Computer Hope
Software => Computer viruses and spyware => Topic started by: nomederai on May 05, 2013, 07:30:29 AM
-
This problem started a few days ago when i noticed my computer which is only a little under a year old started to run very slowly. Before i start with the problem i should say that I'm certainly no computer expert but I've dabbled in programming and maintenance a couple of times. Not quite my forte. Anyway I started to get these notifications from Norton that something called "Comodo Dragon" was using a very high amount of CPU (I don't know what this means but I know it isn't good) and i know for a fact that i never willingly downloaded anything like this. When i look at the detailed report, it brings up information about the file "windows defender" and a lot of information about this file is unavailable. I will copy the report to the clipboard and paste it at the bottom of this post. I'm not sure if this is a legitimate file or not and if it isn't i need to know how to stop it from slowing down my computer so much. I'm not sure what further information needs to be provided but let me know and I'll answer any questions. Thank you in advance!
Full Path: c:\users\will\appdata\roaming\win defense\windows defender.exe
____________________________
____________________________
Developers Not Available
Version 21.0.2.0
Identified 4/26/2013 at 11:15:39 PM
Last Used 5/5/2013 at 9:30:38 AM
Startup Item No
____________________________
____________________________
Unknown
This program crash history is not known.
____________________________
Few Users
Fewer than 100 users in the Norton Community have used this file.
____________________________
New
This file was released 9 days ago.
____________________________
Bad
There are many indications that this file is untrustworthy.
____________________________
Source File:
sdx0edjkmining.exe
File Created:
windows defender.exe
____________________________
Performance
Avg. Resource Usage:Moderate
Avg. CPU Usage:Heavy
Avg. Memory Usage:Low
____________________________
Performance Alert
Time:
5/5/2013 9:30:34 AM
Process ID 4908
CPU 100% of at least one CPU.
Memory Normal
Handles Count Normal
Disk Read Activity Normal
Disk Write Activity Normal
____________________________
Network
ProtocolRemote ConnectionPort
TCP198.199.73.408337
TCP198.199.73.408337
TCP198.199.73.408337
TCP198.199.73.408337
TCP198.199.73.408337
TCP198.199.73.408337
TCP198.199.73.408337
TCP198.199.73.408337
TCP198.199.73.408337
TCP198.199.73.408337
____________________________
File Thumbprint - SHA:
4bcbc33817de3a4aadd3e1e1fbe076a5d7e1867 dc4c70f2a56998f7c2a9a179e
____________________________
File Thumbprint - MD5:
318b472961256c712925052bfa52d179
____________________________
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
- Double click on AdwCleaner.exe to run the tool.
- Click on Search.
- A logfile will automatically open after the scan has finished.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
-
DAYUMMMMMMM! That software not only quarantined disabled and deleted comodo dragon, but about a thousand other files i didn't even know existed (or if i did, i didnt know they were malicious) You sir, are a lifesaver. Here are the logs you requested.
