This topic is lockedLet it finish. I know it may take countless hours. Be patient 
Naat
please please help - you guys are the best & our computer is a me
Started by
ztastorm
, Jul 17 2014 02:20 PM
malware virus ValueApps Shopper-pro
#31
Posted 26 July 2014 - 04:32 AM
Naathim
-
- Expert
-
- 4,568 posts
GeekU Minion
#32
Posted 26 July 2014 - 06:00 AM
ztastorm
- Topic Starter
-
- Member
-
- 86 posts
Member
It's been 23 hrs and 12 min and still scanning? Is this normal ?
#33
Posted 26 July 2014 - 06:01 AM
ztastorm
- Topic Starter
-
- Member
-
- 86 posts
Member
It's on heuristic analysis
#34
Posted 26 July 2014 - 08:51 AM
Naathim
-
- Expert
-
- 4,568 posts
GeekU Minion
OK, let's turn it off. Move on for the ESET scan.
#35
Posted 27 July 2014 - 07:26 PM
ztastorm
- Topic Starter
-
- Member
-
- 86 posts
Member
Ok I started the eset scan yesterday.. It's still running and has been at 99% complete since yesterday. There are 268 threats.. It seems to be stuck on scanning the zoek program.. I mean, it's running but it's said 99% since yesterday. Don't think this is normal and should I stop it?!
Thanks
Thanks
#36
Posted 28 July 2014 - 07:13 AM
Naathim
-
- Expert
-
- 4,568 posts
GeekU Minion
Hi
It's really strange. Let's try a different scanner.
Scan with aswMBR
Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on the icon and select
Run as Administrator to start the tool. - Allow virtualisation if offered.
- If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
- Click the AV Scan: drop down box and select C:\.
- Select scan.
- Upon completion, you will see Scan finished successfully. Click Save log.
Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!
Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!
#37
Posted 28 July 2014 - 09:27 PM
ztastorm
- Topic Starter
-
- Member
-
- 86 posts
Member
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-28 23:28:15
-----------------------------
23:28:15.093 OS Version: Windows x64 6.1.7601 Service Pack 1
23:28:15.093 Number of processors: 2 586 0x170A
23:28:15.093 ComputerName: STEPHEN-PC UserName: Stephen
23:28:17.572 Initialize success
23:28:17.572 VM: initialized successfully
23:28:17.723 VM: Intel CPU supported
23:28:19.932 VM: supported disk I/O iaStor.sys
23:28:39.220 AVAST engine defs: 14072802
23:28:43.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:28:43.277 Disk 0 Vendor: Hitachi_ STDO Size: 610480MB BusType: 3
23:28:43.652 VM: Disk 0 MBR read successfully
23:28:43.654 Disk 0 MBR scan
23:28:43.686 Disk 0 Windows 7 default MBR code
23:28:43.742 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
23:28:43.778 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
23:28:43.783 Disk 0 default boot code
23:28:43.856 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 596378 MB offset 28878848
23:28:44.374 Disk 0 scanning C:\Windows\system32\drivers
23:29:23.165 Service scanning
23:29:52.890 Modules scanning
23:29:52.897 Disk 0 trace - called modules:
23:29:52.923 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:29:52.928 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057b5060]
23:29:52.934 3 CLASSPNP.SYS[fffff880013af43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ce050]
23:29:54.023 AVAST engine scan C:\
23:29:59.664 File: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MgAssist.exe.vir **INFECTED** Win32:Mobogenie-R [Adw]
23:30:56.826 File: C:\FRST\Quarantine\C\Users\Stephen\Downloads\javatr625.exe.xBAD **INFECTED** Win32:Adware-gen [Adw]
00:40:21.222 File: C:\Users\Stephen\Downloads\Flash Player 12 (3).exe **INFECTED** Win32:Adware-gen [Adw]
00:40:25.742 File: C:\Users\Stephen\Downloads\FLVPlayerSetup.exe **INFECTED** Win32:Adware-gen [Adw]
00:43:01.471 File: C:\Users\Stephen\Downloads\Minecraft-Download (1).exe **INFECTED** Win32:Dropper-gen [Drp]
00:43:10.481 File: C:\Users\Stephen\Downloads\Minecraft-Download.exe **INFECTED** Win32:Dropper-gen [Drp]
00:44:56.488 File: C:\Users\Stephen\Downloads\zoek (1).exe **INFECTED** Win32:Malware-gen
00:44:59.130 File: C:\Users\Stephen\Downloads\zoek (4).exe **INFECTED** Win32:Malware-gen
00:45:00.493 File: C:\Users\Stephen\Downloads\zoek.exe **INFECTED** Win32:Malware-gen
02:34:07.209 File: C:\zoek_backup\C_PROGRA~2_BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\SupraSavingsService64.exe **INFECTED** Win64:Adware-C [Adw]
02:34:07.473 File: C:\zoek_backup\C_PROGRA~2_BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\uninstall_l.exe **INFECTED** Win32:Dropper-gen [Drp]
02:35:44.507 File: C:\zoek_backup\C_Users_Stephen_AppData_Local_Temp_file_to_run551976.exe.vir **INFECTED** Win32:Adware-gen [Adw]
02:37:17.936 File: C:\zoek_backup\C_Users_Stephen_AppData_Local_Temp_Minecraft (1).exe\cf213051b29e4088a264d24bad564de3\1\globalKeyChecker.exe **INFECTED** Win32:Malware-gen
02:37:33.197 File: C:\zoek_backup\C_Users_Stephen_AppData_Local_Temp_Minecraft (1).exe\cf213051b29e4088a264d24bad564de3\globalKeyChecker.exe **INFECTED** Win32:Malware-gen
02:42:19.396 File: C:\zoek_backup\C_Users_Stephen_Downloads_java_installer.exe.vir **INFECTED** Win32:Rootkit-gen [Rtk]
02:42:51.794 Scan finished successfully
07:03:00.966 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
07:03:00.972 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR2.txt"
Edited by ztastorm, 29 July 2014 - 05:04 AM.
