Jump to content


Photo
- - - - -

i have Trojan.0Access and i can't get rid of it!


  • This topic is locked This topic is locked
91 replies to this topic

#21 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 July 2013 - 03:53 AM

Okay, the others please.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#22 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 08 July 2013 - 07:48 PM

 AdwCleaner v2.304 - Logfile created 07/07/2013 at 11:17:39
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : josh - WILLIAMS-PC
# Boot Mode : Normal
# Running from : C:\Users\josh\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
File Deleted : C:\Users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\lxx114p3.default\searchplugins\mixidj.xml
File Deleted : C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\bprotector_prefs.js
File Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\plugin@yontoo.com.xpi
File Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files\Red Sky
Folder Deleted : C:\Program Files\Zoom Downloader
Folder Deleted : C:\ProgramData\iMesh
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Users\josh\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ken\AppData\Local\iMesh
Folder Deleted : C:\Users\Ken\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Ken\AppData\LocalLow\iBryte
Folder Deleted : C:\Users\Ken\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\Ken\AppData\LocalLow\SearchquTB
Folder Deleted : C:\Users\Ken\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Ken\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\z1jbkpyl.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\z1jbkpyl.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\z1jbkpyl.default\extensions\staged
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\z1jbkpyl.default\mediabarim
Folder Deleted : C:\Users\Williams\AppData\Local\APN
Folder Deleted : C:\Users\Williams\AppData\Local\Babylon
Folder Deleted : C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Williams\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Williams\AppData\Local\iMesh
Folder Deleted : C:\Users\Williams\AppData\Local\PackageAware
Folder Deleted : C:\Users\Williams\AppData\Local\Smartbar
Folder Deleted : C:\Users\Williams\AppData\Local\Wajam
Folder Deleted : C:\Users\Williams\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Williams\AppData\LocalLow\DownTangoLauncherToolbar
Folder Deleted : C:\Users\Williams\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Williams\AppData\LocalLow\iBryte
Folder Deleted : C:\Users\Williams\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\Williams\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Williams\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Williams\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Williams\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Williams\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Williams\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Williams\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Williams\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\Conduit
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\ConduitCommon
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\CT2642703
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\CT3196716
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\downloadmanager@zoomdownloader.com
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\ffxtlbr@Facemoods.com
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\ffxtlbra@softonic.com
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\firefox@bandoo.com
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\helperbar@helperbar.com
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\extensions\playbryte@playbryte.com
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\mediabarim
Folder Deleted : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\SweetIMToolbarData
Folder Deleted : C:\Users\Williams\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Williams\Documents\iMesh
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\5d0d78de76ae817
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DownTango
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DownTango
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mixidj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Protected Search_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\ProtectedSearch
Key Deleted : HKLM\SOFTWARE\5d0d78de76ae817
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\Software\Classes\Installer\Features\FA20CB7A821113A4CB8FA1E38E303D3B
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\Software\Classes\Installer\Products\FA20CB7A821113A4CB8FA1E38E303D3B
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Deleted : HKLM\Software\DownTango
Key Deleted : HKLM\Software\Imesh
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{250BECD2-5C43-48CF-A3C6-666338526D67}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B52D0735-EC19-448A-ABDE-E01B5BD275D2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16490
 
 
-\\ Mozilla Firefox v14.0.1 (en-US)
 
File : C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\prefs.js
 
C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\k8f6vpkg.default\user.js ... Deleted !
 
