trex2013

SecuredSearch2.lavasoft virus

20 posts in this topic

Hello Group,

 

I am trying to help my neighbor who is running Windows 7. His problem is that when he opens his browser (google chrome), two tabs open, one has the address  SecuredSearch2.Lavasoft.com and the other is his homepage. I have used Malawarebytes & CCCleaner to remove the bits left over from when I properly unistalled Lavasoft but without success. I tried to delete the Lavasoft folder but it tells me the file ShellExt_64.dll is currently in use and associated with Chrome.exe*33 which I assume is Google Chrome. I also went into task manager, disabled the Chrome.exe file and tried to delete ShellExt_64.dll without luck. ShellExt_64 cannot be found in taskmanager. I went into settings in Google Chrome and deleted any traces of Lavasoft in the search engine management tab. The problem I have described to you happens also with Internet Explorer. I could sure use the help.

 

Thank you

 

TRex

Share this post


Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites
DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 11/2/2010 3:26:51 PM

System Uptime: 7/29/2013 4:41:45 PM (0 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD |  | 760GM -E51 (MS-7596)

Processor: AMD Athlon II X3 445 Processor | CPU1 | 775/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 383.569 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP403: 6/16/2013 3:00:44 AM - Windows Update

RP404: 7/12/2013 3:00:40 AM - Windows Update

RP405: 7/13/2013 3:00:33 AM - Windows Update

RP406: 7/18/2013 3:00:29 AM - Windows Update

RP408: 7/28/2013 4:09:16 PM - Revo Uninstaller Pro's restore point - Yontoo 2.04.1

RP410: 7/28/2013 4:10:28 PM - Revo Uninstaller Pro's restore point - Incredibar Toolbar  on IE and Chrome

RP411: 7/29/2013 3:00:27 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Reader XI (11.0.03)

Adobe Shockwave Player 12.0

AMD USB Filter Driver

Anvi Smart Defender 1.9.1

ATI Catalyst Install Manager

AVG 2013

AVG Security Toolbar

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Complitly

D3DX10

Epson Event Manager

EPSON NX510 Series Printer Uninstall

EPSON Scan

EpsonNet Print

EpsonNet Setup

Google Chrome

Google Update Helper

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Help Viewer 1.0

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Open Freely

OpenOffice.org 3.2

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Search Protect by conduit

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)

swMSM

System Requirements Lab CYRI

Uninstall 1.0.0.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Veetle TV 0.9.18

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 1.1.11

vShare Plugin

WhiteSmoke US Toolbar

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yontoo 2.04.1

.

==== Event Viewer Messages From Past Week ========

.

7/29/2013 4:42:13 PM, Error: Service Control Manager [7000]  - The Yontoo Desktop Updater service failed to start due to the following error:  The system cannot find the file specified.

7/29/2013 4:28:45 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.

7/28/2013 3:12:56 PM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

7/28/2013 3:12:56 PM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x8007045B.

7/28/2013 1:59:58 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

7/28/2013 1:57:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

7/28/2013 1:56:45 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

7/28/2013 1:56:45 PM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

7/28/2013 1:53:45 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

7/28/2013 1:53:45 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

7/28/2013 1:50:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

7/28/2013 1:47:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

7/28/2013 1:43:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

7/28/2013 1:40:14 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

7/28/2013 1:37:14 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16635

Run by user at 16:49:35 on 2013-07-29

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1791.329 [GMT -7:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.








uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>

uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>

uURLSearchHooks: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - <orphaned>

uURLSearchHooks: {0b1be383-efa8-44d5-a7c2-9a39594575a1} - <orphaned>

uURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

mURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>

mURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 

TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: WhiteSmoke US Toolbar: {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [uninstall_CToolbar] <no file>

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe

mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

mRun: [b2C_AGENT] <no file>

dRun: [searchProtect] C:\Windows\System32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll





TCP: NameServer = 192.168.0.1

TCP: Interfaces\{EF3EBE51-D342-4D53-BB75-AA9D970EB573} : DHCPNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [b2C_AGENT] <no file>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-7-15 14456]

R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-7-28 18768]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 30568]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-13 203776]

R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-7-28 23376]

R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2013-7-21 742120]

R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-7-28 17232]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-28 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-28 701512]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-28 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-2 39480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Yontoo Desktop Updater;Yontoo Desktop Updater;"C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe" --> C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-14 1025352]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-4 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-10 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-10 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-3 1255736]

S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-07-29 20:47:08 -------- d-----w- C:\Users\user\AppData\Local\{1B977D57-F4BC-4BA3-9439-42D6650A2E50}

