponent.dll
      Size . . . . . . . : 103,936 bytes
      Age  . . . . . . . : 630.8 days (2012-11-05 21:54:48)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 2E9BFFDB1A992D3DAABAA04976445BCDD34B85F06C4E115A45AFE0343C95FDF0
    > Bitdefender  . . . : Generic.Adware.GVance.8359ECC9
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Persi.aw
      Fuzzy  . . . . . . : 106.0
 
   C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe
      Size . . . . . . . : 227,072 bytes
      Age  . . . . . . . : 22.7 days (2014-07-06 23:17:21)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 4186BE743F5CD511CF5658E41D97472CEFEE055617E309BC527D074A42112973
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Application.Bundler.Somoto.J
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.allm
      Fuzzy  . . . . . . : 107.0
 
   C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe
      Size . . . . . . . : 227,056 bytes
      Age  . . . . . . . : 22.7 days (2014-07-06 23:18:05)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : FE6C1942AC6F7B3AD6E5201F6E5AF618763109780118F661A9E72DDD7D424527
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Application.Bundler.Somoto.J
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.allm
      Fuzzy  . . . . . . : 107.0
      Forensic Cluster
         -37.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B003DC48-80A0-4ED2-AE1B-5C81A45D1AF8}
         -33.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C9C0FD2D-750A-4D5B-9C5F-E5C33340C58A}
         -32.5s C:\Users\Stephen\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QF5FBON\sub.unconsiderate[1].xml
         -2.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0863090F-AC80-489A-B6CB-A73CE9BBD221}
          0.0s C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe
         10.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5AE28A71-ABB2-47EC-99C1-78350F87E161}
         10.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5AE28A71-ABB2-47EC-99C1-78350F87E161}
         10.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5AE28A71-ABB2-47EC-99C1-78350F87E161}
         30.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2300731C-89CD-49CB-A663-487D7E79F931}
         32.8s C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
         32.9s C:\Users\Stephen\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
         32.9s C:\Users\Stephen\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
         32.9s C:\Users\Stephen\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
         32.9s C:\Users\Stephen\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
         32.9s C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
         32.9s C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
         32.9s C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
         43.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{385B1565-394C-4572-96D8-5F376F793B6E}
         53.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F5787DC0-DD8A-4E27-B80F-8B99D16F1AC2}
         57.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{457F1403-BA97-49B1-9C5D-F697808DE2E5}
         57.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{457F1403-BA97-49B1-9C5D-F697808DE2E5}
         57.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{457F1403-BA97-49B1-9C5D-F697808DE2E5}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
         61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
 
   C:\Users\Stephen\Downloads\Minecraft (1).exe
      Size . . . . . . . : 236,192 bytes
      Age  . . . . . . . : 305.0 days (2013-09-27 16:53:51)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : BB1BDE1E769BC1975E42C83E64478EEA9B4ACB95CD4E68DB8580857849952F23
      Product  . . . . . : Setup
      Publisher  . . . . : Tuguu S.L.U
      Description
      Version  . . . . . : 2.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Dropped:Trojan.Generic.11269951
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\Stephen\Downloads\Minecraft (2).exe
      Size . . . . . . . : 236,208 bytes
      Age  . . . . . . . : 305.0 days (2013-09-27 16:55:46)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : E4CF0452B7629AE5D686F5024CAF05F7C03EB5D7FD2ECB935D202E69083C9D1D
      Product  . . . . . : Setup
      Publisher  . . . . : Tuguu S.L.U
      Description
      Version  . . . . . : 2.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Dropped:Trojan.Generic.11269951
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Lollipop.qp
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\Stephen\Downloads\Player_Setup (1).exe
      Size . . . . . . . : 243,384 bytes
      Age  . . . . . . . : 305.9 days (2013-09-26 18:12:26)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A9C3DCFCBEA6503990CEE5806199EC8DAA1C00C37C8184CA035A81E6008A0864
      Product  . . . . . : Setup
      Publisher  . . . . : Tuguu S.L.U
      Description
      Version  . . . . . : 2.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Dropped:Trojan.Generic.11296232
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\Stephen\Downloads\Player_Setup (2).exe
      Size . . . . . . . : 243,256 bytes
      Age  . . . . . . . : 305.9 days (2013-09-26 18:12:44)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 2F28D8AEA7FDAAC448EAFB32B669B6FF89B8EFE7F3081B1695216ED14F988C13
      Product  . . . . . : Setup
      Publisher  . . . . : Tuguu S.L.U
      Description
      Version  . . . . . : 2.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Dropped:Trojan.Generic.11296232
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\Stephen\Downloads\Player_Setup (3).exe
      Size . . . . . . . : 243,240 bytes
      Age  . . . . . . . : 305.9 days (2013-09-26 18:12:44)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 173EAB7D83B0DE477EBB737451011C7C04711D336277E3E29E9E0EE8516A27AF
      Product  . . . . . : Setup
      Publisher  . . . . : Tuguu S.L.U
      Description
      Version  . . . . . : 2.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Dropped:Trojan.Generic.11296232
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\Stephen\Downloads\Player_Setup.exe
      Size . . . . . . . : 243,240 bytes
      Age  . . . . . . . : 305.9 days (2013-09-26 18:12:26)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : BF3F7CEE0BCDCB7DC7CC1DE3E5B205D64549BFD4C12D66458BE1DD86492EB864
      Product  . . . . . : Setup
      Publisher  . . . . : Tuguu S.L.U
      Description
      Version  . . . . . : 2.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Dropped:Trojan.Generic.11296232
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\Stephen\Downloads\Setup (1).exe
      Size . . . . . . . : 471,504 bytes
      Age  . . . . . . . : 218.0 days (2013-12-23 16:21:41)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 29D61E501E10022508D72D3C0535C18127CA8D754D4BBC195E350463BE4C9D96
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.DomaIQ.ekr
      Fuzzy  . . . . . . : 103.0
 