#38
Posted 29 July 2014 - 08:31 AM
Naathim
-
- Expert
-
- 4,568 posts
GeekU Minion
Hi
Please do not edit your posts. It makes me difficult to determine what was added/removed. In any case just post a new reply, I don't mind multiple posting if necessary.
Another one to go, due to MBAM & ESET issues.
Scan with HitmanPro
In any case don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!
Please download HitmanPro by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Don't forget to re-enable your previously switched-off protection software!
Please do not edit your posts. It makes me difficult to determine what was added/removed. In any case just post a new reply, I don't mind multiple posting if necessary.
Another one to go, due to MBAM & ESET issues.
Scan with HitmanProIn any case don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!
Please download HitmanPro by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on icon and select Run as Administrator to start the tool.
- If the program won't run please run it while holding down the left CTRL key until it's loaded!
- Click on the Next button. You must agree with the terms of EULA (if asked).
- Check the box beside No, I only want to perform a one-time scan to check this computer.
- Click on the Next button.
- The program will start to scan the computer. It would only take several minutes.
- When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore.
- If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!
Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.
- If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!
- Click on the Next button.
- Click on the Save Log button.
- Save that file to your desktop.
Don't forget to re-enable your previously switched-off protection software!
#39
Posted 29 July 2014 - 03:24 PM
ztastorm
- Topic Starter
-
- Member
-
- 86 posts
Member
Hi there-
I edited bc I realized that I posted an incomplete scan logfile..so I reposted the complete logfile so you would have accurate info 
!
Here's the Hitman Log:
HitmanPro 3.7.9.221
www.hitmanpro.com
Computer name . . . . : STEPHEN-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Stephen-PC\Stephen
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-07-29 16:15:05
Scan mode . . . . . . : Normal
Scan duration . . . . : 38m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 15
Traces . . . . . . . : 158
Objects scanned . . . : 1,997,809
Files scanned . . . . : 83,654
Remnants scanned . . : 600,526 files / 1,313,629 keys
Malware _____________________________________________________________________
C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\xpcomponent.dll
Size . . . . . . . : 103,936 bytes
Age . . . . . . . : 630.8 days (2012-11-05 21:54:48)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 2E9BFFDB1A992D3DAABAA04976445BCDD34B85F06C4E115A45AFE0343C95FDF0
> Bitdefender . . . : Generic.Adware.GVance.8359ECC9
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Persi.aw
Fuzzy . . . . . . : 106.0
C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe
Size . . . . . . . : 227,072 bytes
Age . . . . . . . : 22.7 days (2014-07-06 23:17:21)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 4186BE743F5CD511CF5658E41D97472CEFEE055617E309BC527D074A42112973
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Application.Bundler.Somoto.J
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.allm
Fuzzy . . . . . . : 107.0
C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe
Size . . . . . . . : 227,056 bytes
Age . . . . . . . : 22.7 days (2014-07-06 23:18:05)
Entropy . . . . . : 7.8
SHA-256 . . . . . : FE6C1942AC6F7B3AD6E5201F6E5AF618763109780118F661A9E72DDD7D424527
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Application.Bundler.Somoto.J
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.allm
Fuzzy . . . . . . : 107.0
Forensic Cluster
-37.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B003DC48-80A0-4ED2-AE1B-5C81A45D1AF8}
-33.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C9C0FD2D-750A-4D5B-9C5F-E5C33340C58A}
-32.5s C:\Users\Stephen\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QF5FBON\sub.unconsiderate[1].xml
-2.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0863090F-AC80-489A-B6CB-A73CE9BBD221}
0.0s C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe
10.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5AE28A71-ABB2-47EC-99C1-78350F87E161}
10.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5AE28A71-ABB2-47EC-99C1-78350F87E161}
10.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5AE28A71-ABB2-47EC-99C1-78350F87E161}
30.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2300731C-89CD-49CB-A663-487D7E79F931}
32.8s C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
32.9s C:\Users\Stephen\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
32.9s C:\Users\Stephen\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
32.9s C:\Users\Stephen\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
32.9s C:\Users\Stephen\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
32.9s C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
