bmg

Honorary Members
  • Content count

    129
  • Joined

  • Last visited

About bmg

  • Rank
    Advanced Member
  1. Is this is for Vista only? I am running Windows 7. Also, the disc will not launch for any reason, not only 'autoplay/autorun' not workkng...
  2. It is 64 bit, so I would think the former.
  3. Was able to scan, despite warnings as above. gmer.log
  4. This program will not launch. The error message says it cannot access the file: windows/system32/config/system because it's being used by another program.
  5. Here are the files: FRST.txt Addition.txt
  6. See above post...
  7. This computer has now been crashing with regards to video card problems; can this be due to something that was done here?
  8. Computer seems to be working better, but - Still cannot launch games form the CD drive. Halo, Generals, BF2 all used to work, but don't any longer; is this virus related? Was able to play a DVD through My DVD, but nothing happens when the icons are clicked for the above programs. You wrote: 'We'll address a DNS change later.' What is this? Also, what would be a good anit-virus to get?
  9. ComboFix 15-09-25.01 - L33tMaN 09/29/2015 18:46:21.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8090.5100 [GMT -4:00] Running from: c:\users\L33tMaN\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\DataFile\Downloads\sysTech.txt c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\hpeBTP.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lEWGE.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\hpeBTP.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lEWGE.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\hpeBTP.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lEWGE.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\hpeBTP.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lEWGE.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\hpeBTP.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lEWGE.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\hpeBTP.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\111\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lEWGE.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg\5.14\manifest.json c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bklnjbfcmglhiaoppcckdodanccbelcg c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bklnjbfcmglhiaoppcckdodanccbelcg\000003.log c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bklnjbfcmglhiaoppcckdodanccbelcg\CURRENT c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bklnjbfcmglhiaoppcckdodanccbelcg\LOCK c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bklnjbfcmglhiaoppcckdodanccbelcg\LOG c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bklnjbfcmglhiaoppcckdodanccbelcg\MANIFEST-000001 c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bklnjbfcmglhiaoppcckdodanccbelcg_0.localstorage-journal c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bklnjbfcmglhiaoppcckdodanccbelcg_0.localstorage c:\users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\L33tMaN\AppData\Local\Temp\0KrakenDevProps.dll c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico c:\windows\iun6002.exe c:\windows\SysWow64\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2015-08-28 to 2015-09-29 ))))))))))))))))))))))))))))))) . . 2015-09-29 23:05 . 2015-09-29 23:06 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp 2015-09-29 23:05 . 2015-09-29 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-09-29 23:05 . 2015-09-29 23:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2015-09-29 23:05 . 2015-09-29 23:05 -------- d-----w- c:\users\cynical\AppData\Local\temp 2015-09-29 19:09 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5539BBB9-BB5B-4D9E-BBB1-F28A505DEEA6}\mpengine.dll 2015-09-29 19:05 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-09-24 17:44 . 2015-07-02 10:31 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B35C8A0-1E36-43E9-AE02-02D25AEC13F1}\gapaengine.dll 2015-09-18 18:43 . 2015-09-18 18:43 -------- d-----w- C:\ERUNT 2015-09-15 17:12 . 2015-09-29 23:09 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-09-15 17:11 . 