   C:\Users\Stephen\Downloads\setup (15).exe
      Size . . . . . . . : 774,568 bytes
      Age  . . . . . . . : 20.0 days (2014-07-09 17:21:45)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 7799EC59FE5598B1904F754B162054E5F756AEAB33041A17083AADBDD4E72724
      Product  . . . . . : Software Updater                                         
      Publisher  . . . . : AirInstaller                                  
      Description  . . . : Software Updater                  
      Version  . . . . . : 2.0.19.0
      Copyright  . . . . : (c) AirInstaller                  
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.AirAdInstaller.cdgd
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
          0.0s C:\Users\Stephen\Downloads\setup (15).exe
          0.0s C:\Users\Stephen\Downloads\setup (15).exe
 
   C:\Users\Stephen\Downloads\Setup (2).exe
      Size . . . . . . . : 462,264 bytes
      Age  . . . . . . . : 186.9 days (2014-01-23 18:22:52)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : E8D14AEAE0102C22C722E791EE32BDEFE91E2F7CC6B8ADCAE0A5B7F8C31E51EF
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.MSIL.DomaIQ.bgn
      Fuzzy  . . . . . . : 103.0
 
   C:\Users\Stephen\Downloads\Setup (3).exe
      Size . . . . . . . : 462,264 bytes
      Age  . . . . . . . : 186.9 days (2014-01-23 18:45:26)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 9946DCC285C3F5826A4414A4D99931BA87C897B4EB52E468E667CAC62AD7553A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.MSIL.DomaIQ.bgn
      Fuzzy  . . . . . . : 103.0
 
   C:\Users\Stephen\Downloads\Setup.exe
      Size . . . . . . . : 471,504 bytes
      Age  . . . . . . . : 218.0 days (2013-12-23 16:01:49)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 5118461163435C2409A5AA59198954CA96B7AE76A0D04527C09FD8716C78DFF0
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.DomaIQ.ekr
      Fuzzy  . . . . . . : 103.0
 