32.9s C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
32.9s C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
43.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{385B1565-394C-4572-96D8-5F376F793B6E}
53.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F5787DC0-DD8A-4E27-B80F-8B99D16F1AC2}
57.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{457F1403-BA97-49B1-9C5D-F697808DE2E5}
57.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{457F1403-BA97-49B1-9C5D-F697808DE2E5}
57.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{457F1403-BA97-49B1-9C5D-F697808DE2E5}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
61.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A2ED9FE5-0E14-487E-9CEE-EE579C5DE19F}
C:\Users\Stephen\Downloads\Minecraft (1).exe
Size . . . . . . . : 236,192 bytes
Age . . . . . . . : 305.0 days (2013-09-27 16:53:51)
Entropy . . . . . : 7.8
SHA-256 . . . . . : BB1BDE1E769BC1975E42C83E64478EEA9B4ACB95CD4E68DB8580857849952F23
Product . . . . . : Setup
Publisher . . . . : Tuguu S.L.U
Description
Version . . . . . : 2.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Dropped:Trojan.Generic.11269951
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
Fuzzy . . . . . . : 101.0
C:\Users\Stephen\Downloads\Minecraft (2).exe
Size . . . . . . . : 236,208 bytes
Age . . . . . . . : 305.0 days (2013-09-27 16:55:46)
Entropy . . . . . : 7.8
SHA-256 . . . . . : E4CF0452B7629AE5D686F5024CAF05F7C03EB5D7FD2ECB935D202E69083C9D1D
Product . . . . . : Setup
Publisher . . . . : Tuguu S.L.U
Description
Version . . . . . : 2.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Dropped:Trojan.Generic.11269951
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Lollipop.qp
Fuzzy . . . . . . : 101.0
C:\Users\Stephen\Downloads\Player_Setup (1).exe
Size . . . . . . . : 243,384 bytes
Age . . . . . . . : 305.9 days (2013-09-26 18:12:26)
Entropy . . . . . : 7.8
SHA-256 . . . . . : A9C3DCFCBEA6503990CEE5806199EC8DAA1C00C37C8184CA035A81E6008A0864
Product . . . . . : Setup
Publisher . . . . : Tuguu S.L.U
Description
Version . . . . . : 2.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Dropped:Trojan.Generic.11296232
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
Fuzzy . . . . . . : 101.0
C:\Users\Stephen\Downloads\Player_Setup (2).exe
Size . . . . . . . : 243,256 bytes
Age . . . . . . . : 305.9 days (2013-09-26 18:12:44)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 2F28D8AEA7FDAAC448EAFB32B669B6FF89B8EFE7F3081B1695216ED14F988C13
Product . . . . . : Setup
Publisher . . . . : Tuguu S.L.U
Description
Version . . . . . : 2.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Dropped:Trojan.Generic.11296232
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
Fuzzy . . . . . . : 101.0
C:\Users\Stephen\Downloads\Player_Setup (3).exe
Size . . . . . . . : 243,240 bytes
Age . . . . . . . : 305.9 days (2013-09-26 18:12:44)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 173EAB7D83B0DE477EBB737451011C7C04711D336277E3E29E9E0EE8516A27AF
Product . . . . . : Setup
Publisher . . . . : Tuguu S.L.U
Description
Version . . . . . : 2.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Dropped:Trojan.Generic.11296232
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
Fuzzy . . . . . . : 101.0
C:\Users\Stephen\Downloads\Player_Setup.exe
Size . . . . . . . : 243,240 bytes
Age . . . . . . . : 305.9 days (2013-09-26 18:12:26)
Entropy . . . . . : 7.8
SHA-256 . . . . . : BF3F7CEE0BCDCB7DC7CC1DE3E5B205D64549BFD4C12D66458BE1DD86492EB864
Product . . . . . : Setup
Publisher . . . . : Tuguu S.L.U
Description
Version . . . . . : 2.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Dropped:Trojan.Generic.11296232
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.MSIL.DomaIQ.heur
Fuzzy . . . . . . : 101.0
C:\Users\Stephen\Downloads\Setup (1).exe
Size . . . . . . . : 471,504 bytes
Age . . . . . . . : 218.0 days (2013-12-23 16:21:41)
Entropy . . . . . : 7.4
SHA-256 . . . . . : 29D61E501E10022508D72D3C0535C18127CA8D754D4BBC195E350463BE4C9D96
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DomaIQ.ekr
Fuzzy . . . . . . : 103.0
C:\Users\Stephen\Downloads\setup (15).exe
Size . . . . . . . : 774,568 bytes
Age . . . . . . . : 20.0 days (2014-07-09 17:21:45)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 7799EC59FE5598B1904F754B162054E5F756AEAB33041A17083AADBDD4E72724
Product . . . . . : Software Updater
Publisher . . . . : AirInstaller
Description . . . : Software Updater
Version . . . . . : 2.0.19.0
Copyright . . . . : (c) AirInstaller
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.AirAdInstaller.cdgd
Fuzzy . . . . . . : 102.0
Forensic Cluster
0.0s C:\Users\Stephen\Downloads\setup (15).exe
0.0s C:\Users\Stephen\Downloads\setup (15).exe
C:\Users\Stephen\Downloads\Setup (2).exe
Size . . . . . . . : 462,264 bytes
Age . . . . . . . : 186.9 days (2014-01-23 18:22:52)
Entropy . . . . . : 7.4
SHA-256 . . . . . : E8D14AEAE0102C22C722E791EE32BDEFE91E2F7CC6B8ADCAE0A5B7F8C31E51EF
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.MSIL.DomaIQ.bgn
Fuzzy . . . . . . : 103.0
C:\Users\Stephen\Downloads\Setup (3).exe
Size . . . . . . . : 462,264 bytes