2013-07-29 10:00:58 -------- d-----w- C:\2a5844dcfd8f89b8724d70

2013-07-29 04:41:41 -------- d-----w- C:\Users\user\AppData\Local\{BFF51E42-0F84-44F3-B3D1-CE5826425B52}

2013-07-28 23:56:23 -------- d-----w- C:\Program Files\CCleaner

2013-07-28 23:17:11 -------- d-----w- C:\Users\user\AppData\Roaming\Anvisoft

2013-07-28 23:16:36 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys

2013-07-28 23:16:35 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys

2013-07-28 23:16:35 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys

2013-07-28 23:16:35 -------- d-----w- C:\ProgramData\Anvisoft

2013-07-28 23:16:19 -------- d-----w- C:\Program Files (x86)\Anvisoft

2013-07-28 23:07:32 -------- d-----w- C:\Users\user\AppData\Local\VS Revo Group

2013-07-28 23:07:25 -------- d-----w- C:\ProgramData\VS Revo Group

2013-07-28 23:06:22 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2013-07-28 20:52:31 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes

2013-07-28 20:52:20 -------- d-----w- C:\ProgramData\Malwarebytes

2013-07-28 20:52:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-28 20:52:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-28 16:10:17 -------- d-----w- C:\Users\user\AppData\Local\{543FC659-4394-40E0-89D3-B4E6E67738F2}

2013-07-27 20:36:51 -------- d-----w- C:\Users\user\AppData\Local\{BA0AA594-0C55-45AE-BACE-61E86A87FFBD}

2013-07-26 23:07:47 -------- d-----w- C:\Users\user\AppData\Local\{EA956A46-5B3F-4B53-9008-051A05644C5A}

2013-07-25 15:11:02 -------- d-----w- C:\Users\user\AppData\Local\{AE69DFD9-DD62-4EC0-B117-400690866050}

2013-07-24 20:25:25 -------- d-----w- C:\Users\user\AppData\Local\{55E9102A-FFA4-440B-9752-01588C6C08C3}

2013-07-23 21:00:35 -------- d-----w- C:\Users\user\AppData\Local\{CA772EC2-89F0-4C55-AADB-1DAE96608976}

2013-07-22 17:36:21 -------- d-----w- C:\Users\user\AppData\Local\{D4CBAF32-E401-4734-8DA4-38995FA59CB9}

2013-07-21 22:31:34 -------- d-----w- C:\Users\user\AppData\Local\{8B9F9FC2-0DCD-4837-9E81-7486562FE2BF}

2013-07-20 19:03:25 -------- d-----w- C:\Users\user\AppData\Local\{5BF2D91A-259A-494E-8BEA-6EF1A5D63E86}

2013-07-19 15:30:32 -------- d-----w- C:\Users\user\AppData\Local\{9EDDE6B6-FC3B-411D-86C6-BD3E3225E2FE}

2013-07-18 18:51:20 -------- d-----w- C:\Users\user\AppData\Local\{095DAB4C-D78E-4777-90C1-D8CF3C1BE483}

2013-07-18 10:01:02 -------- d-----w- C:\c19b8169c7bafc44cc12

2013-07-18 06:41:41 -------- d-----w- C:\Users\user\AppData\Local\{DF26788E-8D6D-435D-BDA1-1DE4DC156C05}

2013-07-17 16:30:23 -------- d-----w- C:\Users\user\AppData\Local\{76EA751C-1C00-4869-9D56-CFAB431BDEFE}

2013-07-16 19:07:49 -------- d-----w- C:\Users\user\AppData\Local\{71CFBB9B-C66A-41E7-8852-769DE2A44787}

2013-07-16 04:51:14 -------- d-----w- C:\Users\user\AppData\Local\{0CFCE42D-76F1-4003-86A0-CCA574970147}

2013-07-16 00:05:50 -------- d-----w- C:\Users\user\AppData\Roaming\LavasoftStatistics

2013-07-16 00:01:15 47496 ----a-w- C:\Windows\System32\sbbd.exe

2013-07-16 00:01:15 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2013-07-16 00:00:57 -------- d-----w- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus

2013-07-15 14:41:32 -------- d-----w- C:\Users\user\AppData\Local\{BFF34E80-336D-4C9D-B77A-405BDD49EE49}

2013-07-14 17:19:23 -------- d-----w- C:\Users\user\AppData\Local\{3DFE1670-2988-4740-BDF4-4250BB888D96}