   C:\Users\Stephen\Downloads\SkyrimModsMale_downloader-If0WNgv6X.exe
      Size . . . . . . . : 229,384 bytes
      Age  . . . . . . . : 32.1 days (2014-06-27 13:51:01)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 596E2D686F9266E151BDE746898B0AC4939B01A2144A32A16D3F2A3AB65FBF91
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Application.Bundler.Somoto.J
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.allm
      Fuzzy  . . . . . . : 107.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Stephen\Desktop\FRST64.exe
      Size . . . . . . . : 2,093,568 bytes
      Age  . . . . . . . : 5.4 days (2014-07-24 07:23:20)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 70424066CD60A682FD582B66DD8D3AF350C802B96E4FE3DD161AC4780EB2F1FF
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -1.8s C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_secure-us.imrworldwide.com_0.localstorage
         -1.7s C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_secure-us.imrworldwide.com_0.localstorage-journal
          0.0s C:\Users\Stephen\Desktop\FRST64.exe
          0.3s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.457.Crwl
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\Interface\{050000CE-F9D5-4145-9490-DB9E7E40FDF9}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{476DAA21-E0C3-4EEB-B27B-5F4123334ABA}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{7DE6769A-E482-4AB7-8ED9-0CAFEA11D687}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{813F8915-C940-44ED-ADED-8B782D85FA87}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{8D182E50-D646-49FF-B518-34B09BDF5375}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{9563917C-2D1F-4E92-A90F-01E470099B68}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{A182C848-76B5-4473-B742-A688D38982A1}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{AC5C40D0-DC3A-4406-A35C-9102C5FA4D7E}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{C336533A-5E74-457F-AD87-9598F4AADF49}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{C8C14216-4D34-4866-B66E-BC25B98FCCCA}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{E54B3747-7507-43B0-8537-A64189F28B35}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{F761BABE-0622-4DCE-A1B0-9D1BCA75DFEF}\ (Iminent)
   HKLM\SOFTWARE\Classes\Interface\{F98F0DE1-9B6F-4C87-8E08-6EE5928D8558}\ (Iminent)
   HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9\ (DealPly)
   HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3\ (DealPly)
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DF51AD29-5239-441A-B921-E655C8162060}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}\ (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job.fp (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job.fp (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Linksicle\ (Linksicle)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32\ (BrowserSafeguard)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS\ (BrowserSafeguard)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\optprosetup_RASAPI32\ (PCOptimizerPro)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\ (DealPly)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\ (DealPly)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\.DEFAULT\Software\Conduit\ (Conduit)
   HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit\ (Conduit)
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18\Software\Conduit\ (Conduit)
   HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Crossrider\ (iPumper)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\PriceGong\ (PriceGong)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\SmartBar\ (Conduit)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ (Conduit)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}\ (AskBar)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ (Rocketfuel)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}\ (Conduit)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ (Conduit)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}\ (AskBar)
   HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}\ (Conduit)
 
Repairs _____________________________________________________________________
 
   Proxy server on this computer (User)
   127.0.0.1:61896
 
   Proxy server on this computer (User)
   127.0.0.1:61896
 
   Proxy server on this computer (User)
   127.0.0.1:61896
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bridgetrack.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:sparknetworks.112.2o7.net
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\3LBETWS1.txt
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\3NKBJPTO.txt
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\3SX26HHV.txt
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\6G968A4E.txt
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\C1WMRK52.txt
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\D5TM5G6J.txt
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\KGZGROCU.txt
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\PVKQPZBW.txt
   C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\QVF9351Z.txt
 
 

  • 0

#40
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)


Update me on your current status. Are you experiencing any other issues?