Age . . . . . . . : 186.9 days (2014-01-23 18:45:26)
Entropy . . . . . : 7.4
SHA-256 . . . . . : 9946DCC285C3F5826A4414A4D99931BA87C897B4EB52E468E667CAC62AD7553A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.MSIL.DomaIQ.bgn
Fuzzy . . . . . . : 103.0
C:\Users\Stephen\Downloads\Setup.exe
Size . . . . . . . : 471,504 bytes
Age . . . . . . . : 218.0 days (2013-12-23 16:01:49)
Entropy . . . . . : 7.4
SHA-256 . . . . . : 5118461163435C2409A5AA59198954CA96B7AE76A0D04527C09FD8716C78DFF0
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DomaIQ.ekr
Fuzzy . . . . . . : 103.0
C:\Users\Stephen\Downloads\SkyrimModsMale_downloader-If0WNgv6X.exe
Size . . . . . . . : 229,384 bytes
Age . . . . . . . : 32.1 days (2014-06-27 13:51:01)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 596E2D686F9266E151BDE746898B0AC4939B01A2144A32A16D3F2A3AB65FBF91
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Application.Bundler.Somoto.J
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.allm
Fuzzy . . . . . . : 107.0
Suspicious files ____________________________________________________________
C:\Users\Stephen\Desktop\FRST64.exe
Size . . . . . . . : 2,093,568 bytes
Age . . . . . . . : 5.4 days (2014-07-24 07:23:20)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 70424066CD60A682FD582B66DD8D3AF350C802B96E4FE3DD161AC4780EB2F1FF
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-1.8s C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_secure-us.imrworldwide.com_0.localstorage
-1.7s C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_secure-us.imrworldwide.com_0.localstorage-journal
0.0s C:\Users\Stephen\Desktop\FRST64.exe
0.3s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.457.Crwl
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\Interface\{050000CE-F9D5-4145-9490-DB9E7E40FDF9}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{476DAA21-E0C3-4EEB-B27B-5F4123334ABA}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{7DE6769A-E482-4AB7-8ED9-0CAFEA11D687}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{813F8915-C940-44ED-ADED-8B782D85FA87}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{8D182E50-D646-49FF-B518-34B09BDF5375}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{9563917C-2D1F-4E92-A90F-01E470099B68}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{A182C848-76B5-4473-B742-A688D38982A1}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{AC5C40D0-DC3A-4406-A35C-9102C5FA4D7E}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{C336533A-5E74-457F-AD87-9598F4AADF49}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{C8C14216-4D34-4866-B66E-BC25B98FCCCA}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{E54B3747-7507-43B0-8537-A64189F28B35}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{F761BABE-0622-4DCE-A1B0-9D1BCA75DFEF}\ (Iminent)
HKLM\SOFTWARE\Classes\Interface\{F98F0DE1-9B6F-4C87-8E08-6EE5928D8558}\ (Iminent)
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9\ (DealPly)
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3\ (DealPly)
HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DF51AD29-5239-441A-B921-E655C8162060}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}\ (DealPly)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}\ (DealPly)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job (DealPly)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job.fp (DealPly)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job (DealPly)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job.fp (DealPly)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Linksicle\ (Linksicle)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32\ (BrowserSafeguard)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS\ (BrowserSafeguard)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\optprosetup_RASAPI32\ (PCOptimizerPro)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\ (DealPly)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\ (DealPly)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\.DEFAULT\Software\Conduit\ (Conduit)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit\ (Conduit)
HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-18\Software\Conduit\ (Conduit)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
HKU\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
HKU\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
HKU\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Conduit\ (Conduit)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Crossrider\ (iPumper)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\PriceGong\ (PriceGong)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\SmartBar\ (Conduit)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ (Conduit)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}\ (AskBar)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ (Rocketfuel)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}\ (Conduit)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ (Conduit)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}\ (AskBar)
HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}\ (Conduit)
