Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93097 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

MalwareBytes removed a serious threat but Win 7 machine crippled

MalwareBytes Windows 7 64bit black desktop only mouse move

  • This topic is locked This topic is locked
71 replies to this topic

#1 Safe

Safe

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 06 March 2018 - 08:53 AM

[Windows 7 64b Ultimate on Dell T7500]

 

I ran MalwareBytes (machine became very SLOW) and found 627 PUPs.  One of them  was flagged as serious malware  I only choose this PUP marked serious and told MalwareBytes to quarantine it.  MalwareBytes said restart of machine necessary to complete job.  I rebooted.

 

And, after that on restart Windows "desktop" came back but it is totally black.  Mouse moves around screens.  Did restart a second time.  Same thing.  So, I restarted in Safe Mode.  Same thing.  Mouse moves.  Black desktop.

 

So, John_C told me to do F8 "Use last known good configuration".  I did this and now have my machine "usable" again.

 

But, now, I have a program called ByteFence (which I did not consciously install) telling me to run scan and fix computer.

 

So, I am worried  that I have a crippled machine with malware that has to be removed

 

What reliable software can I use to fix my machine?  


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 06 March 2018 - 05:30 PM

Hello Safe and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

 

Logs to include with next post:

AdwCleaner log
RKreport.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 Safe

Safe

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 08 March 2018 - 09:56 AM

Thanks Satchfan for your help.  I ran both as Administrator.  Results of Adware are attached --- both image and txt file.  For Rogue Killer I am confused there are two programs RKILL.exe and RougeKiller.exe.  RougeKiller.exe was a paid program so I think you meant RKILL which I ran but could not fine the RKreport.TXT.  I did capture the screens and have attached them as images (4 screens).  The Adware is currently at the paused stage asking me whether I can to take action; screen attached.

 

I will await your instructions.

 

But, wait, I do not see any option to add text or images to this post.  How do I get them to you?



#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 08 March 2018 - 10:10 AM

I am confused there are two programs RKILL.exe and RougeKiller.exe.  RougeKiller.exe was a paid program

RogueKiller is not a programme that you have to pay for - it is free and the link I provided would have taken you to the free download page, not rKill which is a totally different programme.

 

With regard to the AdwCleaner log, open it, then copy, (Ctrl+c), and paste it in your reply, (Ctrl+v).

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 Safe

Safe

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 08 March 2018 - 06:22 PM

OK, thanks.  yes, I used Rouge Killer not RKIL.  I am pasting the AdwCleaner log into this.  But where is the log from Rogue Killer?  I will try tp paste the images into this reply also.

# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 14:44:18 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-07.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Optional.ByteFence, ByteFenceService
PUP.Optional.WinZipRegistryOptimizer, WinZip Smart Monitor Service
PUP.Adware.Heuristic, vToolbarUpdater17.1.2
 