51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    autoclean;
    resetIEproxy;
    C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384};fs
    {ec8030f7-c20a-464f-9b0e-13a3a9e97384};c
    C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe;f
    C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe;f
    C:\Users\Stephen\Downloads\Minecraft (1).exe;f
    C:\Users\Stephen\Downloads\Minecraft (2).exe;f
    C:\Users\Stephen\Downloads\Player_Setup (1).exe;f
    C:\Users\Stephen\Downloads\Player_Setup (2).exe;f
    C:\Users\Stephen\Downloads\Player_Setup (3).exe;f
    C:\Users\Stephen\Downloads\Player_Setup.exe;f
    C:\Users\Stephen\Downloads\Setup (1).exe;f
    C:\Users\Stephen\Downloads\setup (15).exe;f
    C:\Users\Stephen\Downloads\Setup (2).exe;f
    C:\Users\Stephen\Downloads\Setup (3).exe;f
    C:\Users\Stephen\Downloads\Setup.exe;f
    C:\Users\Stephen\Downloads\SkyrimModsMale_downloader-If0WNgv6X.exe;f
    {050000CE-F9D5-4145-9490-DB9E7E40FDF9};c
    {476DAA21-E0C3-4EEB-B27B-5F4123334ABA};c
    {7DE6769A-E482-4AB7-8ED9-0CAFEA11D687};c
    {813F8915-C940-44ED-ADED-8B782D85FA87};c
    {8D182E50-D646-49FF-B518-34B09BDF5375};c
    {9563917C-2D1F-4E92-A90F-01E470099B68};c
    {A182C848-76B5-4473-B742-A688D38982A1};c
    {AC5C40D0-DC3A-4406-A35C-9102C5FA4D7E};c
    {C336533A-5E74-457F-AD87-9598F4AADF49};c
    {C8C14216-4D34-4866-B66E-BC25B98FCCCA};c
    {E54B3747-7507-43B0-8537-A64189F28B35};c
    {F761BABE-0622-4DCE-A1B0-9D1BCA75DFEF};c
    {F98F0DE1-9B6F-4C87-8E08-6EE5928D8558};c
    [-HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9];r
    [-HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3];r
    [-HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}];r
    [-HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}];r
    [-HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}];r
    [-HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}];r
    [-HKLM\SOFTWARE\Classes\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{DF51AD29-5239-441A-B921-E655C8162060}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}];r64
    [-HKLM\SOFTWARE\Classes\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}];r64
    [-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job];r
    [-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job.fp];r
    [-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job];r
    [-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job.fp];r
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964];r
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467];r
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}];r
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}];r
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}];r
    [-HKLM\SOFTWARE\Linksicle];r64
    [-HKLM\SOFTWARE\Microsoft\Tracing\Browsersafeguard_RASAPI32];r64
    [-HKLM\SOFTWARE\Microsoft\Tracing\Browsersafeguard_RASMANCS];r64
    [-HKLM\SOFTWARE\Microsoft\Tracing\optprosetup_RASAPI32];r64
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}];r64
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}];r64
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}];r64
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}];r64
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}];r64
    [-HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r
    [-HKU\.DEFAULT\Software\Conduit];r
    [-HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r
    [-HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit];r
    [-HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r
    [-HKU\S-1-5-18\Software\Conduit];r
    [-HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r
    [-HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r
    [-HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r
    [-HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Conduit];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Crossrider];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\PriceGong];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\SmartBar];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}];r
    [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}];r
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.


51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.


  • 0

Advertisements


#41
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Hi there - 

It is running better! Not as good as it was last week (slightly slower) but no extra popups lately!!

Here are the logs;

 

 
Zoek.exe v5.0.0.0 Updated 29-07-2014
Tool run by Stephen on Wed 07/30/2014 at 21:44:05.31.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Stephen\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-07-19-163142.log 59583 bytes
C:\zoek-results2014-07-19-191857.log 44363 bytes
C:\zoek-results2014-07-23-115613.log 467434 bytes
 
==== System Restore Info ======================
 
7/30/2014 9:45:24 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_CLASSES_ROOT\Interface\{050000CE-F9D5-4145-9490-DB9E7E40FDF9} deleted successfully
HKEY_CLASSES_ROOT\Interface\{476DAA21-E0C3-4EEB-B27B-5F4123334ABA} deleted successfully
HKEY_CLASSES_ROOT\Interface\{7DE6769A-E482-4AB7-8ED9-0CAFEA11D687} deleted successfully
HKEY_CLASSES_ROOT\Interface\{813F8915-C940-44ED-ADED-8B782D85FA87} deleted successfully
HKEY_CLASSES_ROOT\Interface\{8D182E50-D646-49FF-B518-34B09BDF5375} deleted successfully
HKEY_CLASSES_ROOT\Interface\{9563917C-2D1F-4E92-A90F-01E470099B68} deleted successfully
HKEY_CLASSES_ROOT\Interface\{A182C848-76B5-4473-B742-A688D38982A1} deleted successfully
HKEY_CLASSES_ROOT\Interface\{AC5C40D0-DC3A-4406-A35C-9102C5FA4D7E} deleted successfully
HKEY_CLASSES_ROOT\Interface\{C336533A-5E74-457F-AD87-9598F4AADF49} deleted successfully
HKEY_CLASSES_ROOT\Interface\{C8C14216-4D34-4866-B66E-BC25B98FCCCA} deleted successfully
HKEY_CLASSES_ROOT\Interface\{E54B3747-7507-43B0-8537-A64189F28B35} deleted successfully
HKEY_CLASSES_ROOT\Interface\{F761BABE-0622-4DCE-A1B0-9D1BCA75DFEF} deleted successfully
HKEY_CLASSES_ROOT\Interface\{F98F0DE1-9B6F-4C87-8E08-6EE5928D8558} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Registry Fix Code ======================
 