2015-06-18 12:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-09-15 17:11 . 2015-06-18 12:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-09-15 17:11 . 2015-06-18 12:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-09-14 13:11 . 2015-09-14 13:11 -------- d-----w- c:\programdata\RzSurroundVAD_1.1.60.0 2015-09-14 12:58 . 2015-09-14 13:08 -------- d-----w- c:\programdata\DataFile 2015-09-14 12:34 . 2015-09-14 16:59 -------- d-----w- c:\program files (x86)\7-Zip 2015-09-14 12:34 . 2015-09-14 12:35 -------- d-----w- c:\users\L33tMaN\AppData\Local\nermt2rtmkjhltl 2015-09-14 12:34 . 2015-09-14 12:35 -------- d-----w- c:\users\L33tMaN\AppData\Local\nedmbgrvmmjhytl 2015-09-14 12:27 . 2015-09-14 12:27 -------- d-----w- c:\program files (x86)\1e7161e4-e163-4053-9ffa-e5cff4ce8d48 2015-09-14 12:25 . 2015-09-14 12:25 -------- d-----w- c:\users\L33tMaN\AppData\Roaming\Opera Software 2015-09-14 12:25 . 2015-09-14 12:25 -------- d-----w- c:\users\L33tMaN\AppData\Local\Opera Software 2015-09-14 12:24 . 2015-09-14 16:59 -------- d-----w- c:\program files (x86)\Opera 2015-09-12 15:50 . 2015-09-26 14:03 11376 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS 2015-09-12 03:54 . 2015-06-25 10:06 115136 ----a-w- c:\windows\system32\consent.exe 2015-09-12 03:51 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll 2015-09-11 20:49 . 2015-09-16 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-09-07 05:16 . 2015-09-07 05:16 -------- d-----w- c:\users\L33tMaN\AppData\Roaming\Steam 2015-09-07 05:16 . 2015-09-07 05:16 -------- d-----w- c:\users\L33tMaN\AppData\Roaming\NekoWorks 2015-09-07 02:43 . 2015-09-07 02:43 -------- d-----w- c:\users\L33tMaN\AppData\Local\Mega Limited 2015-09-07 02:43 . 2015-09-07 02:43 -------- d-----w- c:\users\L33tMaN\AppData\Local\MEGAsync . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-09-24 15:39 . 2013-10-12 04:20 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2015-09-22 19:07 . 2012-06-08 03:58 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-09-22 19:07 . 2012-06-08 03:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-08-26 22:37 . 2012-07-10 21:42 134753440 ----a-w- c:\windows\system32\MRT.exe 2015-08-07 14:54 . 2015-08-07 14:54 90112 ----a-w- c:\windows\SysWow64\rzdevinfo.dll 2015-07-30 18:06 . 2015-08-11 19:53 1648128 ----a-w- c:\windows\system32\DWrite.dll 2015-07-30 18:06 . 2015-08-11 19:53 1180160 ----a-w- c:\windows\system32\FntCache.dll 2015-07-30 18:06 . 2015-08-11 19:53 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2015-07-30 17:57 . 2015-08-11 19:53 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-07-30 17:57 . 2015-08-11 19:53 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2015-07-30 13:13 . 2015-08-12 00:29 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-07-30 13:13 . 2015-08-12 00:29 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-07-28 20:09 . 2015-08-11 19:54 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-07-28 20:05 . 2015-08-11 19:54 774656 ----a-w- c:\windows\system32\invagent.dll 2015-07-28 20:05 . 2015-08-11 19:54 743424 ----a-w- c:\windows\system32\generaltel.dll 2015-07-28 20:05 . 2015-08-11 19:54 437760 ----a-w- c:\windows\system32\devinv.dll 2015-07-28 20:05 . 2015-08-11 19:54 1116672 ----a-w- c:\windows\system32\appraiser.dll 2015-07-28 20:05 . 2015-08-11 19:54 69120 ----a-w- c:\windows\system32\acmigration.dll 2015-07-28 20:05 . 2015-08-11 19:54 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-07-28 19:55 . 2015-08-11 19:54 1148416 ----a-w- c:\windows\system32\aeinv.dll 2015-07-22 17:53 . 2015-09-12 03:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-07-21 17:43 . 2015-07-21 17:43 113880 ----a-w- c:\windows\system32\drivers\265F687A.sys 2015-07-15 18:15 . 2015-08-11 19:54 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-07-15 18:10 . 2015-08-11 19:54 1743360 ----a-w- c:\windows\system32\sysmain.dll 2015-07-15 18:10 . 2015-08-11 19:54 11264 ----a-w- c:\windows\system32\msmmsp.dll 2015-07-15 03:19 . 2015-08-11 19:53 52736 ----a-w- c:\windows\system32\basesrv.dll 2015-07-10 17:51 . 