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\Morgan Pierce Parker\YTDownloader
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
PUP.Optional.Legacy, C:\ProgramData\SuperEasy Software
PUP.Optional.Legacy, C:\ProgramData\Application Data\SuperEasy Software
PUP.Optional.Legacy, C:\Program Files (x86)\SuperEasy Software
PUP.Optional.Legacy, C:\Users\All Users\SuperEasy Software
PUP.Optional.Legacy, C:\Users\Morgan Pierce Parker\AppData\Roaming\SuperEasy Software
PUP.Optional.Legacy, C:\ProgramData\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Program Files (x86)\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Users\All Users\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Program Files (x86)\DriverGuide Toolkit
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word Converter
PUP.Optional.Legacy, C:\Users\Morgan Pierce Parker\AppData\Roaming\PDF to Word Converter
PUP.Optional.Legacy, C:\Program Files\Earth Networks
PUP.Optional.Legacy, C:\Program Files\Live_TV
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\AVG Secure Search
PUP.Optional.Legacy, C:\Users\Acronis Agent User\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Users\Administrator\AppData\Roaming\AVG Secure Search
PUP.Optional.Legacy, C:\Users\ASPNET\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Users\Default\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Users\Default User\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Users\DefaultAppPool\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Users\LogMeInRemoteUser.M764-131-DQ320F\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Users\LogMeInRemoteUser.M764-140-DQ64G3\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Users\Morgan Pierce Parker\AppData\Roaming\AVG Secure Search
PUP.Optional.Legacy, C:\Users\NewAdmin\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Users\_ocster_1clk_backup_\AppData\Local\AVG Secure Search
PUP.Optional.Legacy, C:\Program Files (x86)\Brand Affinity Technologies
PUP.Optional.Legacy, C:\Program Files (x86)\SendSpace
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
PUP.Optional.Legacy, C:\Program Files (x86)\SmartTweak Software
PUP.Optional.Legacy, C:\Program Files (x86)\Video Converter
PUP.Optional.Legacy, C:\Users\Morgan Pierce Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater
PUP.Optional.Legacy, C:\ProgramData\WinZip\WinZip Driver Updater
PUP.Optional.Legacy, C:\ProgramData\Application Data\WinZip\WinZip Driver Updater
PUP.Optional.Legacy, C:\Users\All Users\WinZip\WinZip Driver Updater
PUP.Optional.Legacy, C:\Program Files\WinZip Smart Monitor
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
PUP.Optional.ByteFence, C:\Program Files\ByteFence
PUP.Optional.ByteFence, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
PUP.Optional.WinZipDriverUpdater, C:\Program Files\WinZip Driver Updater
PUP.Optional.RegCurePro, C:\Program Files (x86)\PARETOLOGIC
PUP.Optional.RegCurePro, C:\Program Files (x86)\Common Files\PARETOLOGIC
PUP.Optional.RegistryWinner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Winner
PUP.Optional.RegistryWinner, C:\Program Files (x86)\Registry Winner
PUP.Optional.2YourFace, C:\Program Files (x86)\2YourFace
PUP.Optional.AdvancedDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Driver Updater
PUP.Optional.AdvancedDriverUpdater, C:\Program Files (x86)\Advanced Driver Updater
PUP.Optional.SysTweak, C:\Users\Morgan Pierce Parker\AppData\Roaming\Systweak
PUP.Optional.oTweakRegistryCleaner, C:\Program Files\RegClean
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Application Data\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Program Files (x86)\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Windows\SysNative\Tasks\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics
PUP.Optional.IoloSC, C:\Program Files (x86)\iolo\System Checkup
Trojan.StolenData, C:\Users\Morgan Pierce Parker\Documents\Unknown
PUP.Optional.DriverSupport, C:\ProgramData\UAB
PUP.Optional.SpeedyFixer, C:\Program Files (x86)\SpeedyFixer
PUP.Optional.SpeedyFixer, C:\Users\Morgan Pierce Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyFixer
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\Windows\System32\Main.dat
PUP.Optional.Legacy, C:\Windows\SysWOW64\Main.dat
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word Converter.lnk
PUP.Optional.Legacy, C:\Users\Morgan Pierce Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PDF to Word Converter.lnk
PUP.Optional.Legacy, C:\Users\Morgan Pierce Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Video Converter.lnk
PUP.Optional.DefaultTab, C:\Users\Morgan Pierce Parker\AppData\Roaming\Mozilla\Firefox\Profiles\dzygi7op.default\defaulttab.config
PUP.Optional.ByteFence, C:\Users\Morgan Pierce Parker\Desktop\ByteFence Anti-Malware.lnk
PUP.Optional.WinZipDriverUpdater, C:\Users\All Users\Desktop\WinZip Driver Updater.lnk
PUP.Optional.WinZipDriverUpdater, C:\Users\Public\Desktop\WinZip Driver Updater.lnk
PUP.Optional.AuslogicsBootSpeed, C:\Users\Morgan Pierce Parker\Desktop\Auslogics BoostSpeed 9.lnk
PUP.Optional.SpeedyFixer, C:\Users\Morgan Pierce Parker\Desktop\SpeedyFixer.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
PUP.Optional.ByteFence, ByteFence
PUP.Optional.Auslogics, Auslogics\BoostSpeed\Scan and Repair
PUP.Adware.Heuristic, Start WinZip Driver Updater for M764-140-DQ64G3@Morgan Pierce Parker(logon)
PUP.Adware.Heuristic, Start WinZip Driver Updater Schedule
PUP.Adware.Heuristic, Start WinZip Driver Updater Update
 