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "WiseConvert Customized Web Search");
Deleted : user_pref("browser.search.order.1", "Delta Search");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Softonic)");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 13 2011 15:47:53 GMT+10[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Oct 29 2011 20:02:58 GMT+1100 (AUS E[...]
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Oct 29 2011 21:59:40 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{44baf5c3-a319-4100-96b3-ccc3f2b05027}");
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2642703,CT2438727");
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "WiseConvert Customized Web Search");
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1e7e4de1-5ef4-4baa-9250-c26258dc499a}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "mapneto_1");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 01 2013 17:43:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 01 2013 17:43:54 GMT+100[...]
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 01 2013 17:43:43 GMT+1000 (A[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.userId", "3c3d8c49-3e7d-4d5f-b55f-d73e2b89b616");
Deleted : user_pref("CT3196716.alertChannelId", "1613210");
Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Mon Jul 01 2013 17:43:43 GMT+1000 (AUS Eastern St[...]
Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Mon Jul 01 2013 17:43:43 GMT+1000 (AUS East[...]
Deleted : user_pref("CT3196716.HasUserGlobalKeys", true);
Deleted : user_pref("CT3196716.initDone", true);
Deleted : user_pref("CT3196716.IsGrouping", false);
Deleted : user_pref("CT3196716.Locale", "en");
Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3196716.revertSettingsEnabled", true);
Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Mon Jul 01 2013 17:43:43 GMT+1000 (AUS Eastern Stand[...]
Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Mon Jul 01 2013 17:43:43 GMT+1000 (AUS Eastern Standar[...]
Deleted : user_pref("CT3196716.SettingsLastUpdate", "1372663975");
Deleted : user_pref("CT3196716.testingCtid", "");
Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Mon Jul 01 2013 17:43:41 GMT+1000 (AUS Eastern[...]
Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Mon Jul 01 2013 17:43:43 GMT+1000 (AUS Easte[...]
Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Mon Jul 01 2013 17:43:43 GMT+1000 (AUS Easte[...]
Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1372664619");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1372664619);
Deleted : user_pref("extensions.crossriderapp2258.bic", "13f992fe04b42c6225c181011032cb68");
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1372664619);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22877744);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22877744);
Deleted : user_pref("extensions.crossriderapp2258.reportInstall", true);
Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "orgnl");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.dfltLng", "");
Deleted : user_pref("extensions.Softonic.dfltSrch", true);
Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.dspOld", "MyStart Search");
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.hmpg", true);
Deleted : user_pref("extensions.Softonic.id", "669dcf4f000000000000002269618415");
Deleted : user_pref("extensions.Softonic.instlDay", "15591");
Deleted : user_pref("extensions.Softonic.instlRef", "MON00001");
Deleted : user_pref("extensions.Softonic.lastVrsnTs", "1.6.4.314:59:55");
Deleted : user_pref("extensions.Softonic.newTab", false);
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Deleted : user_pref("extensions.Softonic.smplGrp", "none");
Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.tlbrId", "base");
Deleted : user_pref("extensions.Softonic.vrsn", "1.6.4.3");
Deleted : user_pref("extensions.Softonic.vrsni", "1.6.4.3");
Deleted : user_pref("extensions.Softonic.vrsnTs", "1.6.4.314:59:55");
Deleted : user_pref("extensions.Softonic_i.dnsErr", true);
Deleted : user_pref("extensions.Softonic_i.hmpg", true);
Deleted : user_pref("extensions.Softonic_i.newTab", false);
Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.6.4.314:59:55");
Deleted : user_pref("extensions.wajam.affiliate_id", "4220");
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.trace_log", "1372664615038 - readAffiliateId - 64 bits - Error Message: [...]
Deleted : user_pref("extensions.wajam.unique_id", "A159077639CBE2844233380E7D38FB7D");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelat[...]
Deleted : user_pref("extentions.y2layers.installId", "504c3ca8-46c6-4145-a421-ac3f9739fd83");
 
File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\z1jbkpyl.default\prefs.js
 
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1359751141);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n//------------------  PLUGIN resource[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 27);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1359751141");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\n//------------------ USER PLUGIN GPL Plugin ([...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 116);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "13c977bd7a9c8811ed41458bb7819913");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1359751141);
Deleted : user_pref("extensions.crossriderapp2258.jsver", 3);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22662519);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22662531);
Deleted : user_pref("extensions.enabledAddons", "crossriderapp2258@crossrider.com:0.78.15,{99079a25-328f-4bd4-[...]
 
File : C:\Users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\lxx114p3.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.44] : keyword = "delta-search.com",
 
*************************
 
AdwCleaner[S1].txt - [55590 octets] - [07/07/2013 11:17:39]
 
########## EOF - C:\AdwCleaner[S1].txt - [55651 octets] ##########


#23 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 08 July 2013 - 07:50 PM

That should be all of them.