2015-08-11 19:53 44032 ----a-w- c:\windows\system32\tsgqec.dll 2015-07-10 17:51 . 2015-08-11 19:53 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-07-10 17:51 . 2015-08-11 19:53 3722752 ----a-w- c:\windows\system32\mstscax.dll 2015-07-10 17:51 . 2015-08-11 19:53 158720 ----a-w- c:\windows\system32\aaclient.dll 2015-07-10 17:34 . 2015-08-11 19:53 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2015-07-10 17:34 . 2015-08-11 19:53 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll 2015-07-10 17:33 . 2015-08-11 19:53 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2015-07-09 17:57 . 2015-08-11 19:53 193536 ----a-w- c:\windows\system32\notepad.exe 2015-07-09 17:57 . 2015-08-11 19:53 193536 ----a-w- c:\windows\notepad.exe 2015-07-09 17:42 . 2015-08-11 19:53 179712 ----a-w- c:\windows\SysWow64\notepad.exe 2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe 2015-07-04 18:07 . 2015-07-14 18:42 2087424 ----a-w- c:\windows\system32\ole32.dll 2015-07-04 17:48 . 2015-07-14 18:42 1414656 ----a-w- c:\windows\SysWow64\ole32.dll 2015-07-02 10:31 . 2012-07-10 21:47 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending] @="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" [HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}] 2014-05-01 14:15 463360 ----a-w- c:\users\L33tMaN\AppData\Local\MEGAsync\ShellExtX32.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced] @="{05B38830-F4E9-4329-978B-1DD28605D202}" [HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}] 2014-05-01 14:15 463360 ----a-w- c:\users\L33tMaN\AppData\Local\MEGAsync\ShellExtX32.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing] @="{0596C850-7BDD-4C9D-AFDF-873BE6890637}" [HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}] 2014-05-01 14:15 463360 ----a-w- c:\users\L33tMaN\AppData\Local\MEGAsync\ShellExtX32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-08-11 593216] "KrakenLauncher"="c:\program files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenHelper.exe" [2015-08-14 1599808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/06/07 23:20;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x] R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 MSI_ODD_Service;MSI_ODD_Service;c:\program files (x86)\msi\ODD Monitor\ODD_Monitor.exe;c:\program files (x86)\msi\ODD Monitor\ODD_Monitor.exe [x] S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x] S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [x] S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x] S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 NTIOLib_X64;NTIOLib_X64;c:\program files (x86)\msi\ODD Monitor\NTIOLib_X64.sys;c:\program files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys;c:\windows\SYSNATIVE\drivers\rusb3hub.sys [x] S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys;c:\windows\SYSNATIVE\drivers\rusb3xhc.sys [x] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x] S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *Deregistered* - CLKMDRV10_9EC60124 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-09-26 03:30 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 19:07] . 2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-19 21:36] . 2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-19 21:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending] @="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" [HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}] 2014-05-01 14:13 470016 ----a-w- c:\users\L33tMaN\AppData\Local\MEGAsync\ShellExtX64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced] @="{05B38830-F4E9-4329-978B-1DD28605D202}" [HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}] 2014-05-01 14:13 470016 ----a-w- c:\users\L33tMaN\AppData\Local\MEGAsync\ShellExtX64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing] @="{0596C850-7BDD-4C9D-AFDF-873BE6890637}" [HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}] 2014-05-01 14:13 470016 ----a-w- c:\users\L33tMaN\AppData\Local\MEGAsync\ShellExtX64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly] @="{7995D0FC-769B-4197-AEC0-991921CB99E1}" [HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}] 2014-07-31 02:09 89088 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_fb372.