2013-07-13 15:54:14 -------- d-----w- C:\Users\user\AppData\Local\{A079EAB5-49EA-4AAD-9ECB-A3079DAA7D85}

2013-07-13 15:44:29 -------- d-----w- C:\Users\user\AppData\Local\{360A5454-E085-4F3E-BA83-0650400A6CE9}

2013-07-13 10:01:05 -------- d-----w- C:\0c3d3ab03b620be87350d73dd3

2013-07-12 18:55:30 -------- d-----w- C:\Users\user\AppData\Local\{A948BE5D-58E5-45B1-BD35-33C3A263277B}

2013-07-12 10:12:58 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-12 10:12:58 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-12 03:55:03 -------- d-----w- C:\Users\user\AppData\Local\{06D77C09-BA15-4C7A-9141-883534856F6C}

2013-07-08 15:37:21 -------- d-----w- C:\Users\user\AppData\Local\{1AD01F39-09EA-495F-8CFD-06C9E0DE567F}

2013-07-04 03:11:05 -------- d-----w- C:\Users\user\AppData\Local\{2C68269B-F2B8-4D38-A895-05455E77321C}

2013-07-03 15:08:44 -------- d-----w- C:\Users\user\AppData\Local\{CDA118ED-6FB5-4C78-BC19-3F8C678A0FEF}

2013-07-02 23:19:29 -------- d-----w- C:\Users\user\AppData\Local\{1AD31157-7157-4E61-AAB8-DC5C73FAECEB}

2013-07-01 19:53:03 -------- d-----w- C:\Users\user\AppData\Local\{D342F3FD-D6E9-4FA3-89D1-40A1ACE2743F}

2013-07-01 05:15:33 -------- d-----w- C:\Users\user\AppData\Local\{9B56FD2E-35DC-49F4-BC24-E684FC81E97F}

.

==================== Find3M  ====================

.

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

.

============= FINISH: 16:51:32.95 ===============

Share this post


Link to post
Share on other sites

I need to see the log from RogueKiller....MrC

Share this post


Link to post
Share on other sites
RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Scan -- Date : 07/29/2013 17:34:59

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKUS\.DEFAULT\[...]\Run : SearchProtect (C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-18\[...]\Run : SearchProtect (C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Search Protection (C:\ProgramData\Search Protection\SearchProtection.exe [x][x]) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD5000AAKS-00V2B0 ATA Device +++++

--- User ---

[MBR] 163e7a597f66b7ae822b08b366bea829

[bSP] ffbdac7dce006f57e6e88d3eec11684b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_07292013_173459.txt >>

Share this post


Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Share this post


Link to post
Share on other sites
# AdwCleaner v2.306 - Logfile created 07/30/2013 at 17:44:37

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : user - USER-PC

# Boot Mode : Normal

# Running from : C:\Users\user\Downloads\adwcleaner (1).exe

# Option [search]

 

 

***** [services] *****

 

Found : Yontoo Desktop Updater

 

***** [Files / Folders] *****

 

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml

File Found : C:\user.js



Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\BabylonToolbar

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\Program Files (x86)\Complitly

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\DVDVideoSoftTB

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Found : C:\Program Files (x86)\PricePeep

Folder Found : C:\Program Files (x86)\Protected Search

Folder Found : C:\Program Files (x86)\Red Sky

Folder Found : C:\Program Files (x86)\SearchProtect

Folder Found : C:\Program Files (x86)\vShare

Folder Found : C:\Program Files (x86)\WhiteSmoke_US

Folder Found : C:\Program Files (x86)\Yontoo

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\AVG Security Toolbar

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango

Folder Found : C:\ProgramData\Premium

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

 

***** [Registry] *****

 

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\AVG Security Toolbar

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Complitly

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\ExpressFiles

Key Found : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Key Found : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Found : HKCU\Software\SearchProtect

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\StartSearch

Key Found : HKCU\Software\vShare

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BabylonToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr

Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3106250

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol

Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1

Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj

Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers

Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\ExpressFiles

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\SearchProtect

Key Found : HKLM\Software\SimplyGen

Key Found : HKLM\Software\WhiteSmoke_US

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{244FC78A-3D2B-4FBE-9246-13E19A4476E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA75DAE5-8941-41B6-B20B-A2EB4661C04D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Found : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Tarma Installer

Key Found : HKU\S-1-5-21-4053183089-454597257-3080593186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKU\S-1-5-21-4053183089-454597257-3080593186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-4053183089-454597257-3080593186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKU\S-1-5-21-4053183089-454597257-3080593186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Found : HKU\S-1-5-21-4053183089-454597257-3080593186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKU\S-1-5-21-4053183089-454597257-3080593186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-4053183089-454597257-3080593186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 