 
***** [ Registry ] *****
 
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-CBF4ABB4456D}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\AppID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\AppID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-863B4A40A1A1}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\APPID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\TYPELIB\{F2C6F7D1-ED32-49E5-9919-00DB857103B2}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\INTERFACE\{6855F0CE-00B1-483F-8633-33B650EE4310}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\search.yahoo.com\?type=407453&fr=spigot-yhp-ie]
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Define Ext
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Define Ext
PUP.Optional.Legacy, [Key] - HKCU\Software\Define Ext
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SuperEasy Software
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\SuperEasy Software
PUP.Optional.Legacy, [Key] - HKCU\Software\SuperEasy Software
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKCU\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Winner_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\W3I
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\AVG Secure Search
PUP.Optional.Legacy, [Key] - HKCU\Software\AVG Secure Search
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Security Toolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Bitberry
PUP.Optional.Legacy, [Key] - HKCU\Software\Bitberry
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\IMGUPDATER
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MGShareware
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\ParetoLogic
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\ParetoLogic
PUP.Optional.Legacy, [Key] - HKCU\Software\ParetoLogic
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Cleaners
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\PCCleaners
PUP.Optional.Legacy, [Key] - HKCU\Software\PCCleaners
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Earth Networks
PUP.Optional.Legacy, [Key] - HKCU\Software\Earth Networks
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\express
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {25A3A431-30BB-47C8-AD6A-E1063801134F}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {58124A0B-DC32-4180-9BFF-E0E21AE34026}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{69E0089F-28BC-4BB5-862B-E2B07C3B83C6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks | {84FF7BD6-B47F-46F8-9130-01B2696B36CB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E57992E78D3ECB52A43797B178A03CC
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B417119DEEF2AE52B41C910B4B269FA
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\216F88E93A00F2B5494EDDCFD502D42E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82306010F2A8A02519C2D6D1A4B48415
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9A2A2663AD8ED75E83332ACA3689A31
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5A3D970028CA2A5C9EFA01AAB3969F7
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\526AB318AF0B8D84B9579557C9882C91
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF767AE36C8829547ACD71A4249A42B9
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDCBFFB76F9A2B15D9A475A10FA793A6
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\TR.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@avg.com\AVG SiteSafety plugin,version=11.0.0.1,application\x-avg-sitesafety-plugin
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
PUP.Optional.DefaultTab, [Key] - HKU\.DEFAULT\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-18\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Default Tab
PUP.Optional.DefaultTab, [Key] - HKCU\Software\Default Tab
PUP.Optional.Uniblue, [Key] - HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\UniblueDriverScanner
PUP.Optional.Iminent, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Iminent
PUP.Optional.Iminent, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {977AE9CC-AF83-45E8-9E03-E2798216E2D5}
PUP.Optional.ByteFence, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
PUP.Optional.ByteFence, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\ByteFence
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.ByteFence, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ByteFence.exe
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.CrossRider, [Key] - HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager
PUP.Optional.CrossRider, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager
PUP.Optional.CrossRider, [Key] - HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager
PUP.Optional.Auslogics, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1
PUP.Optional.WinZipDriverUpdater, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Driver Updater
PUP.Optional.DriverRestore, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
Adware.AdPeak, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
PUP.Optional.2YourFace, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2YourFace
PUP.Optional.2YourFace, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\2YourFace
PUP.Optional.2YourFace, [Key] - HKCU\Software\2YourFace
PUP.Optional.MyDriverUpdater, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdateMyDrivers
PUP.Optional.SuperOptimizer, [Key] - HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SuperOptimizer, [Key] - HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SuperOptimizer, [Key] - HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SysTweak, [Key] - HKLM\SOFTWARE\systweak
PUP.Optional.SysTweak, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\systweak
PUP.Optional.SysTweak, [Key] - HKCU\Software\systweak
PUP.Optional.SysTweak, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Driver Updater_is1
PUP.Optional.TidyNetwork, [Key] - HKLM\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
PUP.Optional.TidyNetwork, [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
PUP.Optional.WinZipRegistryOptimizer, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKCU\Software\Auslogics
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP
PUP.Optional.WinZipSmartMonitor, [Key] - HKLM\SOFTWARE\Classes\AppID\{2CA75AD3-A844-4DF9-999D-CB82069C55C3}
PUP.Optional.WinZipSmartMonitor, [Key] - HKLM\SOFTWARE\Classes\AppID\WinZip Smart Monitor Service.exe
PUP.Optional.UTILILAB.SystemOPTIMIZER, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1
PUP.Optional.UTILILAB.SystemOPTIMIZER, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1
PUP.Optional.SpeedyFixer, [Key] - HKLM\SOFTWARE\SpeedyFixer
PUP.Optional.SpeedyFixer, [Key] - HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\SpeedyFixer
PUP.Optional.SpeedyFixer, [Key] - HKCU\Software\SpeedyFixer
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\TurboBrowser
 
 
***** [ Firefox (and derivatives) ] *****
 
PUP.Optional.InfoBirdPro, Plugin found: InfoBird Pro - www.infobirdpro.com
 
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
  
  But, the images do not past into this reply.


#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 09 March 2018 - 01:00 AM

Thanks for the AdwCleaner log and there was a lot found but you didn’t follow the instructions: that was only a scan and you didn’t ‘clean’ what was found.

  • run AdwCleaner again by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

The RogueKiller report can be obtained by opening the programme and clicking on the ‘Report’ button. The log should also be saved on the desktop as well.

Please post both.

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 Safe

Safe

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 09 March 2018 - 07:48 AM

My apologies Satchfan, I read do not delete anything from the rkil instructions into the Adware instructions.  I have since cleaned all the Adware.  I found the rkil log on the tesktop; the problem was that I was looking for RougeKiller.txt; sorry.  I can not reboot now as I am running processes that will not complete until tonight, but I will reboot tomorrow and attach that log to my next post.

 

Regarding running rkil.exe again:  there is no GUI as the program just opens a command window and displays log on the command screen.  I have captured that series of displays (4screens) and can send them if there is a way to send images to you.

 

So, I have attached the rkil.txt file below. run yesterday here:

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/07/2018 10:08:40 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * Schedule Stopped. [PUP/GEN]
 
1 service stopped!
 
Checking for processes to terminate:
 
 * C:\Users\Morgan Pierce Parker\AppData\Local\chromium\Application\chrome.exe (PID: 11964) [FI]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!
 
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\clipsrv.exe : 49,664 : 02/18/2007 07:00 AM : 74f11d0323666d9f615a2d3692590122 [NoSig]
 +-> C:\Windows\SysWOW64\clipsrv.exe : 32,256 : 02/18/2007 07:00 AM : e53196ba56081f154e2d7a9e50a1d33f [Pos Repl]
 
 * C:\Windows\System32\eventlog.dll : 130,560 : 02/18/2007 07:00 AM : 589b15b2b3254e2745cb205243eb8588 [NoSig]
 
 * C:\Windows\System32\msgsvc.dll : 57,344 : 02/18/2007 07:00 AM : 34ef8cbea95ef5108a1349fc22d87513 [NoSig]
 