Repairs _____________________________________________________________________
Proxy server on this computer (User)
127.0.0.1:61896
Proxy server on this computer (User)
127.0.0.1:61896
Proxy server on this computer (User)
127.0.0.1:61896
Cookies _____________________________________________________________________
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bridgetrack.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:sparknetworks.112.2o7.net
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\3LBETWS1.txt
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\3NKBJPTO.txt
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\3SX26HHV.txt
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\6G968A4E.txt
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\C1WMRK52.txt
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\D5TM5G6J.txt
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\KGZGROCU.txt
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\PVKQPZBW.txt
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Cookies\QVF9351Z.txt
#40
Posted 30 July 2014 - 07:01 AM
Naathim
-
- Expert
-
- 4,568 posts
GeekU Minion
Hi
Update me on your current status. Are you experiencing any other issues?
Scan with ZOEK
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on icon and select Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
createsrpoint; autoclean; resetIEproxy; C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384};fs {ec8030f7-c20a-464f-9b0e-13a3a9e97384};c C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe;f C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe;f C:\Users\Stephen\Downloads\Minecraft (1).exe;f C:\Users\Stephen\Downloads\Minecraft (2).exe;f C:\Users\Stephen\Downloads\Player_Setup (1).exe;f C:\Users\Stephen\Downloads\Player_Setup (2).exe;f C:\Users\Stephen\Downloads\Player_Setup (3).exe;f C:\Users\Stephen\Downloads\Player_Setup.exe;f C:\Users\Stephen\Downloads\Setup (1).exe;f C:\Users\Stephen\Downloads\setup (15).exe;f C:\Users\Stephen\Downloads\Setup (2).exe;f C:\Users\Stephen\Downloads\Setup (3).exe;f C:\Users\Stephen\Downloads\Setup.exe;f C:\Users\Stephen\Downloads\SkyrimModsMale_downloader-If0WNgv6X.exe;f {050000CE-F9D5-4145-9490-DB9E7E40FDF9};c {476DAA21-E0C3-4EEB-B27B-5F4123334ABA};c {7DE6769A-E482-4AB7-8ED9-0CAFEA11D687};c {813F8915-C940-44ED-ADED-8B782D85FA87};c {8D182E50-D646-49FF-B518-34B09BDF5375};c {9563917C-2D1F-4E92-A90F-01E470099B68};c {A182C848-76B5-4473-B742-A688D38982A1};c {AC5C40D0-DC3A-4406-A35C-9102C5FA4D7E};c {C336533A-5E74-457F-AD87-9598F4AADF49};c {C8C14216-4D34-4866-B66E-BC25B98FCCCA};c {E54B3747-7507-43B0-8537-A64189F28B35};c {F761BABE-0622-4DCE-A1B0-9D1BCA75DFEF};c {F98F0DE1-9B6F-4C87-8E08-6EE5928D8558};c [-HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9];r [-HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3];r [-HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}];r [-HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}];r [-HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}];r [-HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}];r [-HKLM\SOFTWARE\Classes\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}];r64 [-HKLM\SOFTWARE\Classes\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}];r64 [-HKLM\SOFTWARE\Classes\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}];r64 [-HKLM\SOFTWARE\Classes\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}];r64 [-HKLM\SOFTWARE\Classes\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}];r64 [-HKLM\SOFTWARE\Classes\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}];r64 [-HKLM\SOFTWARE\Classes\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}];r64 [-HKLM\SOFTWARE\Classes\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}];r64 [-HKLM\SOFTWARE\Classes\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}];r64 [-HKLM\SOFTWARE\Classes\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}];r64 [-HKLM\SOFTWARE\Classes\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}];r64 [-HKLM\SOFTWARE\Classes\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}];r64 [-HKLM\SOFTWARE\Classes\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}];r64 [-HKLM\SOFTWARE\Classes\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}];r64 [-HKLM\SOFTWARE\Classes\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}];r64 [-HKLM\SOFTWARE\Classes\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}];r64 [-HKLM\SOFTWARE\Classes\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}];r64 [-HKLM\SOFTWARE\Classes\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}];r64 [-HKLM\SOFTWARE\Classes\Interface\{DF51AD29-5239-441A-B921-E655C8162060}];r64 [-HKLM\SOFTWARE\Classes\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}];r64 [-HKLM\SOFTWARE\Classes\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}];r64 [-HKLM\SOFTWARE\Classes\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}];r64 [-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job];r [-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job.fp];r [-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job];r [-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job.fp];r [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964];r [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467];r [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}];r [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}];r [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}];r [-HKLM\SOFTWARE\Linksicle];r64 [-HKLM\SOFTWARE\Microsoft\Tracing\Browsersafeguard_RASAPI32];r64 [-HKLM\SOFTWARE\Microsoft\Tracing\Browsersafeguard_RASMANCS];r64 [-HKLM\SOFTWARE\Microsoft\Tracing\optprosetup_RASAPI32];r64 [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}];r64 [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}];r64 [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}];r64 [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}];r64 [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}];r64 [-HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r [-HKU\.DEFAULT\Software\Conduit];r [-HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r [-HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit];r [-HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r [-HKU\S-1-5-18\Software\Conduit];r [-HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r [-HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r [-HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r [-HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Conduit];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Crossrider];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\PriceGong];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\SmartBar];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}];r [-HKU\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}];r - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Scan with Security Check
Please download Security Check by Screen317 and save it to your desktop.
- Right-click on icon and select Run as Administrator to start the tool.
- Follow onscreen instructions inside the black box. This scan won't take long.
- Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
#41
Posted 31 July 2014 - 05:10 AM
ztastorm
- Topic Starter
-
- Member
-
- 86 posts
Member
Hi there -
It is running better! Not as good as it was last week (slightly slower) but no extra popups lately!!
Here are the logs;
Zoek.exe v5.0.0.0 Updated 29-07-2014
Tool run by Stephen on Wed 07/30/2014 at 21:44:05.31.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Stephen\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-07-19-163142.log 59583 bytes
C:\zoek-results2014-07-19-191857.log 44363 bytes
C:\zoek-results2014-07-23-115613.log 467434 bytes
==== System Restore Info ======================
7/30/2014 9:45:24 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_CLASSES_ROOT\Interface\{050000CE-F9D5-4145-9490-DB9E7E40FDF9} deleted successfully
HKEY_CLASSES_ROOT\Interface\{476DAA21-E0C3-4EEB-B27B-5F4123334ABA} deleted successfully
HKEY_CLASSES_ROOT\Interface\{7DE6769A-E482-4AB7-8ED9-0CAFEA11D687} deleted successfully
HKEY_CLASSES_ROOT\Interface\{813F8915-C940-44ED-ADED-8B782D85FA87} deleted successfully
HKEY_CLASSES_ROOT\Interface\{8D182E50-D646-49FF-B518-34B09BDF5375} deleted successfully
HKEY_CLASSES_ROOT\Interface\{9563917C-2D1F-4E92-A90F-01E470099B68} deleted successfully
HKEY_CLASSES_ROOT\Interface\{A182C848-76B5-4473-B742-A688D38982A1} deleted successfully
HKEY_CLASSES_ROOT\Interface\{AC5C40D0-DC3A-4406-A35C-9102C5FA4D7E} deleted successfully
HKEY_CLASSES_ROOT\Interface\{C336533A-5E74-457F-AD87-9598F4AADF49} deleted successfully
HKEY_CLASSES_ROOT\Interface\{C8C14216-4D34-4866-B66E-BC25B98FCCCA} deleted successfully
HKEY_CLASSES_ROOT\Interface\{E54B3747-7507-43B0-8537-A64189F28B35} deleted successfully
HKEY_CLASSES_ROOT\Interface\{F761BABE-0622-4DCE-A1B0-9D1BCA75DFEF} deleted successfully
HKEY_CLASSES_ROOT\Interface\{F98F0DE1-9B6F-4C87-8E08-6EE5928D8558} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job.fp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job.fp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKEY_USERS\.DEFAULT\Software\Conduit]
[-HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKEY_USERS\S-1-5-18\Software\Conduit]
[-HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKEY_USERS\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKEY_USERS\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Crossrider]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\PriceGong]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\SmartBar]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}]
[-HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}]
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF51AD29-5239-441A-B921-E655C8162060}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Linksicle]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Browsersafeguard_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Browsersafeguard_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\optprosetup_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
==== Deleting Files \ Folders ======================
C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} deleted
C:\Users\Stephen\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe" deleted