#24 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 July 2013 - 05:26 AM

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#25 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 09 July 2013 - 07:10 AM

what does this tool do and if i do something wrong what will happen



#26 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 July 2013 - 11:58 AM

Open this guide and everything is explain there:
http://www.bleepingc...to-use-combofix
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#27 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 10 July 2013 - 02:26 AM

ComboFix 13-07-09.01 - josh 10/07/2013  16:48:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.3325.1937 [GMT 10:00]
Running from: c:\users\josh\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\FREEWO~1\FREEwo~1.dll
c:\users\josh\AppData\Local\Temp\Rar$EXa0.651\hw.exe
c:\users\josh\AppData\Roaming\Roaming
c:\users\josh\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Williams\AppData\Roaming\DataSafeDotNet.exe
c:\users\Williams\Documents\~WRL0005.tmp
c:\users\Williams\Documents\~WRL2295.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  )))))))))))))))))))))))))))))))
.
.
2013-07-10 07:05 . 2013-07-10 07:09 -------- d-----w- c:\users\josh\AppData\Local\temp
2013-07-10 07:05 . 2013-07-10 07:05 -------- d-----w- c:\users\Williams\AppData\Local\temp
2013-07-10 07:05 . 2013-07-10 07:05 -------- d-----w- c:\users\Ken\AppData\Local\temp
2013-07-10 05:00 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E888C58-2445-4BCE-9BCF-93F61A78F209}\mpengine.dll
2013-07-09 06:58 . 2013-07-09 06:58 -------- d-----w- c:\users\josh\AppData\Roaming\Quest3D
2013-07-09 06:56 . 2013-07-09 06:56 -------- d-----w- c:\program files\NVIDIA Corporation
2013-07-09 00:47 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-08 08:41 . 2013-07-08 08:41 -------- d-----w- c:\users\josh\AppData\Local\Unity
2013-07-07 01:18 . 2013-07-07 01:23 193 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-07 01:12 . 2013-07-07 01:12 -------- d-----w- c:\windows\ERUNT
2013-07-07 01:11 . 2013-07-07 01:11 -------- d-----w- C:\JRT
2013-07-06 23:28 . 2013-07-06 23:28 -------- d-----w- c:\users\josh\AppData\Roaming\Uniblue
2013-07-03 21:49 . 2013-07-03 21:49 -------- d-----w- c:\programdata\McAfee Security Scan
2013-07-03 21:47 . 2013-07-03 21:47 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-07-03 07:44 . 2013-07-03 07:44 -------- d-----w- c:\users\josh\AppData\Roaming\HPAppData
2013-07-03 07:43 . 2013-07-03 07:43 -------- d-----w- c:\program files\AMD APP
2013-07-03 07:36 . 2013-07-03 07:36 -------- d-----w- c:\program files\ATI
2013-07-03 07:35 . 2013-07-03 07:35 -------- d-----w- C:\AMD
2013-07-03 06:50 . 2013-07-04 01:23 -------- d-----w- C:\@RestoreQuarantine
2013-07-03 03:20 . 2013-07-03 03:20 -------- d-----w- C:\BackSys
2013-07-02 22:59 . 2013-07-02 22:59 40208 ----a-w- c:\windows\system32\Partizan.exe
2013-07-02 22:59 . 2013-07-02 22:59 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2013-07-02 22:24 . 2013-07-10 07:09 -------- d-----w- c:\programdata\RegRun
2013-07-02 22:24 . 2013-07-02 22:24 32290 ----a-w- c:\windows\system32\drivers\Partizan.sys
2013-07-02 22:24 . 2013-07-02 22:24 2 --shatr- c:\windows\winstart.bat
2013-07-02 22:24 . 2013-06-04 02:23 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2013-07-02 22:24 . 2013-07-03 05:53 -------- d-----w- c:\program files\UnHackMe
2013-07-02 09:36 . 2013-07-02 09:40 -------- d-----w- c:\program files\BreakingNews
2013-07-02 09:34 . 2013-07-02 09:34 -------- d-----w- c:\users\josh\AppData\Local\TopArcadeHits
2013-07-01 15:35 . 2013-07-01 12:44 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54B1D383-4166-46AA-8AAC-D9BC7625F866}\gapaengine.dll
2013-07-01 12:12 . 2013-07-01 12:12 -------- d-----w- C:\9a65bd9af90ba97ce36c19
2013-07-01 12:05 . 2013-07-01 12:07 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-01 11:25 . 2013-07-01 11:25 -------- d-----w- c:\users\josh\AppData\Roaming\Malwarebytes
2013-07-01 06:44 . 2013-07-01 06:44 -------- d-----w- c:\users\Williams\AppData\Roaming\Malwarebytes
2013-07-01 06:43 . 2013-07-01 06:43 -------- d-----w- c:\programdata\Malwarebytes
2013-07-01 06:43 . 2013-07-01 06:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-01 06:43 . 2013-04-04 04:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-01 06:42 . 2013-07-01 06:42 -------- d-----w- c:\programdata\1E1A5
2013-07-01 00:49 . 2013-07-01 00:49 -------- d-----w- c:\users\josh\AppData\Local\Macromedia
2013-07-01 00:48 . 2013-07-01 00:48 -------- d-----w- c:\users\josh\AppData\Local\Mozilla
2013-06-29 05:26 . 2013-06-29 05:26 -------- d-----w- c:\users\josh\AppData\Roaming\MotioninJoy
2013-06-29 05:26 . 2009-11-24 05:29 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-06-29 05:26 . 2009-09-11 02:47 255496 ----a-w- c:\windows\system32\MijFrc.dll
2013-06-29 05:26 . 2013-06-29 05:27 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2013-06-28 23:40 . 2007-06-29 04:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2013-06-28 23:40 . 2013-06-28 23:40 -------- d-----w- c:\program files\AMD
2013-06-28 23:39 . 2013-07-09 06:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-25 06:31 . 2013-07-04 23:58 -------- d-----w- c:\program files\McAfee Security Scan
2013-06-25 06:28 . 2013-06-25 06:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 06:39 . 2013-06-21 06:39 -------- d-----w- c:\users\josh\AppData\Roaming\.StarMade
2013-06-18 11:43 . 2013-06-18 11:43 -------- d-----w- c:\users\josh\AppData\Roaming\3909 LLC
2013-06-17 12:00 . 2013-06-17 12:00 -------- d-----w- c:\users\josh\AppData\Local\IsolatedStorage