 

-\\ Mozilla Firefox v [unable to get version]

 

-\\ Google Chrome v28.0.1500.72

 

*************************

 

AdwCleaner[R1].txt - [32627 octets] - [30/07/2013 17:44:37]

 

########## EOF - C:\AdwCleaner[R1].txt - [32688 octets] ##########

Share this post


Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC

Share this post


Link to post
Share on other sites
# AdwCleaner v2.306 - Logfile created 07/31/2013 at 16:57:14

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : user - USER-PC

# Boot Mode : Normal

# Running from : C:\Users\user\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : Yontoo Desktop Updater

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml

File Deleted : C:\user.js

File Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

File Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\BabylonToolbar

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Complitly

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB

Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Deleted : C:\Program Files (x86)\PricePeep

Folder Deleted : C:\Program Files (x86)\Protected Search

Folder Deleted : C:\Program Files (x86)\Red Sky

Folder Deleted : C:\Program Files (x86)\SearchProtect

Folder Deleted : C:\Program Files (x86)\vShare

Folder Deleted : C:\Program Files (x86)\WhiteSmoke_US

Folder Deleted : C:\Program Files (x86)\Yontoo

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\ExpressFiles

Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\vShare

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr

Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106250

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol

Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1

Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers

Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\ExpressFiles

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\SimplyGen

Key Deleted : HKLM\Software\WhiteSmoke_US

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{244FC78A-3D2B-4FBE-9246-13E19A4476E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA75DAE5-8941-41B6-B20B-A2EB4661C04D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 













 

-\\ Mozilla Firefox v [unable to get version]

 

-\\ Google Chrome v28.0.1500.72

 

*************************

 

AdwCleaner[R1].txt - [32618 octets] - [30/07/2013 17:44:37]

AdwCleaner[R2].txt - [32675 octets] - [31/07/2013 16:55:44]

AdwCleaner[s1].txt - [32493 octets] - [31/07/2013 16:57:14]

 

########## EOF - C:\AdwCleaner[s1].txt - [32554 octets] ##########

Share this post


Link to post
Share on other sites

Hello MrCharlie,

 

First of all, thank you very much for your ongoing help which I appreciate immensely. I ran the "Junkware Removal Tool" and it came up with a message telling me that I may have to manually add information back to the registry. I hit "okay to that". It took about 30 min to do the search. I could see that the software was searching through numerous folders inside the dos window, and then it appeared as if it was starting to report the findings. It reported about 20 lines and then froze. The only thing active inside the dos window was a flashing cursor. I could not close the program and waited 2 hours. So I had to give the comp a hardboot so my friend could use his computer tonight. Unfortunately, the securedsearch2.lavasoft.com window came up when he went to open up his google chrome. This is as much as I can tell you.

 

Thank you

TRex

Share this post


Link to post
Share on other sites

OK, please do this:

Looks Good.....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.01.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

user :: USER-PC [administrator]

 

Protection: Enabled

 

8/1/2013 4:05:43 PM

mbam-log-2013-08-01 (16-05-43).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216210

Time elapsed: 4 minute(s), 10 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Share this post


Link to post
Share on other sites

MrCharlie Hello,

 

A funny thing really. After running the Malaware program I posted the report promptly in my previous report. I clicked on Google Chrome and the securedsearch2.lavasoft.com window popped up in addition to the Google Chrome homepage. I thought I would try internet explorer and the securedsearch2.lavasoft.com window did not pop up, as previously to the cleansing this was the case.

 I ran  Google Chrome again, ran task master and lavasoft was running in the applications window. I uninstalled Google Chrome completely and reinstalled it. I ran it and there was no trace of the securesearch2 window. :) I ran avg and there were no virus's found. Judging from the reports from your recommended antivirus programs, it appears that my friends computer was severely infected. A huge thankyou for that MrCharlie. It seems to me that some remnants of Lavasoft may have remained undetected and still attached to Google Chrome. I'm not entirely sure? What do you think.

 

Trex

Share this post


Link to post
Share on other sites

If it's OK......Good.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get "Unsupported operating system. Aborting now", just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

Share this post


Link to post
Share on other sites

Hi MrCharlie,

 

Sorry for the delay in my reply. I haven't had a computer for most of last week. My friend will be home from holidays soon,

I will run the "security check" program and post my findings asap.

 

Thank you

 

TRex

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.