"C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe" deleted
"C:\Users\Stephen\Downloads\Minecraft (1).exe" deleted
"C:\Users\Stephen\Downloads\Minecraft (2).exe" deleted
"C:\Users\Stephen\Downloads\Player_Setup (1).exe" deleted
"C:\Users\Stephen\Downloads\Player_Setup (2).exe" deleted
"C:\Users\Stephen\Downloads\Player_Setup (3).exe" deleted
"C:\Users\Stephen\Downloads\Player_Setup.exe" deleted
"C:\Users\Stephen\Downloads\Setup (1).exe" deleted
"C:\Users\Stephen\Downloads\setup (15).exe" deleted
"C:\Users\Stephen\Downloads\Setup (2).exe" deleted
"C:\Users\Stephen\Downloads\Setup (3).exe" deleted
"C:\Users\Stephen\Downloads\Setup.exe" deleted
"C:\Users\Stephen\Downloads\SkyrimModsMale_downloader-If0WNgv6X.exe" deleted
==== Chrome Look ======================
Google Voice Search Hotword (Beta) - Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
==== Chrome Fix ======================
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...ox&FORM=IE10SR"
{8F3F0499-AC86-4DCD-A4F6-9CD6189C98B6} Bing Url="http://www.bing.com/...c=IE-SearchBox"
==== shortcuts on Users Desktops ======================
C:\Users\Stacey\Desktop\oPryzeLP Mod Tool.lnk - C:\Users\Stephen\Desktop\oPryzev1.exe
C:\Users\Stephen\Desktop\zoek - Shortcut.lnk - C:\Users\Stephen\Downloads\zoek.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Canon MX450 series On-screen Manual.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MX450 SERIES\English\Info.egv"
C:\Users\Public\Desktop\Easy Phone Sync.lnk - C:\Program Files (x86)\Media Mushroom Limited\Easy Phone Sync\Easy Phone Sync.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Norton Security Scan.LNK - C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.24\Nss.exe
C:\Users\Public\Desktop\Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk - C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Stacey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.safesear....40316-170-ch-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear....40316-170-ie-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear....40316-170-ff-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Easy Phone Sync.lnk - C:\Program Files (x86)\Media Mushroom Limited\Easy Phone Sync\Easy Phone Sync.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Learning Lodge Navigator.lnk - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe lauch
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Start Google Earth in DirectX mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk -
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.safesear....40316-170-ch-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear....40316-170-ie-sr
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
==== shortcuts After Repair ======================
C:\Users\Public\Desktop\Norton Security Scan.LNK - C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.24\Nss.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stacey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=4368 folders=969 1586101035 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Stacey\AppData\Local\Temp emptied successfully
C:\Users\Stephen\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Stephen\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" deleted
==== EOF on Wed 07/30/2014 at 22:55:28.44 ======================
Results of screen317's Security Check version 0.99.86
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 21
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 9
Adobe Reader XI
Google Chrome 31.0.1650.63
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
#42
Posted 31 July 2014 - 06:55 AM
Naathim
-
- Expert
-
- 4,568 posts
GeekU Minion
Hi
Can you tell me why UAC is disabled there?
If I were you, I'd consider enabling it, as leaving it that way is a risky trick.
Update outdated software
Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your apps need updating:
Updating Java manually
- Click the Start button
- Click Control Panel
- Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
- Click the Update tab
- Click Update Now
- Allow any updates to be downloaded and installed.
- If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
- From Control panel also please remove any older versions of Java - do not leave them installed!.
Please remember to always keep it up to date.
Updating Internet Explorer manually
- Visit THIS website.
- You will find there IE 11 to be downloaded and installed.
IE is an integrated part of Windows core. Leaving it without updates is a great risk for your data security. Please remember to always keep it up to date.
Clean with DelFix
Please download DelFix by Xplode and save it to your desktop.
- Right-click on icon and select Run as Administrator to start the tool.
- Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
- Push Run.
- When finished, it will display a notepad report.
Include it for my review.
#43
Posted 31 July 2014 - 07:00 PM
ztastorm
- Topic Starter
-
- Member
-
- 86 posts
Member
Hi Naat I have no idea what UAC is or how it got disabled lol I will go ahead w your instructions now!