 * C:\Windows\System32\mspmsnsv.dll : 5,120 : 10/18/2006 07:16 PM : beee2c812019d6d8e7e22f37e6f1f560 [NoSig]
 +-> C:\Windows\SysWOW64\mspmsnsv.dll : 25,088 : 02/18/2007 07:00 AM : 4d32f7bdbf325792ae28d5380ddf6bcf [Pos Repl]
 
 * C:\Windows\System32\oakley.dll : 394,240 : 10/08/2009 09:50 PM : cee381b44bef4aacffb4d59cd669cfb0 [NoSig]
 +-> C:\Windows\SysWOW64\oakley.dll : 352,256 : 10/08/2009 09:50 PM : 8f0ce983f620a4970f956b1f4ce024b7 [Pos Repl]
 
 * C:\Windows\System32\sfcfiles.dll : 2,323,968 : 02/18/2007 07:00 AM : 6aa02e6a7115deac6483fd1e332f32aa [NoSig]
 +-> C:\Windows\SysWOW64\sfcfiles.dll : 2,374,656 : 02/18/2007 07:00 AM : 67be14f048f09f0d197ac4d2459ad1ee [Pos Repl]
 
 * C:\Windows\System32\srsvc.dll : 231,424 : 02/18/2007 07:00 AM : 7b6da719973755bd091131e53ad6ec23 [NoSig]
 
 * C:\Windows\System32\wscntfy.exe : 19,968 : 02/18/2007 07:00 AM : a0acda19477519dd4dcfe8434e8e5ee0 [NoSig]
 
 * C:\Windows\System32\xmlprov.dll : 326,144 : 02/18/2007 07:00 AM : a1aba5a0b4f1ff9b83c50f92f8c080a2 [NoSig]
 +-> C:\Windows\SysWOW64\xmlprov.dll : 131,584 : 02/18/2007 07:00 AM : c5b83f9a09a3ebfe8a931472f6da4e38 [Pos Repl]
 
 * C:\Windows\System32\drivers\acpiec.sys : 18,432 : 02/18/2007 07:00 AM : a4d4f508bc6613442b0c32cde443e382 [NoSig]
 
 * C:\Windows\System32\drivers\aec.sys : 188,928 : 02/18/2007 07:00 AM : 92500bc3a6e241bbc357f532dd500a75 [NoSig]
 
 * C:\Windows\System32\drivers\arp1394.sys : 111,104 : 02/18/2007 07:00 AM : fda73c1ecd1ec4f366ff0ab85abf816d [NoSig]
 
 * C:\Windows\System32\drivers\audstub.sys : 5,632 : 03/24/2005 12:12 AM : 1437089f59dba75fee4ed959077a938e [NoSig]
 
 * C:\Windows\System32\drivers\bthport.sys : 320,512 : 05/21/2008 06:28 PM : e8bf3146263deb95ab29d2da6ecdd5b3 [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys : 552,960 : 07/06/2012 03:07 PM : 738d0e9272f59eb7a1449c3ec118e6c4 [Pos Repl]
 +-> C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\bthport.sys : 552,448 : 11/20/2010 10:23 PM : 0d25b6d300ba26a5f2c3b2a8e96b158b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\bthport.sys : 552,448 : 11/20/2010 10:23 PM : 0d25b6d300ba26a5f2c3b2a8e96b158b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_d0789c5ad225ef11\bthport.sys : 552,960 : 04/27/2011 10:55 PM : 64c198198501f7560ee41d8d1efa7952 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_d024215ad264fb95\bthport.sys : 552,960 : 07/06/2012 03:07 PM : 738d0e9272f59eb7a1449c3ec118e6c4 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_d0f668efeb4c9175\bthport.sys : 552,960 : 04/27/2011 10:40 PM : 9f88e8f37c7d432a2ecaf24ee4e4714f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8\bthport.sys : 552,960 : 07/06/2012 02:58 PM : f4199097323b13f0d4976fb410673177 [Pos Repl]
 
 * C:\Windows\System32\drivers\dmboot.sys : 415,232 : 02/18/2007 07:00 AM : 19d704c92c2e2bd4dc99db18a3523918 [NoSig]
 
 * C:\Windows\System32\drivers\dmio.sys : 244,224 : 02/18/2007 07:00 AM : b293ce1c9243219f6b9e5dbcaa75b962 [NoSig]
 
 * C:\Windows\System32\drivers\dmload.sys : 9,216 : 02/18/2007 07:00 AM : c294e31d6cb7407a43c96ec1fec1f8a4 [NoSig]
 
 * C:\Windows\System32\drivers\fips.sys : 50,176 : 02/18/2007 07:00 AM : 73ea9000f8fb2e060954eb7c3377a3c7 [NoSig]
 
 * C:\Windows\System32\drivers\ftdisk.sys : 240,128 : 02/18/2007 07:00 AM : e90aa7c073519dd8571670818cb85ccb [NoSig]
 
 * C:\Windows\System32\drivers\imapi.sys : 72,704 : 02/18/2007 07:00 AM : d2e541613b72ff9fcedf37b166930706 [NoSig]
 
 * C:\Windows\System32\drivers\ip6fw.sys : 57,856 : 02/18/2007 07:00 AM : 6601a43ee389d0adb11aaede9a98036b [NoSig]
 