2013-06-15 09:10 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-11 21:13 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 21:13 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 21:13 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 21:13 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 21:13 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 21:13 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 21:13 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-11 21:13 . 2013-05-08 03:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 21:13 . 2013-05-08 01:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-06-11 21:12 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-11 21:12 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-11 21:12 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 06:24 . 2012-05-12 23:10 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-25 06:24 . 2011-11-05 20:14 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 07:39 . 2012-11-11 06:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 07:39 . 2012-11-11 06:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 01:43 . 2013-05-15 08:23 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-28 07:58 . 2013-04-11 01:15 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-28 07:58 . 2013-05-28 07:46 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-28 07:58 . 2013-04-11 01:15 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-28 07:42 . 2013-04-11 01:15 138056 ----a-w- c:\users\josh\AppData\Roaming\PnkBstrK.sys
2013-05-28 07:41 . 2013-04-11 01:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-05-22 12:15 . 2013-05-22 12:16 18584 ----a-w- c:\windows\system32\drivers\evolve.sys
2013-05-13 10:53 . 2009-08-18 01:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2009-10-31 05:22 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-15 00:13 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 00:13 37376 ----a-w- c:\windows\system32\cdd.dll
2012-07-31 23:29 . 2011-12-25 07:52 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E}]
2013-06-03 08:17 373904 ----a-w- c:\program files\BreakingNews\ScriptHost.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Steam"="c:\program files\Steam\steam2\steam.exe" [2013-07-10 1672616]
"Desura"="c:\program files\Desura\desura.exe" [2012-11-24 2529096]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Dxtory Update Checker 2.0"="c:\program files\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"EvolveClient"="c:\program files\Echobit\Evolve\EvolveClient.exe" [2013-07-04 2708440]
"BreakingNews"="c:\program files\BreakingNews\BreakingNews\DesktopContainer.exe" [2013-06-26 572048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-20 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6609440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 3810304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-08-23 1890304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-01 15:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-13 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - Partizan
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-18 21:23 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-06-18 21:02 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 13:05]
.
2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000Core.job
- c:\users\Williams\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 23:55]
.
2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000UA.job
- c:\users\Williams\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 23:55]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 01:05]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 01:05]
.
2013-07-09 c:\windows\Tasks\Norton Security Scan for Williams.job
- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-14 16:30]
.
2013-07-10 c:\windows\Tasks\TopArcadeHits.job
- c:\users\josh\AppData\Local\TopArcadeHits\updater.exe [2013-07-02 09:34]
.
.
------- Supplementary Scan -------
.
IE: {{45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\
FF - prefs.js: browser.startup.homepage - 
FF - ExtSQL: 2013-05-17 18:16; {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - ExtSQL: 2013-06-30 10:51; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF - ExtSQL: 2013-07-01 08:23; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
HKU-Default-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
SafeBoot-64454901.sys
SafeBoot-81080568.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-BattlEye for A2 - c:\program files\Steam\steam2\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-FarmingSimulator2013DemoEN_is1 - c:\program files\Farming Simulator 2013 Demo\unins000.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-Picasa 3 - c:\users\josh\Desktop\Picasa3\Uninstall.exe
AddRemove-Steam App 42690 - c:\program files\Steam\steam.exe
AddRemove-Steam App 42910 - c:\program files\Steam\steam.exe
AddRemove-Xfire - c:\users\josh\Desktop\Xfire\uninst.exe
AddRemove-Zoom Downloader - c:\program files\Zoom Downloader\uninstall.exe
AddRemove-{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1 - c:\program files\MotioninJoy\unins000.exe
AddRemove-{cb6d194b-149b-4e28-9b6b-fd0bdaa2aa7c}_is1 - c:\program files\DownTangoLauncherToolbar\unins001.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-10 17:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\josh\AppData\Roaming\Microsoft\Windows\Cookies\1UK7P2IU.txt
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atiesrxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\system32\atieclxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FreeWordHelper\FreeWordHelperUpdt.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\windows\system32\PnkBstrB.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2013-07-10  17:18:22 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-10 07:18
.
Pre-Run: 74,509,103,104 bytes free
Post-Run: 75,847,147,520 bytes free
.
- - End Of File - - 9FD560F6DC658FD0EDA919125AD5FC45
5C616939100B85E558DA92B899A0FC36