#44
Posted 01 August 2014 - 04:08 AM
Naathim
-
- Expert
-
- 4,568 posts
GeekU Minion
UAC (User Account Control) is technology that limits user permissions, so you need to accept another warning before running any programs. This is made just to be sure that you know what you're doing. Leaving it disabled may be a security risk, as any programs will be able to run without your agreement.
Please post the DelFix log and tell me should the UAC stay disabled or not.
We're nearly done
#45
Posted 01 August 2014 - 05:46 AM
ztastorm
- Topic Starter
-
- Member
-
- 86 posts
Member
Ok - can you please show me how to enable UAC? I tried to upload Java but it said I already had the latest version on my system! I was able to update IE and run the scan..here are the results..and yay almost there! Thanku so much for your time and patience!
# DelFix v10.8 - Logfile created 01/08/2014 at 00:09:50
# Updated 29/07/2014 by Xplode
# Username : Stephen - STEPHEN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\logFileUI.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2014-07-19-163142.log
Deleted : C:\zoek-results2014-07-19-191857.log
Deleted : C:\zoek-results2014-07-23-115613.log
Deleted : C:\Users\Stephen\Desktop\Addition.txt
Deleted : C:\Users\Stephen\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Stephen\Desktop\aswMBR.exe
Deleted : C:\Users\Stephen\Desktop\aswMBR2.txt
Deleted : C:\Users\Stephen\Desktop\Fixlog.txt
Deleted : C:\Users\Stephen\Desktop\FRST.txt
Deleted : C:\Users\Stephen\Desktop\FRST64.exe
Deleted : C:\Users\Stephen\Desktop\JRT.txt
Deleted : C:\Users\Stephen\Desktop\MBR.dat
Deleted : C:\Users\Stephen\Desktop\OTL.Txt
Deleted : C:\Users\Stephen\Desktop\OTLExtras.Txt
Deleted : C:\Users\Stephen\Desktop\SecurityCheck.exe
Deleted : C:\Users\Stephen\Desktop\zoek - Shortcut.lnk
Deleted : C:\Users\Stephen\Desktop\zoek-results.txt
Deleted : C:\Users\Stephen\Desktop\zoek-results2.txt
Deleted : C:\Users\Stephen\Desktop\zoek-results73014.txt
Deleted : C:\Users\Stephen\Downloads\Addition.txt
Deleted : C:\Users\Stephen\Downloads\AdwCleaner.exe
Deleted : C:\Users\Stephen\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Stephen\Downloads\Extras.Txt
Deleted : C:\Users\Stephen\Downloads\JRT.exe
Deleted : C:\Users\Stephen\Downloads\OTL.exe
Deleted : C:\Users\Stephen\Downloads\Sinon (modify CS).docx
Deleted : C:\Users\Stephen\Downloads\Sinon CS.pdf
Deleted : C:\Users\Stephen\Downloads\zoek (1).exe
Deleted : C:\Users\Stephen\Downloads\zoek (4).exe
Deleted : C:\Users\Stephen\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Cleaning system restore ...
Deleted : RP #944 [Scheduled Checkpoint | 07/20/2014 23:33:14]
Deleted : RP #945 [zoek.exe restore point | 07/23/2014 11:00:16]
Deleted : RP #946 [Windows Update | 07/23/2014 20:49:42]
Deleted : RP #947 [Windows Update | 07/25/2014 07:00:10]
Deleted : RP #948 [Windows Update | 07/29/2014 05:04:41]
Deleted : RP #949 [zoek.exe restore point | 07/31/2014 01:45:06]
Deleted : RP #950 [Windows Modules Installer | 08/01/2014 01:06:44]
Deleted : RP #951 [Windows Modules Installer | 08/01/2014 01:08:05]
Deleted : RP #952 [Windows Modules Installer | 08/01/2014 01:08:36]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
Similar Topics
Also tagged with one or more of these keywords: malware, virus, ValueApps, Shopper-pro
 
|
Security →
Virus, Spyware, Malware Removal →
Having Powersheel.exe Issues ... Need fixlist.txtStarted by raj0171 , 19 Mar 2024  Virus, HELP, Malwarebytes
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
HP desktop - google.com is in Norwegian [Solved]Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more...
|
|
![HP desktop - google.com is in Norwegian [Solved] - last post by wayneman50](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-328601.jpg?_r=1546827512)
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Possible Malware infection - help request [Solved]Started by Maffu , 07 May 2023 malware, advapi and 1 more...
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Help getting started checking laptop for malware [Solved]Started by triedeverything , 12 Apr 2023 help, malware, spyware
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Virus InfectionStarted by ForrestGump , 05 Oct 2022 Virus
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