 * C:\Windows\System32\drivers\ipsec.sys : 156,672 : 02/18/2007 07:00 AM : db841ec6f027c780002ef47aabfddf86 [NoSig]
 
 * C:\Windows\System32\drivers\kmixer.sys : 204,288 : 02/18/2007 07:00 AM : 1b280b3b4c10cc2e3ec3aec17eb6b658 [NoSig]
 
 * C:\Windows\System32\drivers\mf.sys : 94,208 : 02/18/2007 07:00 AM : d1363c913115154271b5477d92e62f1d [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_neutral_b263d46928b97a9b\mf.sys : 142,848 : 07/13/2009 06:31 PM : 8d0e52f36a153d099de7d5a1e233fac7 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_mf.inf_31bf3856ad364e35_6.1.7600.16385_none_1b2d6b17a6e2025d\mf.sys : 142,848 : 07/13/2009 06:31 PM : 8d0e52f36a153d099de7d5a1e233fac7 [Pos Repl]
 
 * C:\Windows\System32\drivers\mnmdd.sys : 8,192 : 02/18/2007 07:00 AM : ad6bc1efa0c1b53409947f06de87fc89 [NoSig]
 
 * C:\Windows\System32\drivers\msgpc.sys : 71,168 : 02/18/2007 07:00 AM : 865d4d0b4e3730ef8040000cfb846d9f [NoSig]
 
 * C:\Windows\System32\drivers\nic1394.sys : 92,160 : 02/18/2007 07:00 AM : dafc30299e872cd7ed3795ea0fa08f67 [NoSig]
 
 * C:\Windows\System32\drivers\nmnt.sys : 71,168 : 02/18/2007 07:00 AM : 031b70ad2da0e36ea6bb0c1d10d97019 [NoSig]
 
 * C:\Windows\System32\drivers\nwlnkipx.sys : 138,752 : 02/18/2007 07:00 AM : bc6bfd3e88d7d3913f2db62a0994c050 [NoSig]
 
 * C:\Windows\System32\drivers\nwlnknb.sys : 105,472 : 02/18/2007 07:00 AM : a706adae4d6a392c12bea329e10c293b [NoSig]
 
 * C:\Windows\System32\drivers\nwlnkspx.sys : 87,552 : 02/18/2007 07:00 AM : f19d0da8df883cdf3362d4c346b8afa4 [NoSig]
 
 * C:\Windows\System32\drivers\oprghdlr.sys : 6,656 : 02/18/2007 07:00 AM : a4c823a1321ff7d235819b3b0623dce0 [NoSig]
 
 * C:\Windows\System32\drivers\psched.sys : 106,496 : 02/18/2007 07:00 AM : 01aae06e543c0956ac247546a8f2dafe [NoSig]
 
 * C:\Windows\System32\drivers\ptilink.sys : 31,232 : 02/18/2007 07:00 AM : 35e39a969d227c2a56c1dc98361d8e35 [NoSig]
 
 * C:\Windows\System32\drivers\raspti.sys : 31,232 : 02/18/2007 07:00 AM : 701493f9a6ede759af8d3fa7c08bab3b [NoSig]
 
 * C:\Windows\System32\drivers\rawwan.sys : 59,904 : 02/18/2007 07:00 AM : 62a28e86ed6683725f69c6c7fb33462f [NoSig]
 
 * C:\Windows\System32\drivers\redbook.sys : 64,000 : 03/24/2005 12:24 AM : 1d793394201000d2d56e848c18fe9a62 [NoSig]
 
 * C:\Windows\System32\drivers\sdbus.sys : 119,296 : 02/18/2007 07:00 AM : 067a0f1da4895b8a07012bbdf0ae632d [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62\sdbus.sys : 109,056 : 11/20/2010 10:23 PM : 111e0ebc0ad79cb0fa014b907b231cf0 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.1.7601.17514_none_d008c232e0f69c1b\sdbus.sys : 109,056 : 11/20/2010 10:23 PM : 111e0ebc0ad79cb0fa014b907b231cf0 [Pos Repl]
 
 * C:\Windows\System32\drivers\sonydcam.sys : 39,680 : 02/18/2007 07:00 AM : 5b4af63a6be6be6a71e2cbe4c1d6c684 [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_neutral_4a983035eaabe2f4\sonydcam.sys : 33,792 : 07/13/2009 07:06 PM : b1ab5a5c3dd725fdd0600bcc46a2845e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_image.inf_31bf3856ad364e35_6.1.7600.16385_none_c079423a110e8ff9\sonydcam.sys : 33,792 : 07/13/2009 07:06 PM : b1ab5a5c3dd725fdd0600bcc46a2845e [Pos Repl]
 
 * C:\Windows\System32\drivers\splitter.sys : 10,240 : 02/17/2007 00:55 AM : 17ec29105989101db536c49e1279a0eb [NoSig]
 
 * C:\Windows\System32\drivers\sr.sys : 123,904 : 02/18/2007 07:00 AM : dae1d5553d42a06034001d6ef4f5cb36 [NoSig]
 
 * C:\Windows\System32\drivers\swmidi.sys : 86,528 : 02/18/2007 07:00 AM : 8e9e35b36a27ad154a5f92397cde343c [NoSig]
 