there were two from adwcleaner so i'll include both
# AdwCleaner v2.300 - Logfile created 05/05/2013 at 21:41:54
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Will - STUDIO1
# Boot Mode : Normal
# Running from : C:\Users\Will\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
Found : CltMngSvc
Found : DefaultTabSearch
Found : DefaultTabUpdate
Found : vToolbarUpdater14.2.0
Found : WajamUpdater
***** [Files / Folders] *****
File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\Steve\AppData\Local\funmoods.crx
File Found : C:\Users\Steve\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Found : C:\Users\Steve\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\searchplugins\Conduit.xml
File Found : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\searchplugins\search-here.xml
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DefaultTab
Folder Found : C:\Program Files (x86)\Funmoods
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Somoto_V.1
Folder Found : C:\Program Files (x86)\uTorrentControl2
Folder Found : C:\Program Files (x86)\v-Grabber
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Lindsey\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Lindsey\AppData\Local\Giant Savings
Folder Found : C:\Users\Lindsey\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Lindsey\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\rah9y96e.default\extensions\[email protected]
Folder Found : C:\Users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\rah9y96e.default\extensions\[email protected]
Folder Found : C:\Users\Steve\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Steve\AppData\Local\Conduit
Folder Found : C:\Users\Steve\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Steve\AppData\Local\Temp\CT3282812
Folder Found : C:\Users\Steve\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Steve\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Steve\AppData\LocalLow\Conduit
Folder Found : C:\Users\Steve\AppData\LocalLow\Funmoods
Folder Found : C:\Users\Steve\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged
Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}
Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}
Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\[email protected]
Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\[email protected]
Folder Found : C:\Users\Steve\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Will\AppData\Local\APN
Folder Found : C:\Users\Will\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Will\AppData\Local\Wajam
Folder Found : C:\Users\Will\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Will\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Will\AppData\LocalLow\Conduit
Folder Found : C:\Users\Will\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Will\AppData\LocalLow\Somoto_V.1
Folder Found : C:\Users\Will\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\Will\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Found : C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\jetpack
Folder Found : C:\Users\Will\AppData\Roaming\SearchProtect
Folder Found : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\Giant Savings
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Funmoods
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Wajam
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3282812
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B673DD09-E496-4A82-8144-D16AD900B303}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Somoto_V.1
Key Found : HKLM\Software\uTorrentControl2
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B673DD09-E496-4A82-8144-D16AD900B303}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FDE4C2D-6BD4-475F-B166-DA4DF1A0E6F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71A08CC1-0FF3-4B9E-9020-279DB1716232}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B76BCADD-B7C5-49C2-8A71-424B5C41EE39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA66EEB0-5B0E-4A1D-AA72-37A05CB43CD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Somoto_V.1 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-3269768414-2105484045-1101214325-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16537
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzuzytDtB0BtAyEtBtCzy0F0FtDyByB0AyBtN0D0TzutBtDtCtBtDyCtDzy&cr=1335960002
-\\ Mozilla Firefox v15.0.1 (en-US)
File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\prefs.js
Found : user_pref("CT3282812.FF19Solved", "true");
Found : user_pref("CT3282812.UserID", "UN25700064971718428");
Found : user_pref("CT3282812.addressUrlXPETakeover", "true");
Found : user_pref("CT3282812.autoDisableScopes", -1);
Found : user_pref("CT3282812.browser.search.defaultthis.en gineName", "true");
Found : user_pref("CT3282812.defaultSearchXPETakeover", "true");
Found : user_pref("CT3282812.installDate", "25/3/2013 16:55:43");
Found : user_pref("CT3282812.installerVersion", "1.3.7.3");
Found : user_pref("CT3282812.keyword", "true");
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.defaultthis.engineName", "Somoto V.1 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&CUI[...]
Found : user_pref("browser.search.selectedEngine", "Somoto V.1 Customized Web Search");
Found : user_pref("extensions.crossriderapp4479.4479.Insta llationTime", 1342352477);
Found : user_pref("extensions.crossriderapp4479.4479.activ e", true);
Found : user_pref("extensions.crossriderapp4479.4479.addre ssbar", "");
Found : user_pref("extensions.crossriderapp4479.4479.affid", "0");
Found : user_pref("extensions.crossriderapp4479.4479.backg roundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Found : user_pref("extensions.crossriderapp4479.4479.backg roundver", 7);
Found : user_pref("extensions.crossriderapp4479.4479.can_r un_bg_code", true);
Found : user_pref("extensions.crossriderapp4479.4479.certd omaininstaller", "");
Found : user_pref("extensions.crossriderapp4479.4479.chang eprevious", false);
Found : user_pref("extensions.crossriderapp4479.4479.cooki e.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e.InstallationTime.value", "1342352477");
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_aoi.value", "1342352477");
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_country_code.expiration", "Mon Nov 26 2012 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_country_code.value", "%22US%22");
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_crr.value", "1353361370");
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_parent_zoneid.value", "%2242874%22");
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_product_id.value", "%221242%22");
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_zoneid.value", "%2256743%22");
Found : user_pref("extensions.crossriderapp4479.4479.descr iption", "Save big with Giant Savings! Coupons dis[...]