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock] @="{759F3E92-F4E8-4953-8315-238B8B17E0F3}" [HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}] 2014-07-31 02:09 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_fb372.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = www.google.com mDefault_Page_URL = www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com uInternet Settings,ProxyOverride = <-loopback> uSearchAssistant = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser// . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Allied Intent .2 client - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\Uninstal.exe AddRemove-Allied Intent Xtended - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\AIXuninstaller.exe AddRemove-Battlefield Pirates 2 - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\BFP2uninstaller.exe AddRemove-Browser+ Apps+ - c:\program files (x86)\Browser+ Apps+\Uninstall.exe AddRemove-FFOLKES Unlocks123 mod v1.4.1 - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\Uninstall_Unlocks123_mod.exe AddRemove-N.A.W 6..0 MAP Pack 16.0 - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\mods\naw\Uninstall\MP1\N.A.W AddRemove-N.A.W 6..0 MAP Pack 26.0 - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\mods\naw\Uninstall\MP1\N.A.W AddRemove-N.A.W 6..0 MAP Pack 36.0 - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\mods\naw\Uninstall\MP1\N.A.W AddRemove-N.A.W 6..0 MAP Pack 46.0 - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\mods\naw\Uninstall\MP1\N.A.W AddRemove-Nations at War6.0 - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\\mods\\naw\\Uninstall\MOD\N.A.W AddRemove-Project Raptor 9.0 - c:\users\L33tMaN\Desktop\Project raptor\Command & Conquer Generals Zero Hour\Uninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-Realistic Weapon Mod v3.2 - c:\users\L33tMaN\Desktop\Weapons mod\Command & Conquer Generals Zero Hour\Uninstall.exe AddRemove-Savings Explorer - c:\program files (x86)\Savings Explorer\Uninstall.exe AddRemove-WOoKie Sniper Mod - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\uninst.exe AddRemove-{B0EC0808-6922-8705-C255-F9C79C315BD5} - c:\program files (x86)\AutooDeaLsApp\44HCjzSVXD3dZe.exe AddRemove-{C2E3DB8B-C43B-9203-7BE7-D03BA334FD8A} - c:\program files (x86)\NeoBux AdAlert\NeoBux AdAlert.exe AddRemove-{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62} - c:\program files (x86)\Block Sender\Block Sender.exe AddRemove-Arctic Warfare - c:\program files (x86)\Origin Games\Battlefield 2 Complete Collection\Uninstal.exe AddRemove-ROTR GLA Beta 1.7 - c:\users\L33tMaN\Desktop\rotr 3\Command & Conquer Generals Zero Hour\Uinst_ROTR_Beta17.exe AddRemove-Virtual Families Packages - c:\users\L33tMaN\AppData\Roaming\0F0C1V0V1L1C2Z2Y1T1I0F1T1H1L1I1L1P1B\Virtual Families Packages\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.19" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe c:\programdata\Razer\Synapse\RzStats\RzStats.Manager.exe c:\program files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe c:\users\L33tMaN\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe c:\program files\Alienware\Command Center\AlienFusionController.exe . ************************************************************************** . Completion time: 2015-09-29 19:19:09 - machine was rebooted ComboFix-quarantined-files.txt 2015-09-29 23:19 . Pre-Run: 428,554,059,776 bytes free Post-Run: 429,760,528,384 bytes free . - - End Of File - - 7B518F3D97FDF6F780466B462B5B3D45 5FB38429D5D77768867C76DCBDB35194
  10. Here are the logs: mb.txt eset.txt FRST.txt Addition.txt
  11. Clicked 'clean up.' Didn't exclude any items. Should this be run again? Also noticed after running this, I could no longer launch the 'Steam' application, though didn't see it in the quarantined folder. (All this computer is used for, basically.) Seems it was already running, so I got it to launch after closing it in the taskbar. (Not sure why this happened and hope it doesn't again.)