#28 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 July 2013 - 03:37 AM

Please uninstall this application: TopArcadeHits and next:

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#29 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 10 July 2013 - 04:54 AM

i turned my pc on and a message came up saying "The recycle bin on C:\ is corrupted. Do you want to empty bin for this drive?" i clicked yes and one file couldn't be deleted called Antimalwere and i did a scan on it with malwerebytes and this is the log. im not sure how to get rid of it. Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.07.10.03
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
josh :: WILLIAMS-PC [administrator]
 
Protection: Enabled
 
10/07/2013 7:48:36 PM
mbam-log-2013-07-10 (19-48-36).txt
 
Scan type: Custom scan (C:\Users\josh\Desktop\Recycle Bin - Shortcut.lnk|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#30 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 July 2013 - 04:57 AM

Try the suggestion at this answer:
http://stackoverflow...-command-prompt
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#31 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 10 July 2013 - 05:03 AM

ok



#32 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 10 July 2013 - 05:05 AM

and i cant get rid of a popup that pops up when i turn my pc on. in task manager its called DesktopContainer.exe



#33 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 10 July 2013 - 05:09 AM

it didnt work



#34 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 July 2013 - 07:53 AM

Please uninstall this application: BreakingNews , reboot and let me know.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#35 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 10 July 2013 - 05:35 PM

i have tried to uninstall BreakingNews and i only have the option to change it i cant uninstall it.