 * C:\Windows\System32\drivers\sysaudio.sys : 147,456 : 02/18/2007 07:00 AM : 2e843f129daf4c789df7acd40e26208f [NoSig]
 
 * C:\Windows\System32\drivers\tcpip6.sys : 394,112 : 02/12/2010 09:29 AM : 52ce5a6707c29df8662b6067c217b557 [NoSig]
 
 * C:\Windows\System32\drivers\update.sys : 152,576 : 05/29/2007 11:06 PM : 1446762923434d2a9c315325cf4770c8 [NoSig]
 
 * C:\Windows\System32\drivers\wdmaud.sys : 187,904 : 02/18/2007 07:00 AM : daff7e89c84079022b9606f83e1bd29a [NoSig]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 03/07/2018 10:28:09 PM
Execution time: 0 hours(s), 19 minute(s), and 28 seconds(s)


#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 09 March 2018 - 08:27 AM

I don't know why you keep mentioning rKill. I did not ask you to do anything with that program and If you look at the instructions here, you'll see that it is RogueKiller and the, (red), link in those instructions will take you directly to the download.

 

Please post both logs after you have rebooted and the AdwCleaner log has been produced.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 Safe

Safe

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 09 March 2018 - 10:16 AM

Howdy Satchfan,

 

I am feeling a little dumb here as, first off, I did not do the clean for Adware Cleaner as you suggested.

 

But, I have now done it and rebooted (it just ended wtih no instructions), but, now, I can not find any further Adware log; I searched Desktop for any *.txt files.

 

Secondly, at first I tried Rouge Killer, but it wanted a license number.  I went to get one, but then I remember you saying it is free.  So, then I figured I must have the wrong program and used RKill instead.  Sorry.

 

So, now I do not know what to do.  I appreciate your kindness.  And, I will do better.  Please help.  Thanks in advance.



#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 09 March 2018 - 11:42 AM

The AdwCleaner.txt should have opened after your computer rebooted.

 

Please run another 'scan'only and post the new log.

 

Regarding Rogue Killer, it is not your fault that you are confused as there is a step in the setup process where it asks for a license number. You can ignore that step and just click on Next.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 Safe

Safe

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 09 March 2018 - 09:36 PM

OK, Satchfan, I've run RoughKiller and here are the results:

RogueKiller V12.12.7.0 (x64) [Mar  5 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Morgan Pierce Parker [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/09/2018 13:21:58 (Duration : 06:25:53)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 25 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe) -> Found
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ByteFence -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SuperEasy Software -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\AutorunsDisabled | {25A3A431-30BB-47C8-AD6A-E1063801134F} :   -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{047E6F90-FFFB-43B3-8B31-820B734306B1} | NameServer : 167.206.254.1,167.206.254.2 ([United States][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{047E6F90-FFFB-43B3-8B31-820B734306B1} | NameServer : 167.206.254.1,167.206.254.2 ([United States][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{047E6F90-FFFB-43B3-8B31-820B734306B1} | NameServer : 167.206.254.1,167.206.254.2 ([United States][-])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[PUP.Gen0] %WINDIR%\Tasks\FreeFixer background scan.job -- C:\Program Files\FreeFixer\freefixer.exe (-bgscan) -> Found
 
¤¤¤ Files : 13 ¤¤¤
[PUP.AutoIt.Gen][File] C:\ComIntRepair\CIntRep_x64.exe -> Found
[PUP.Gen1][Folder] C:\ProgramData\simplitec -> Found
[Hidden.ADS][Stream] C:\Users\Morgan Pierce Parker\AppData\Roaming:iSpring Converter 6 -> Found
[Hidden.ADS][Stream] C:\Users\Morgan Pierce Parker\AppData\Roaming:iSpring Presenter 5 -> Found
[Hidden.ADS][Stream] C:\ProgramData:iSpring Converter 6 -> Found
[Hidden.ADS][Stream] C:\ProgramData:iSpring Presenter 5 -> Found
[PUP.AutoIt.Gen][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager? 14 Professional\Retention Wizard.lnk [LNK@] C:\PROGRA~1\PARAGO~1\HARDDI~1\program\RETENT~1.EXE -> Found
[PUP.Gen1][Folder] C:\ProgramData\simplitec -> Found
[PUP.Ghokswa][Folder] C:\Program Files\FireFox -> Found
[PUP.AutoIt.Gen][File] C:\Program Files\Paragon Software\Hard Disk Manager 14 Professional\program\Retention.exe -> Found
[PUP.Gen3][File] C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml -> Found
[PUP.Gen3][File] C:\Program Files (x86)\mozilla firefox\defaults\pref\all-iminent.js -> Found
[PUP.Gen0][Folder] C:\Program Files (x86)\system -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[PUM.HomePage][Firefox:Config] dzygi7op.default : user_pref("browser.startup.homepage", "moz-extension://e7d6542d-2267-4cbe-bd03-54fcd30695a4/newtab/newtab.html"); -> Found
[PUM.NewTab][Firefox:Config] dzygi7op.default : user_pref("browser.newtab.url", "http://services.fres...B57D4599}&i=");-> Found
[PUM.SearchEngine][Firefox:Config] dzygi7op.default : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 42e5f4e1f2a9d8f137f4314f0b92632b
[BSP] eb3cfbfdff15e23126ca45bfd9d213e2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907483 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 591e1740a76691c7e98fd4b3e493c9a8
[BSP] 79e83e18c17ba36a6edec33244e75a95 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Satchfan, I will now run Adware again.