  12. # AdwCleaner v5.008 - Logfile created 23/09/2015 at 13:31:02 # Updated 18/09/2015 by Xplode # Database : 2015-09-23.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : L33tMaN - ________ # Running from : C:\Users\L33tMaN\Desktop\AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files\Controller [-] Folder Deleted : C:\Program Files (x86)\Bubble Dock [-] Folder Deleted : C:\Program Files (x86)\Sk.Enhancer [-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion [-] Folder Deleted : C:\Program Files (x86)\ALlSaaver [-] Folder Deleted : C:\Program Files (x86)\ExistrASaavinngs [-] Folder Deleted : C:\Program Files (x86)\PRiiceMinus [-] Folder Deleted : C:\ProgramData\Yahoo! Companion [-] Folder Deleted : C:\ProgramData\{226b2d74-c3ad-4dd1-226b-b2d74c3ab5d3} [-] Folder Deleted : C:\ProgramData\{860fbafa-4178-4a7f-860f-fbafa417ebe9} [-] Folder Deleted : C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [-] Folder Deleted : C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [-] Folder Deleted : C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [-] Folder Deleted : C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [-] Folder Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan [-] Folder Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [-] Folder Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [-] Folder Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan [-] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [-] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [-] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [!] Folder Not Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\cynical\AppData\LocalLow\Yahoo! Companion [-] Folder Deleted : C:\Users\cynical\AppData\LocalLow\Yahoo!\Companion [-] Folder Deleted : C:\Users\cynical\AppData\Roaming\SmartPCFix [-] Folder Deleted : C:\Users\cynical\AppData\Roaming\Yahoo!\Companion [-] Folder Deleted : C:\Users\cynical\AppData\Roaming\Note-up [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [!] Folder Not Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [-] Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\Yahoo! Companion [-] Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\Yahoo!\Companion [-] Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Note-up [-] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [-] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [-] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [-] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [-] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [-] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Not Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg ***** [ Files ] ***** [-] File Deleted : C:\END [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml [-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll [-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage-journal [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage-journal [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage-journal [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage [-] File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0 [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0 [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0 [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage [-] File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : Microsoft\Windows\Multimedia\SMupdate3 [-] Task Deleted : Microsoft\Windows\Maintenance\SMupdate2 [-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv [-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe [-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL [-] Key Deleted : HKCU\Software\Classes\PepperZip [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATATABLE [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATATABLE.1 [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS.1 [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER.1 [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC.1 [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER.1 [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.WATCHDOG [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.WATCHDOG.1 [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATACONTAINER.1 [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER.1 [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS [-] Key Deleted : HKLM\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS.1 [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Plus-HD-2.5-bg.exe] [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [CinemaP-1.4-bg.exe] [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe] [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Object Browser-bg.exe] [-] Key Deleted : HKLM\SOFTWARE\5639a013-5a88-4d30-99fe-a7151180e009 [-] Key Deleted : HKLM\SOFTWARE\63326ab5-27bf-4aea-8487-1689c16f2478 [-] Key Deleted : HKLM\SOFTWARE\84672fb6-34c3-4b08-aba2-83886c747c51 [-] Key Deleted : HKLM\SOFTWARE\961bf9c5-9db6-4acc-a706-f7694ce4d8ff [-] Key Deleted : HKLM\SOFTWARE\b5b152ef-433f-4fb2-8f59-32cb06ef3486 [-] Key Deleted : HKLM\SOFTWARE\b7ba6cd9-7907-43d1-ab0b-688e774d578d [-] Key Deleted : HKLM\SOFTWARE\c324a151-5a08-ebb0-b38b-d3da6c2d5b7b [-] Key Deleted : HKLM\SOFTWARE\d4a5ac3f-463f-33d4-fdb8-957f025474c4 [-] Key Deleted : HKLM\SOFTWARE\ee73cdb7-3795-48dd-956b-fb198499fccf [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069} [-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{103089DA-0F31-4A8B-843F-7D24A7FE8345}] [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486} [-] Key Deleted : HKU\.DEFAULT\Software\IM [-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\allday savings [-] Key Deleted : HKCU\Software\USyndication [-] Key Deleted : HKCU\Software\YTDownloader [-] Key Deleted : HKCU\Software\WeatherAlerts [-] Key Deleted : HKCU\Software\Yahoo\Companion [-] Key Deleted : HKCU\Software\WEBAPP [-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKCU\Software\AppDataLow\Software\TheBestDeals [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [-] Key Deleted : HKLM\SOFTWARE\SK.Enhancer [-] Key Deleted : HKLM\SOFTWARE\YTDownloader [-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} [-] Key Deleted : HKLM\SOFTWARE\SearchModule [-] Key Deleted : HKLM\SOFTWARE\RrFilter [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wp-dcollect-tgu [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} [!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{317D8BB4-16C3-CFBD-3777-AED69667DA46} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45606A90-3363-3A3B-1C15-C40E77F4DAA0} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3} [!] Key Not Deleted : [x64] HKCU\Software\USyndication [!] Key Not Deleted : [x64] HKCU\Software\YTDownloader [!] Key Not Deleted : [x64] HKCU\Software\WeatherAlerts [!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion [!] Key Not Deleted : [x64] HKCU\Software\WEBAPP [-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader [-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule [!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser [!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\allday savings [!] Key Not Deleted : HKU\S-1-5-21-383299565-3798718073-3649502856-1001\Software\AppDataLow\Software\TheBestDeals [!] Key Not Deleted : HKU\S-1-5-21-383299565-3798718073-3649502856-1001\Software\AppDataLow\Software\Yahoo\Companion [!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Object Browser [!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\allday savings [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF ***** [ Web browsers ] ***** [-] [C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js] [Preference] Deleted : user_pref("extensions.4cxz.scode", "(function(){try{if(window.location.href.indexOf(\"rHs5rdY4rTC7rdwHrTU5qTn8qn\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.com\",\"invest[...] [-] [C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js] [Preference] Deleted : user_pref("extensions.B2I0UDpOevhAMnoX.scode", "(function(){try{if(window.location.href.indexOf(\"rHs8qTYEpjg4pja6rTs7qHr6qY\")>-1){return;}}catch(e){}try{var d=[[\"livewebcams.xyz\",\"secure.dditserv[...] [-] [C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js] [Preference] Deleted : user_pref("extensions.EEY79SIdxU8dWIV0.scode", "(function(){try{if(window.location.href.indexOf(\"pdg5rdU6qdsErjr5rTwEqdYHqn\")>-1){return;}}catch(e){}try{var d=[[\"livewebcams.xyz\",\"secure.dditserv[...] [-] [C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js] [Preference] Deleted : user_pref("extensions.GrCb94XXGngIwp4Z.scode", "(function(){try{if(window.location.href.indexOf(\"rHs8qTYEpjg4pja6rTs7qHr6qY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...] [-] [C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js] [Preference] Deleted : user_pref("extensions.hRcXpsUGTkfUibJ8.scode", "(function(){try{if(window.location.href.indexOf(\"rjn4qdk5pjw6qHrEqjr7qHC5qY\")>-1){return;}}catch(e){}try{var d=[[\"livewebcams.xyz\",\"secure.dditserv[...] [-] [C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js] [Preference] Deleted : user_pref("extensions.n0tYhDyCZgMlIyYx.scode", "(function(){try{if(window.location.href.indexOf(\"rHs8qTYEpjg4pja6rTs7qHr6qY\")>-1){return;}}catch(e){}try{var d=[[\"livewebcams.xyz\",\"secure.dditserv[...] [-] [C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com [-] [C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com [-] [C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : cassiopesa.com [-] [C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://www.cassiopessa.com/?f=7&a=csp_tuto1_15_38&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0StCtAyDtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0CzztCyDyC0F0DtAtG0CtDtC0CtGyE0EtDyCtG0AyE0BtCtGyB0FzztB0E0EyD0Fzy0AtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzztB0DyEtAzztAtGzy0AyEzztGyE0D0CyCtG0A0C0AtAtGtB0A0B0AtDzzyDzzyB0CyD0E2QtN0A0LzutB&cr=1481738251&ir= [-] [C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi [-] [C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi [-] [C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi [-] [C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://searchy.easylifeapp.com/ [-] [C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi [-] [C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi [-] [C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [37341 bytes] ##########