Windows Registry Editor Version 5.00
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job.fp] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job.fp] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] 
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] 
[-HKEY_USERS\.DEFAULT\Software\Conduit] 
[-HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] 
[-HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit] 
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] 
[-HKEY_USERS\S-1-5-18\Software\Conduit] 
[-HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] 
[-HKEY_USERS\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] 
[-HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] 
[-HKEY_USERS\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Conduit] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Crossrider] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\PriceGong] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\SmartBar] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}] 
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}] 
 
==== Registry Fix Code x64 ======================
 
Windows Registry Editor Version 5.00
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF51AD29-5239-441A-B921-E655C8162060}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Linksicle] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Browsersafeguard_RASAPI32] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Browsersafeguard_RASMANCS] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\optprosetup_RASAPI32] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] 
 
==== Deleting Files \ Folders ======================
 
C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} deleted
C:\Users\Stephen\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe" deleted
"C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe" deleted
"C:\Users\Stephen\Downloads\Minecraft (1).exe" deleted
"C:\Users\Stephen\Downloads\Minecraft (2).exe" deleted
"C:\Users\Stephen\Downloads\Player_Setup (1).exe" deleted
"C:\Users\Stephen\Downloads\Player_Setup (2).exe" deleted
"C:\Users\Stephen\Downloads\Player_Setup (3).exe" deleted
"C:\Users\Stephen\Downloads\Player_Setup.exe" deleted
"C:\Users\Stephen\Downloads\Setup (1).exe" deleted
"C:\Users\Stephen\Downloads\setup (15).exe" deleted
"C:\Users\Stephen\Downloads\Setup (2).exe" deleted
"C:\Users\Stephen\Downloads\Setup (3).exe" deleted
"C:\Users\Stephen\Downloads\Setup.exe" deleted
"C:\Users\Stephen\Downloads\SkyrimModsMale_downloader-If0WNgv6X.exe" deleted
 
==== Chrome Look ======================
 
Google Voice Search Hotword (Beta) - Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
 
==== Chrome Fix ======================
 
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Secondary Start Pages"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Secondary Start Pages"="http://www.google.com"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE10SR"
{8F3F0499-AC86-4DCD-A4F6-9CD6189C98B6} Bing  Url="http://www.bing.com/...c=IE-SearchBox"
 
==== shortcuts on Users Desktops ======================
 
C:\Users\Stacey\Desktop\oPryzeLP Mod Tool.lnk - C:\Users\Stephen\Desktop\oPryzev1.exe 
C:\Users\Stephen\Desktop\zoek - Shortcut.lnk - C:\Users\Stephen\Downloads\zoek.exe 
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Canon MX450 series On-screen Manual.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MX450 SERIES\English\Info.egv"
C:\Users\Public\Desktop\Easy Phone Sync.lnk - C:\Program Files (x86)\Media Mushroom Limited\Easy Phone Sync\Easy Phone Sync.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Norton Security Scan.LNK - C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.24\Nss.exe 
C:\Users\Public\Desktop\Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe 
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk - C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe 
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe 
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.safesear....40316-170-ch-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear....40316-170-ie-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear....40316-170-ff-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -  
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Easy Phone Sync.lnk - C:\Program Files (x86)\Media Mushroom Limited\Easy Phone Sync\Easy Phone Sync.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Learning Lodge Navigator.lnk - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe lauch
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -  
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Start Google Earth in DirectX mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk -  
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.safesear....40316-170-ch-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear....40316-170-ie-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
 
==== shortcuts After Repair ======================
 
C:\Users\Public\Desktop\Norton Security Scan.LNK - C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.24\Nss.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
 
==== Reset IE Proxy ======================
 
Value(s) before fix:
"ProxyEnable"=dword:00000000
 
Value(s) after fix:
"ProxyEnable"=dword:00000000
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stacey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=4368 folders=969 1586101035 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Stacey\AppData\Local\Temp emptied successfully
C:\Users\Stephen\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Stephen\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" deleted
 
==== EOF on Wed 07/30/2014 at 22:55:28.44 ======================
 
 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 21  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 31.0.1650.63  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials msseces.exe 
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 

  • 0

#42
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

Can you tell me why UAC is disabled there?
If I were you, I'd consider enabling it, as leaving it that way is a risky trick.



updates.png Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your apps need updating:

javacup.png Updating Java manually

  • Click the Start button
  • Click Control Panel
  • Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed.
  • If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
  • From Control panel also please remove any older versions of Java - do not leave them installed!.