#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 March 2018 - 03:17 AM

If you haven’t yet run AdwCleaner, please leave it for now and just do the following:

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7/8//10: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • when the scan is finished press Remove Selected and post the log it produces.

Please then run it again and send the new log

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 Safe

Safe

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 10 March 2018 - 08:37 AM

Hi Satchfan,

 

The last execution of Rouge Killer (my last post) which I ran as administrator is still open so I press remove selected on that GUI. and it is running.  I will post the log whenit com[pletes.

In the meantime, overnight, I ran Adware and here are the results from that:

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 10 04:10:18 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-08.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\INTERFACE\{6855F0CE-00B1-483F-8633-33B650EE4310}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SuperEasy Software
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\ByteFence
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
 
 
***** [ Firefox (and derivatives) ] *****
 
PUP.Optional.InfoBirdPro, Plugin found: InfoBird Pro - www.infobirdpro.com
 
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [40784 B] - [2018/3/8 14:44:18]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########


#14 Safe

Safe

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 10 March 2018 - 08:48 AM

Hi - I pressed  removed selected on the Rouge Killer that was open (mentioned in last post).

And, here, are the results (and right after this posting, I will run the scan again and post those when completed.:

RogueKiller V12.12.7.0 (x64) [Mar  5 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Morgan Pierce Parker [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/09/2018 13:21:58 (Duration : 06:25:53)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 25 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe) -> Not selected
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ByteFence -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SuperEasy Software -> Not selected
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\AutorunsDisabled | {25A3A431-30BB-47C8-AD6A-E1063801134F} :   -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{047E6F90-FFFB-43B3-8B31-820B734306B1} | NameServer : 167.206.254.1,167.206.254.2 ([United States][-])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{047E6F90-FFFB-43B3-8B31-820B734306B1} | NameServer : 167.206.254.1,167.206.254.2 ([United States][-])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{047E6F90-FFFB-43B3-8B31-820B734306B1} | NameServer : 167.206.254.1,167.206.254.2 ([United States][-])  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Not selected
 
¤¤¤ Tasks : 1 ¤¤¤
[PUP.Gen0] %WINDIR%\Tasks\FreeFixer background scan.job -- C:\Program Files\FreeFixer\freefixer.exe (-bgscan) -> Not selected
 
¤¤¤ Files : 13 ¤¤¤
[PUP.AutoIt.Gen][File] C:\ComIntRepair\CIntRep_x64.exe -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec -> Deleted
[Hidden.ADS][Stream] C:\Users\Morgan Pierce Parker\AppData\Roaming:iSpring Converter 6 -> Deleted
[Hidden.ADS][Stream] C:\Users\Morgan Pierce Parker\AppData\Roaming:iSpring Presenter 5 -> Deleted
[Hidden.ADS][Stream] C:\ProgramData:iSpring Converter 6 -> Deleted
[Hidden.ADS][Stream] C:\ProgramData:iSpring Presenter 5 -> Deleted
[PUP.AutoIt.Gen][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager? 14 Professional\Retention Wizard.lnk [LNK@] C:\PROGRA~1\PARAGO~1\HARDDI~1\program\RETENT~1.EXE -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec -> ERROR [3]
[PUP.Ghokswa][Folder] C:\Program Files\FireFox -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\.autoreg -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\browserconfig.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\browser.jar -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\chrome.rdf -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\classic.jar -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\comm.jar -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\en-US.jar -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\help.jar -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\inspector.jar -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\installed-chrome.txt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\overlayinfo\browser\content\overlays.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\browser\content -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\browser -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\overlayinfo\communicator\content\overlays.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\communicator\content -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\communicator -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\overlayinfo\inspector\content\overlays.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\inspector\content -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\inspector -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\overlayinfo\messenger\content\overlays.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\messenger\content -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\messenger -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\overlayinfo\navigator\content\overlays.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\navigator\content -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo\navigator -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome\overlayinfo -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\pipnss.jar -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\pippki.jar -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\chrome\toolkit.jar -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\chrome -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\BrandRes.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\browser.xpt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\fullsoft.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\inspector-cmdline.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\inspector.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\inspector.xpt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\jar50.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\jsconsole-clhandler.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\jsd3250.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\master.ini -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsCloseAllWindows.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsDictionary.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsExtensionManager.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsHelperAppDlg.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsIQTScriptablePlugin.xpt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsProxyAutoConfig.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsSetDefaultBrowser.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsSidebar.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsUpdateService.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\nsXmlRpcClient.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\qfaservices.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\qfaservices.xpt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\talkback-l10n.ini -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\talkback.cnt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\talkback.exe -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\talkback.hlp -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components\xpinstal.dll -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\components -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\components.ini -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\autoconfig\platform.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\autoconfig\prefcalls.js -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\defaults\autoconfig -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\pref\firefox-l10n.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\pref\firefox.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\pref\inspector.js -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\defaults\pref -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\bookmarks.html -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\chrome\userChrome-example.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\chrome\userContent-example.css -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\defaults\profile\chrome -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\extensions\Extensions.rdf -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\extensions\installed-extensions.txt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\defaults\profile\extensions -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\localstore.rdf -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\mimeTypes.rdf -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\prefs.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\profile\search.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\defaults\profile -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\shortcuts\Mozilla Firefox (Safe Mode).lnk [LNK@] C:\PROGRA~1\FireFox\firefox.exe -safe-mode -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults\shortcuts\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\FireFox\firefox.exe -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\defaults\shortcuts -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\defaults -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\defaults.ini -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\extensions\Extensions.rdf -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\extensions\installed-extensions-processed.txt -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\chrome -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\extensions -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\firefox.exe -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\greprefs\all.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\greprefs\security-prefs.js -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\greprefs\xpinstall.js -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\greprefs -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\install.log -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\install_status.log -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\install_wizard.log -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\js3250.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\LICENSE -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\nspr4.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\nss3.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\nssckbi.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plc4.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plds4.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\flashplayer.xpt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\GetFlash.exe -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\GetFlash.exe.manifest -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\npnul32.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\npqtplugin.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\npqtplugin2.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\npqtplugin3.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\npqtplugin4.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\npqtplugin5.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\npqtplugin6.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\npqtplugin7.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\NPSWF32.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\nsIQTScriptablePlugin.xpt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\plugins\QuickTimePlugin.class -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\plugins -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\README.txt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\arrow.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\arrowd.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\broken-image.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\builtin\platformHTMLBindings.xml -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\res\builtin -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\charsetalias.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\charsetData.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\cmessage.txt -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\dtd\mathml.dtd -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\dtd\xhtml11.dtd -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\res\dtd -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\EditorOverride.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\entityTables\html40Latin1.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\entityTables\html40Special.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\entityTables\html40Symbols.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\entityTables\htmlEntityVersions.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\entityTables\mathml20.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\entityTables\transliterate.properties -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\res\entityTables -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\fontEncoding.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfont.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfontCMEX10.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfontCMSY10.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfontMath1.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfontMath2.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfontMath4.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfontMTExtra.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfontPUA.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\fonts\mathfontSymbol.properties -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\res\fonts -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\forms.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\grabber.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\hiddenWindow.html -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-audio.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-binary.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-find.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-image.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-menu.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-movie.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-sound.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-telnet.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-text.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html\gopher-unknown.gif -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\res\html -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\html.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\inspector\search-registry.rdf -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\inspector\viewer-registry.rdf -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\res\inspector -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\langGroups.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\language.properties -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\loading-image.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\mathml.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\platform-forms.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\quirk.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-column-after-active.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-column-after-hover.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-column-after.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-column-before-active.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-column-before-hover.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-column-before.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-row-after-active.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-row-after-hover.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-row-after.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-row-before-active.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-row-before-hover.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-add-row-before.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-remove-column-active.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-remove-column-hover.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-remove-column.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-remove-row-active.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-remove-row-hover.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\table-remove-row.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\ua.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\viewsource.css -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\res\wincharset.properties -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\res -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\amazondotcom.png -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\amazondotcom.src -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\creativecommons.png -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\creativecommons.src -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\dictionary.png -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\dictionary.src -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\eBay.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\eBay.src -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\google.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\google.src -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\yahoo.gif -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\searchplugins\yahoo.src -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\searchplugins -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\smime3.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\softokn3.chk -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\softokn3.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\ssl3.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\uninstall\install_wizard1.log -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\uninstall\install_wizard2.log -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\uninstall\install_wizard3.log -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\uninstall\install_wizard4.log -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\uninstall\install_wizard5.log -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\uninstall\UninstallFirefox.exe -> Deleted
[PUP.Ghokswa][Folder] C:\Program Files\FireFox\uninstall -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\xpcom.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\xpcom_compat.dll -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\xpicleanup.exe -> Deleted
[PUP.Ghokswa][File] C:\Program Files\FireFox\xpistub.dll -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files\Paragon Software\Hard Disk Manager 14 Professional\program\Retention.exe -> Deleted
[PUP.Gen3][File] C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml -> Deleted
[PUP.Gen3][File] C:\Program Files (x86)\mozilla firefox\defaults\pref\all-iminent.js -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\system -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\system\ado -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\system\msadc -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\system\ole db -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[PUM.HomePage][Firefox:Config] dzygi7op.default : user_pref("browser.startup.homepage", "moz-extension://e7d6542d-2267-4cbe-bd03-54fcd30695a4/newtab/newtab.html"); -> Not selected
[PUM.NewTab][Firefox:Config] dzygi7op.default : user_pref("browser.newtab.url", "http://services.fres...B57D4599}&i=");-> Not selected
[PUM.SearchEngine][Firefox:Config] dzygi7op.default : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Not selected
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 42e5f4e1f2a9d8f137f4314f0b92632b
[BSP] eb3cfbfdff15e23126ca45bfd9d213e2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907483 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 591e1740a76691c7e98fd4b3e493c9a8
[BSP] 79e83e18c17ba36a6edec33244e75a95 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#15 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 March 2018 - 09:25 AM

That's better but there are still some that need to be removed. Before we run the 'fixes' again, can you tell me if you live in the United States.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users