#36 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 10 July 2013 - 05:37 PM

C:\found.001\dir0000.chk\wajam_adknowledge[1].exe Win32/Wajam.A application cleaned by deleting - quarantined
C:\Program Files\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Program Files\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application cleaned by deleting - quarantined
C:\Program Files\~Web Assistant\Extension32.dll a variant of Win32/Toolbar.Perion.A application cleaned by deleting - quarantined
C:\Program Files\~Web Assistant\ExtensionUpdaterService.exe a variant of Win32/Toolbar.Perion.C application cleaned by deleting - quarantined
C:\Program Files\~Web Assistant\InstallerHelper.dll a variant of Win32/Toolbar.Perion.B application cleaned by deleting - quarantined
C:\Program Files\~Web Assistant\source.crx Win32/Toolbar.Perion.D application deleted - quarantined
C:\Program Files\~Web Assistant\Firefox\chrome\content\main.js Win32/Toolbar.Perion.D application cleaned by deleting - quarantined
C:\Users\josh\Desktop\cbsidlm-tr1_13-UnHackMe-ORG-68786.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\josh\Desktop\Minecraft Launcher by AnjoCaido.exe a variant of Win32/4Shared.D application cleaned by deleting - quarantined
C:\Users\josh\Desktop\my stuff\shit shit shit\MY STUFF\PROGRAMS\mp3rocket.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\josh\Downloads\bs_ScreenFlow.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\josh\Downloads\Download.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\josh\Downloads\Hack-Dayz (1).exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined
C:\Users\josh\Downloads\Hack-Dayz (2).exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined
C:\Users\josh\Downloads\Hack-Dayz.exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined
C:\Users\josh\Downloads\installer_gta-sanandreas_English.exe a variant of Win32/Vittalia.E application cleaned by deleting - quarantined
C:\Users\josh\Downloads\SoftonicDownloader_for_farming-simulator-2013.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\josh\Downloads\TIMMUR-HAX-Updated 1.7.4.4 be 1.185.exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined
C:\Users\josh\Downloads\xfire_installer_46071.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\josh\Downloads\Terraria\Terraria.v1.0.4.cracked-THETA.rar a variant of Win32/HackTool.Crack.B application deleted - quarantined
C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1\background.html JS/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1\yl.js JS/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Williams\Desktop\CheatEngine62.exe multiple threats cleaned by deleting - quarantined
C:\Users\Williams\Desktop\SoftonicDownloader_for_slender.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\Williams\Desktop\computer stuff\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe multiple threats cleaned by deleting - quarantined
C:\Users\Williams\Desktop\minecraft server al3\softonic_ggl_1.6.4.3.exe Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\ac3filter_app_1200.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\BandooV5.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\dexpot_161_r2121.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\DownloadSetup.exe Win32/InstallMate.A application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\FastDownload.exe Win32/InstallMate.A application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\installer_7-zip.exe multiple threats cleaned by deleting - quarantined
C:\Users\Williams\Downloads\Installer_Regwork.exe a variant of Win32/Adware.RegRevive application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\jenkatarcade.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\PCHealthDoc_Unzip.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\SoftonicDownloader_for_call-of-duty-4.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\SoftonicDownloader_for_steam.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\SweetImSetup (1).exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\SweetImSetup (2).exe a variant of Win32/SweetIM.C application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
C:\Users\Williams\Downloads\winzip160.exe Win32/OpenCandy application deleted - quarantined
C:\Windows\Installer\512167a.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Windows\Installer\89ad046.msi a variant of Win32/Toolbar.Linkury.A application deleted - quarantined


#37 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 11 July 2013 - 03:20 AM

How are things there after ESET Online Scanner?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#38 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 11 July 2013 - 04:22 AM

there good but i cant get uninstall BreakingNews



#39 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 11 July 2013 - 04:38 AM

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#40 iDayzKilla

iDayzKilla

    Regular Member

  • Members
  • PipPip
  • 55 posts

Posted 11 July 2013 - 05:56 AM

is it normal that my internet on the computer has gotten very slow 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users