Found : user_pref("extensions.crossriderapp4479.4479.domai n", "");
Found : user_pref("extensions.crossriderapp4479.4479.email sig", "");
Found : user_pref("extensions.crossriderapp4479.4479.enabl esearch", false);
Found : user_pref("extensions.crossriderapp4479.4479.expos esites", "");
Found : user_pref("extensions.crossriderapp4479.4479.fbrem oteurl", "");
Found : user_pref("extensions.crossriderapp4479.4479.group", 0);
Found : user_pref("extensions.crossriderapp4479.4479.homep age", "");
Found : user_pref("extensions.crossriderapp4479.4479.ifram e", false);
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_appVer.value", "44");
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_lastVersion.expiration", "Fri Feb [...]
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_lastVersion.value", "0");
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_nextCheck.expiration", "Mon Nov 19[...]
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_remote_resources.expira tion", "Fri[...]
Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_remote_resources.value", "%7B%22re[...]
Found : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp4479.4479.manif esturl", "");
Found : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Found : user_pref("extensions.crossriderapp4479.4479.newta b", "");
Found : user_pref("extensions.crossriderapp4479.4479.opens earch", "");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000014.ver", 7);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000015.ver", 4);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_15.code", "(function(f){var u={};var e=M[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_16.code", "if((typeof isBackground===\"u[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_16.ver", 4);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_21.code", "var CrossriderDebugManager=(f[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_22.code", "(function(a){appAPI.queueMana[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_28.code", "var CrossriderInitializerPlug[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns_lists.plugins_0", "17,14,16,47,1000015");
Found : user_pref("extensions.crossriderapp4479.4479.plugi ns_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi nsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugi nsversion", 17);
Found : user_pref("extensions.crossriderapp4479.4479.premi um", true);
Found : user_pref("extensions.crossriderapp4479.4479.publi sher", "215 Apps");
Found : user_pref("extensions.crossriderapp4479.4479.searc hstatus", 0);
Found : user_pref("extensions.crossriderapp4479.4479.setne wtab", false);
Found : user_pref("extensions.crossriderapp4479.4479.setti ngsurl", "");
Found : user_pref("extensions.crossriderapp4479.4479.thank you", "");
Found : user_pref("extensions.crossriderapp4479.4479.updat einterval", 360);
Found : user_pref("extensions.crossriderapp4479.4479.ver", 44);
Found : user_pref("extensions.crossriderapp4479.adsOldValu e", -1);
Found : user_pref("extensions.crossriderapp4479.apps", "4479");
Found : user_pref("extensions.crossriderapp4479.bic", "1388a714b91baff26e19dba4f2d7cbef");
Found : user_pref("extensions.crossriderapp4479.cid", 4479);
Found : user_pref("extensions.crossriderapp4479.firstrun", false);
Found : user_pref("extensions.crossriderapp4479.hadappinst alled", true);
Found : user_pref("extensions.crossriderapp4479.installati ondate", 1342352477);
Found : user_pref("extensions.crossriderapp4479.lastcheck", 22556023);
Found : user_pref("extensions.crossriderapp4479.lastchecki tem", 22556023);
Found : user_pref("extensions.crossriderapp4479.misc.lastB gWorkerTimer", "1342352537353");
Found : user_pref("extensions.crossriderapp4479.misc.lastD omWorkerTimer", "1342352537348");
Found : user_pref("extensions.crossriderapp4479.modetype", "production");
Found : user_pref("extensions.enabledAddons", "[email protected]:0.81.13,{972ce4c6-7e08-4474-[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&SearchSource=2&CU[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.originalSearchAddressUrl", "");
Found : user_pref("smartbar.originalSearchEngine", "AVG Secure Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3282812&octid=CT3282812&Sea[...]
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282812&octid=CT3282812[...]
Found : user_pref("smartbar.originalHomepage", "about:home");
File : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\prefs.js
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B905b6589-7f8a-4ead-b280-2b13b4874c42[...]
File : C:\Users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\rah9y96e.default\prefs.js
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.0.5");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B42fdbde1-5c19-41ed-8ba2-363a95283e25[...]
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.797] : homepage = "hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN25649028037664866&UM=2",
Found [l.982] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN25649028037664866&UM=2" ]
File : C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Lindsey\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [44313 octets] - [05/05/2013 21:31:44]
AdwCleaner[R2].txt - [44311 octets] - [05/05/2013 21:41:54]
########## EOF - C:\AdwCleaner[R2].txt - [44372 octets] ##########
_______________________________________ _____________________________________
# AdwCleaner v2.300 - Logfile created 05/06/2013 at 09:01:35
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Will - STUDIO1
# Boot Mode : Normal
# Running from : C:\Users\Will\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Steve\AppData\Local\funmoods.crx
File Deleted : C:\Users\Steve\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Users\Steve\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\searchplugins\search-here.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Funmoods
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Somoto_V.1
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\Program Files (x86)\v-Grabber
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Lindsey\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Lindsey\AppData\Local\Giant Savings
Folder Deleted : C:\Users\Lindsey\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Lindsey\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\rah9y96e.default\extensions\[email protected]
Folder Deleted : C:\Users\Steve\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Steve\AppData\Local\Conduit
Folder Deleted : C:\Users\Steve\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Steve\AppData\Local\Temp\CT3282812
Folder Deleted : C:\Users\Steve\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Steve\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Steve\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Steve\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Steve\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\[email protected]
Folder Deleted : C:\Users\Steve\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Will\AppData\Local\APN
Folder Deleted : C:\Users\Will\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Will\AppData\Local\Wajam
Folder Deleted : C:\Users\Will\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Will\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Will\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Will\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Will\AppData\LocalLow\Somoto_V.1
Folder Deleted : C:\Users\Will\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Will\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Deleted : C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\jetpack
Folder Deleted : C:\Users\Will\AppData\Roaming\SearchProtect
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282812
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B673DD09-E496-4A82-8144-D16AD900B303}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-
-
Please run the other two scanners and post the logs.
-
That's strange I couldve sworn i posted those... here you go
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.06.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Will :: STUDIO1 [administrator]
Protection: Enabled
5/5/2013 9:43:14 PM
MBAM-log-2013-05-06 (08-46-52).txt
Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 803672
Time elapsed: 2 hour(s), 3 minute(s),
Memory Processes Detected: 6
C:\Users\Will\AppData\Roaming\Win Defense\Mining.exe (Backdoor.Bot) -> 2212 -> No action taken.
C:\Users\Will\AppData\Roaming\Intel Update Drives\Intel Drivers.exe (Trojan.BitMiner) -> 4000 -> No action taken.
C:\Users\Will\AppData\Roaming\zK37dPMF\Driver Updates.exe (Trojan.Dropper.DX) -> 4056 -> No action taken.
C:\Users\Will\AppData\Local\Temp\SearchFillterHost.exe (Trojan.PasswordStealer.Gen) -> 4632 -> No action taken.
C:\Users\Will\AppData\Roaming\Win Defense\Windows Defender.exe (Trojan.BitMiner) -> 4908 -> No action taken.
C:\Users\Will\AppData\Roaming\Microsoft\Windows\Templates\InteliTrace.exe (Backdoor.Messa) -> 2912 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 30
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
HKCR\f (PUP.Funmoods) -> No action taken.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> No action taken.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken.
Registry Values Detected: 8
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup (Backdoor.Bot) -> Data: C:\Users\Will\AppData\Roaming\Win Defense\Mining.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Intel Updates (Trojan.Dropper.DX) -> Data: "C:\Users\Will\AppData\Roaming\zK37dPMF\Driver Updates.exe" -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ZUGfTIZlRQB (Backdoor.Agent.DC) -> Data: "C:\Users\Will\AppData\Roaming\OHdZ0Qt0w9E\uRr6O1N5BfR.exe" -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WinDefenders (Trojan.MSIL) -> Data: "C:\Users\Will\AppData\Roaming\rwSEB3PMn\DxhEet9o9.exe" -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Driver X (Trojan.MSIL) -> Data: "C:\Users\Will\AppData\Roaming\J41uGDd3Xe\Drivers Update.exe" -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows® Operating System (Backdoor.Messa) -> Data: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Templates\InteliTrace.exe -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 8
C:\Users\Will\AppData\Roaming\dclogs (Stolen.Data) -> No action taken.
C:\Users\Steve\AppData\LocalLow\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> No action taken.
C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> No action taken.
C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> No action taken.
Files Detected: 96
C:\Users\Will\AppData\Roaming\Win Defense\Mining.exe (Backdoor.Bot) -> No action taken.
C:\Users\Will\AppData\Roaming\Intel Update Drives\Intel Drivers.exe (Trojan.BitMiner) -> No action taken.
C:\Users\Will\AppData\Roaming\zK37dPMF\Driver Updates.exe (Trojan.Dropper.DX) -> No action taken.
C:\Users\Will\AppData\Local\Temp\SearchFillterHost.exe (Trojan.PasswordStealer.Gen) -> No action taken.
C:\Users\Will\AppData\Roaming\Win Defense\Windows Defender.exe (Trojan.BitMiner) -> No action taken.
C:\Users\Will\AppData\Roaming\OHdZ0Qt0w9E\uRr6O1N5BfR.exe (Backdoor.Agent.DC) -> No action taken.
C:\Users\Will\AppData\Roaming\rwSEB3PMn\DxhEet9o9.exe (Trojan.MSIL) -> No action taken.
C:\Users\Will\AppData\Roaming\J41uGDd3Xe\Drivers Update.exe (Trojan.MSIL) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$RCXDDNL.exe (Backdoor.Agent.DC) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$R1F03PO\installer.volonet.playbryte-fa.exe (PUP.PlayBryte) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$R5MNA8S\Adobe Bridge CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$R5MNA8S\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$RR543V5\32bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$RR543V5\64bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\AMTLib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> No action taken.
C:\Program Files (x86)\Superbrothers - Sword & Sworcery EP\TDU500.exe (Packer.ModifiedUPX) -> No action taken.
C:\Users\Lindsey\Downloads\adobe flash player ie setup.exe (PUP.AdBundle) -> No action taken.
C:\Users\Lindsey\Lindsey Laptop\Downloads\FLVPlayerSetup.exe (Adware.Installcore) -> No action taken.
C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KB9J6UU\Final%20Updates[1] (Trojan.MSIL) -> No action taken.
C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY6CH3L2\WAN%20Updates[1] (Trojan.Dropper.DX) -> No action taken.
C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9JJF1T1\WAN%20Updates[1] (Trojan.Dropper.DX) -> No action taken.
C:\Users\Will\AppData\Local\Temp\26831.exe (Trojan.Dropper.DX) -> No action taken.
C:\Users\Will\AppData\Local\Temp\83506.exe (Trojan.Dropper.DX) -> No action taken.
C:\Users\Will\AppData\Local\Temp\89887.exe (Trojan.MSIL) -> No action taken.
C:\Users\Will\AppData\Local\Temp\95923.exe (Trojan.MSIL) -> No action taken.
C:\Users\Will\AppData\Roaming\07XZIJIKXT6Newest Installs.exe (Backdoor.Agent.DC) -> No action taken.
C:\Users\Will\AppData\Roaming\29IZWDLOSend Out.exe (Trojan.MSIL) -> No action taken.
C:\Users\Will\AppData\Roaming\7JH69HKJLKNewest Installs.exe (Backdoor.Agent.DC) -> No action taken.
C:\Users\Will\AppData\Roaming\FWJNLQBQH2OVQHNewest Installs.exe (Backdoor.Agent.DC) -> No action taken.
C:\Users\Will\AppData\Roaming\svchost.exe (Trojan.Agent) -> No action taken.
C:\Users\Will\AppData\Roaming\THDUBU1W9Send Out.exe (Trojan.MSIL) -> No action taken.
C:\Users\Will\AppData\Roaming\WSZTC2NFPsvcchost.exe (Backdoor.Bot) -> No action taken.
C:\Users\Will\AppData\Roaming\PC Protection\PC Protection.exe (Trojan.BCMiner) -> No action taken.
C:\Users\Will\Downloads\EpicBot.exe (Trojan.PasswordStealer.Gen) -> No action taken.
C:\Users\Will\Downloads\Photoshop\DLL FILE\32bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\Will\Downloads\Photoshop\DLL FILE\64bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\Steve\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\Users\Steve\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\Users\Will\AppData\Local\Temp\pws_cdk.bss (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Local\Temp\pws_mail.bss (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Local\Temp\pws_mess.bss (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\WinDefense.exe (Backdoor.Agent) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-10-28-1.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-10-29-2.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-10-31-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-01-5.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-02-6.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-04-1.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-05-2.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-06-3.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-07-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-10-7.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-11-11-1.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-12-14-6.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-12-15-7.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-12-20-5.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-12-21-6.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-12-30-1.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2012-12-31-2.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-01-01-3.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-01-10-5.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-01-20-1.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-01-23-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-01-30-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-02-11-2.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-02-14-5.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-02-27-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-03-04-2.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-03-13-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-03-21-5.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-04-07-1.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-04-10-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-04-13-7.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-04-22-2.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-04-24-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\dclogs\2013-05-01-4.dc (Stolen.Data) -> No action taken.
C:\Users\Will\AppData\Roaming\Keylogger (Stolen.Data) -> No action taken.
C:\Users\Will\Templates\InteliTrace.exe (Backdoor.Agent.DC) -> No action taken.
C:\Users\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> No action taken.
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> No action taken.
C:\Users\Will\AppData\Local\Temp\cc.vbs (Trojan.Agent.VBS) -> No action taken.
C:\Users\Will\AppData\Roaming\5N1NFAMKS8.exe (Backdoor.Messa) -> No action taken.
C:\Users\Will\AppData\Roaming\Microsoft\Windows\Templates\InteliTrace.exe (Backdoor.Messa) -> No action taken.
C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> No action taken.
C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> No action taken.
C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> No action taken.
(end)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by Will on Mon 05/06/2013 at 9:12:13.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3269768414-2105484045-1101214325-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{352D5E23-01F9-4282-BC7C-EE0255E32825}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C34D783B-EA43-4057-868A-37FC87374406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D4871E0B-C3B2-4883-AB8D-235BC18B206B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{352D5E23-01F9-4282-BC7C-EE0255E32825}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\windows\couponprinter.ocx"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
~~~ FireFox
Successfully deleted: [File] C:\Users\Will\AppData\Roaming\mozilla\firefox\profiles\yfujs3sr.default\searchplugins\my-homepage.xml
Successfully deleted the following from C:\Users\Will\AppData\Roaming\mozilla\firefox\profiles\yfujs3sr.default\prefs.js
user_pref("extensions.crossrider.bic", "1386422094dc5c2a305b51a8a7770702");
Emptied folder: C:\Users\Will\AppData\Roaming\mozilla\firefox\profiles\yfujs3sr.default\minidumps [39 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/06/2013 at 9:17:23.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Please run MBAM again and "Remove the infections". That should clear up a lot of your problems.
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. If you want to help, please go here. (http://www.computerhope.com/forum/index.php/topic,57605.0.html) Superdave.