Please remember to always keep it up to date.

InternetSexplorer.png Updating Internet Explorer manually

  • Visit THIS website.
  • You will find there IE 11 to be downloaded and installed.

IE is an integrated part of Windows core. Leaving it without updates is a great risk for your data security. Please remember to always keep it up to date.


51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.


  • 0

#43
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Hi Naat I have no idea what UAC is or how it got disabled lol I will go ahead w your instructions now!


  • 0

#44
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

UAC (User Account Control) is technology that limits user permissions, so you need to accept another warning before running any programs. This is made just to be sure that you know what you're doing. Leaving it disabled may be a security risk, as any programs will be able to run without your agreement.

 

Please post the DelFix log and tell me should the UAC stay disabled or not. 

 

We're nearly done :thumbsup:


  • 0

#45
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Ok - can you please show me how to enable UAC? I tried to upload Java but it said I already had the latest version on my system! I was able to update IE and run the scan..here are the results..and yay almost there! Thanku so much for your time and patience!

 

# DelFix v10.8 - Logfile created 01/08/2014 at 00:09:50
# Updated 29/07/2014 by Xplode
# Username : Stephen - STEPHEN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\logFileUI.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2014-07-19-163142.log
Deleted : C:\zoek-results2014-07-19-191857.log
Deleted : C:\zoek-results2014-07-23-115613.log
Deleted : C:\Users\Stephen\Desktop\Addition.txt
Deleted : C:\Users\Stephen\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Stephen\Desktop\aswMBR.exe
Deleted : C:\Users\Stephen\Desktop\aswMBR2.txt
Deleted : C:\Users\Stephen\Desktop\Fixlog.txt
Deleted : C:\Users\Stephen\Desktop\FRST.txt
Deleted : C:\Users\Stephen\Desktop\FRST64.exe
Deleted : C:\Users\Stephen\Desktop\JRT.txt
Deleted : C:\Users\Stephen\Desktop\MBR.dat
Deleted : C:\Users\Stephen\Desktop\OTL.Txt
Deleted : C:\Users\Stephen\Desktop\OTLExtras.Txt
Deleted : C:\Users\Stephen\Desktop\SecurityCheck.exe
Deleted : C:\Users\Stephen\Desktop\zoek - Shortcut.lnk
Deleted : C:\Users\Stephen\Desktop\zoek-results.txt
Deleted : C:\Users\Stephen\Desktop\zoek-results2.txt
Deleted : C:\Users\Stephen\Desktop\zoek-results73014.txt
Deleted : C:\Users\Stephen\Downloads\Addition.txt
Deleted : C:\Users\Stephen\Downloads\AdwCleaner.exe
Deleted : C:\Users\Stephen\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Stephen\Downloads\Extras.Txt
Deleted : C:\Users\Stephen\Downloads\JRT.exe
Deleted : C:\Users\Stephen\Downloads\OTL.exe
Deleted : C:\Users\Stephen\Downloads\Sinon (modify CS).docx
Deleted : C:\Users\Stephen\Downloads\Sinon CS.pdf
Deleted : C:\Users\Stephen\Downloads\zoek (1).exe
Deleted : C:\Users\Stephen\Downloads\zoek (4).exe
Deleted : C:\Users\Stephen\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #944 [Scheduled Checkpoint | 07/20/2014 23:33:14]
Deleted : RP #945 [zoek.exe restore point | 07/23/2014 11:00:16]
Deleted : RP #946 [Windows Update | 07/23/2014 20:49:42]
Deleted : RP #947 [Windows Update | 07/25/2014 07:00:10]
Deleted : RP #948 [Windows Update | 07/29/2014 05:04:41]
Deleted : RP #949 [zoek.exe restore point | 07/31/2014 01:45:06]
Deleted : RP #950 [Windows Modules Installer | 08/01/2014 01:06:44]
Deleted : RP #951 [Windows Modules Installer | 08/01/2014 01:08:05]
Deleted : RP #952 [Windows Modules Installer | 08/01/2014 01:08:36]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, ValueApps, Shopper-pro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP